The phrases "internet blackout" and "internet blackout 2021" have seen a dramatic uptick in Google searches since Jan. 3, when prominent QAnon supporters began touting the theory that President Trump would shut down the entire internet on the day of Joe Biden's inauguration. Lin Wood, a Trump-allied attorney with a history of promoting false conspiracies, warned in a social media post earlier this month that Trump supporters should "BE PREPARED FOR AN IMMINENT BLACKOUT."
But government agencies have prepared for any attacks from conspiring hackers, and cyber experts tell Protocol that they don't have much of a chance of working. While governments around the world, including in Bangladesh, Egypt and Uganda, have ordered internet blackouts over the last few years, the United States has a particularly decentralized internet architecture, which would make it difficult for a government or a malicious actor to facilitate a U.S. internet blackout. And while there may be some motivation to attempt a cyberattack of that size around the inauguration, experts say it's unlikely that most hackers could pull it off.
"The capabilities to bring down the entire internet would be on the far side of the sophistication scale," said Bill Wright, a former Senate homeland security staffer and intelligence official who is now the director of federal affairs at Splunk. Similar rumors swirled about the potential for an internet shutdown during former President Obama's second inauguration, and they never came to fruition, Wright noted.
Any effort to pull down the internet would likely have to begin with an attack against ISPs including Verizon, Comcast, AT&T, T-Mobile, Charter and Verizon. "You can best believe that you'd have to be a very good hacker or a nation-state to penetrate ISPs and the services they provide to us," said Kelvin Coleman, the executive director at the National Cyber Security Alliance, who previously served as an intelligence official at the Department of Homeland Security and the White House.
Still, particularly given the high threat-level environment in the wake of the Capitol Hill riot, government bodies including the FBI, Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency are on high alert to combat any incoming intrusions, particularly from domestic extremists, who pose the most likely threat to this year's events, according to a joint bulletin from government agencies.
"The 59th Presidential Inauguration and events preceding it have been designated a National Special Security Event (NSSE) beginning January 13, 2021," an FBI spokesperson said in an email. "As such, the U.S. Secret Service is the lead agency for the operational security plan, the Federal Emergency Management Agency is the lead agency for response and recovery operations, and the FBI is the lead agency for crisis management, counterterrorism, and intelligence analysis."
"Together, we have planned, prepared, and trained for situations and events like this," the spokesperson added. Government officials likely began running tabletop exercises and planning out their approach to inauguration months ago.
Inaugurations are always designated a "National Special Security Event," meaning they're deemed to be a target of potential terrorism or criminal activity. And the stakes are higher than ever this year as government officials fret over a peaceful transfer of power.
"Before last week, I would've said yes, there's a difference [between domestic and foreign threats], and foreign actors or nation-states are the greatest threat," Coleman said. "After last week, I'd say no, we have to treat them the same these days."
Verizon, T-Mobile, AT&T, Charter did not immediately respond to Protocol's questions about how they are preparing for any potential threats around inauguration and whether