Biden Inauguration: Defending Against CyberthreatsExperts Warn of an Elevated Risk of Attack From Domestic, Foreign Actors
As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.
See Also: Threat Briefing: Ransomware
"I expect there is some elevated risk of a cybersecurity attack, especially from those who want to demonstrate the country is in chaos and to undermine democracy," says Phil Reitinger, a former director of the National Cyber Security Center who’s now president and CEO of the Global Cyber Alliance.
Security experts say potential risks could include attacks on critical infrastructure tied to the inauguration and threat actors using the event as a distraction that enables a major attack elsewhere in the U.S. The inaugural also could trigger the spread of disinformation.
Although cyberthreats could be posed by nation-states as well as domestic groups, the latter should be the primary concern in light of the Jan. 6 Capitol riot, says Adam Isles, former deputy chief of staff at the Department of Homeland Security. He’s now head of the cyber practice at the security advisory firm The Chertoff Group.
Boots on the Ground
Federal agencies have not detailed their defensive cybersecurity plans around the Inauguration, but so far on the ground, the defensive preparations are impressive.
An estimated 26,000 National Guard troops from across the country are being pulled into Washington to buttress the 10,000 law enforcement officers expected to be on duty that day, according to the Associated Press.
The Department of Homeland Security has designated Inauguration Day as a "national special security event," which allows ramping up event security and incident management.
Security is also being bolstered at state Capitols and other government sites in light of threats, USAToday reports.
Some security experts say a wide variety of cyberattacks could emerge in connection with the inauguration.
“National news outlets, government sites and the White House website all could potentially fall victim to DDoS, phishing or ransomware attacks," says Ara Aslanian, CEO of the cybersecurity risk assessment firm Inverselogic who’s overseen security at large events, including the Rose Bowl game.
More direct attacks against the event itself are also possible, with law enforcement tools such as security cameras and other monitoring devices being susceptible, he adds.
Just days before Donald Trump's inauguration in 2016, a Romanian citizen was arrested for taking over several CCTV cameras in Washington.
Reports of vulnerabilities in IoT devices, such as cameras, having been issued for years lend credence to Alsanian's concerns. For example, in December 2020 it was reported that millions of consumer and enterprise IoT devices have software flaws in their TCP/IP stacks that could result in remote code execution, denial of service or a complete takeover of a device.
Frank Downs, a former U.S. National Security Agency offensive threat analyst, describes other potential cyberthreats. "A supervisory control and data acquisition – SCADA - or industrial control system - ICS - attack against any part of the DC municipal networks - such as the power network or the transportation grid - could create significant hurdles to the inauguration," says Downs, who’s a director at the security firm BlueVoyant.
An insider act by a federal worker poses a particularly dangerous threat, Isles says, since such an actor would likely already have the privileges needed to access systems negating the need for sophisticated malware. Having a person on the inside would be very useful as most homegrown militias at this time do not have the highly polished cyber skills necessary to conduct such an attack.
Domestic groups, however, are beefing up their cyber capabilities with some people from the anti-government group the Oath Keepers being spotted at the DefCon cybersecurity conference and others are known to be recruiting from the military, Isles notes.
A nation-state actor might launch a cyberattack elsewhere in the U.S. while attention is focused on the inauguration, Isles adds.
But Reitinger says fraudsters’ activities also should be a major cause for concern.
"As with other events, I'm more worried about cyber activity directed toward people, including greater efforts at disinformation and to phish people at their most vulnerable," Reitinger says.
Even though this inaugural will have a much smaller crowd than previous swearing-in ceremonies, threat actors still may attempt to gather data from mobile devices of those on hand, Downs says.
"A significant amount of metadata will be available for the taking from the emitters in the phones and other devices,” he says. Malicious actors could potentially use that information to build “pattern-of-life” dossiers that could then be used for future attacks.