The US is unprepared for attacks on critical infrastructure: RAND simulation

Like Cyber Polygon, RAND’s ‘Inverted Rook’ wargame warns of catastrophic cyber attacks leading to societal breakdown: perspective

The United States is unprepared for attacks on critical infrastructure, according to a wargame simulated by the RAND Corporation.

Prepared for the head of the US spy community — the Office of the Director of National Intelligence (ODNI) — the RAND report, “Defending the United States Against Critical Infrastructure Attacks: Exploring a Hypothetical Campaign of Cascading Impacts” details a wargame from earlier this year called “Inverted Rook,” which simulated multiple attacks on critical infrastructure.

The authors note that although this scenario is a hypothetical use case of a future adversarial campaign, it is based on real-world examples that have targeted “communications, financial services, health care, municipal services, energy, transportation, and water.”

“The US government and other critical infrastructure stakeholders are not postured to successfully address multiple simultaneous attacks on US critical infrastructure”

RAND, Inverted Rook, June 2024

In this fictional scenario, the motivation behind the simulated attacks was to interrupt US involvement in a conflict overseas by creating havoc, chaos, and mayhem on American soil through a combination of physical and cyber attacks on critical infrastructure.

These include:

• Physical attacks on electrical substations
• Ransomware attacks on government services
• Malware attacks on power grids
• Disruptions in transportation
• Hackers remotely poisoning water treatment facilities
• Cyber attacks on Wall Street

“Because of the interconnected nature of critical infrastructure systems, it is probable that damage to one system will adversely affect another”

RAND, Inverted Rook, June 2024

The ripple effect from each attack, either simultaneously, or one after another would lead to:

• Government services being shut down
• Power outages affecting hospitals, transportation, refrigeration, heating, etc.
• Sickness and death from poisoned water, hypothermia, exposure, civil unrest, etc.
• Financial services being disrupted
• Splitting factions between those blaming domestic extremists, foreign adversaries, and their own government
• The inability of government to go after foreign adversaries in order to deal with all the domestic chaos

According to RAND, “The adversary uses a variety of tactics to create an atmosphere of mistrust in government, sow tensions among the general populace, saturate the news media, and totally consume the target state’s political bandwidth to reach its ultimate goal of preventing, delaying, or constraining the US response to the adversary’s actions abroad.”

Additionally, “Attacks intended to forestall a US response to aggression overseas could create fear among the general public, undermine social cohesion, and paralyze political decision making structures.”

“Critical infrastructure protection is a whole-of-nation challenge for which the United States is unprepared”

RAND, Inverted Rook, June 2024

At the end of the exercise, the authors concluded that the US government and other critical infrastructure “stakeholders” were not prepared for these types of attacks that “would rapidly stress national defense resources, creating acute tensions in resource management for which policymakers would have to prioritize, sequence, and deconflict many lines of effort.”

So, what are the some of the solutions they propose?

According to RAND:

• Federal and SLTT [state, local, tribal and territorial] governments and private-sector critical infrastructure stakeholders should work together to plan, resource, train, and exercise their detection and response capabilities, including their processes and mechanisms to achieve unity of effort in preparedness and response
• The federal government should continue to prioritize its relationships with SLTT governments and private-sector owners and operators of critical infrastructure
• The Pentagon should consider the support that it will need from the federal interagency, SLTT governments, and private-sector entities during a national emergency and work to develop those vital relationships
• Policymakers should take action prior to a crisis to prepare the United States to manage the homeland consequences of a coordinated attack on critical infrastructure while preparing for potential military mobilization and deployment to a contingency
• Policymakers should build societal resilience from the ground up
• Policymakers could work at all levels of government and with civil society to educate the public on emergency preparedness and foster dialogue within communities about the need to navigate uncertainty with attitudes of mutual respect and mutual support

The premise of this “Inverted Rook” wargame was that the attacks on critical infrastructure would come about due to US involvement in conflicts overseas.

The RAND report asks the reader to imagine that “an adversary launches a military invasion of a US-allied country or close partner” with the “ultimate goal of preventing, delaying, or constraining the US response to the adversary’s actions abroad.”

The Five Eyes nations, the US Cybersecurity and Infrastructure Security Agency (CISA), and the World Economic Forum (WEF) have all been forecasting that these types of attacks are likely to occur very soon due to the West’s unstable geopolitical relations with Russia, China, Iran, and North Korea.

“Geopolitical instability makes a catastrophic cyber event likely in the next two years” 

Jeremy Jurgens, WEF Annual Meeting, 2023

Speaking at the 2023 WEF Annual Meeting in Davos, WEF managing director Jeremy Jurgens highlighted one such forecast from a recent survey on cybersecurity.

“The most striking finding that we’ve found is that 93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years,” said Jurgens.

“This far exceeds anything that we’ve seen in previous surveys,” he added.

For years, the unelected globalists at the WEF and their partners have been prepping for a cyber pandemic that would disrupt all of society.

“If cyberthreats continue without mitigation, governments will continue to retaliate against perpetrators (actual or perceived), leading to open cyberwarfare, further disruption for societies”

WEF, Global Risks Report, 2022

According to the WEF Global Risks Report 2022, retaliations to cyberthreats — whether actual or perceived — could lead to open cyberwarfare.

“If cyberthreats continue without mitigation, governments will continue to retaliate against perpetrators (actual or perceived), leading to open cyberwarfare, further disruption for societies and loss of trust in governments’ ability to act as digital stewards,” the WEF report reads.

This means that cyberwarfare may be enacted in retaliation to something that never even happened.

And speaking of crises, real or perceived, the World Economic Forum has been exceptionally prophetic in its forecasts.

“The next severe pandemic will not only cause great illness and loss of life but could also trigger major cascading economic and societal consequences that could contribute greatly to global impact and suffering”

Event 201 Coronavirus pandemic simulation, October 2019

For example, just a few months before the COVID-19 coronavirus outbreak, the WEF, along with the Johns Hopkins and the Bill and Melinda Gates Foundation, held a fake pandemic exercise on October 18, 2019 called Event 201, which specifically simulated a coronavirus pandemic to gauge global preparedness.

Many scenarios coming out of Event 201 became reality in 2020 including government lockdowns, social media censorship, global economic crashes, and societal upheaval — all ingredients being necessary to usher in a great reset.

Event 201 bears similar language to the latest RAND wargaming report on attacks on critical infrastructure.

For example, both scenarios were expected to have “major cascading economical and societal consequences” while projecting mass illness and death.

Event 201 concluded that the world was unprepared for a pandemic.

Inverted Rook concluded that the US was unprepared for attacks on critical infrastructure, aka a “cyber pandemic.”

And in both cases, their solutions were all rooted in public-private partnerships — the merger of corporation and state, also known as corporatism.

“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole”

Klaus Schwab, Cyber Polygon, 2020

Another crystal ball moment for the WEF came in July 2020, during the Cyber Polygon exercise that simulated preparedness for what WEF founder Klaus Schwab called an anticipated “cyber pandemic.”

“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole,” said Schwab.

“The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyber attack,” he added.

Then by May 2021, Colonial Pipeline, JBS, and Ireland’s Health Service Executive were all hit by major cyberattacks that halted their operations and disrupted society as a whole, just as Schwab described, and just as RAND portrayed in its “Inverted Rook” simulation.

In fact, the Colonial Pipeline attack was one of the “real world precedents” that helped to shape the latest RAND exercise.

After all of the years of wargaming, putting out reports, holding congressional hearings, and real-world attacks on critical infrastructure, is the big one still yet to come?

Is a cyber pandemic really on the horizon, or is it just more fear mongering to drum-up support for massive cybersecurity and social measures that would consolidate and centralize power?

If a cyber pandemic is inevitable, is it by design?

The so-called experts all point to geopolitical instability as being the main driver for future catastrophic cyber events.

What better way to ensure those happen then by participating in forever wars that all but guarantee that these events take place?

---

Image by freepik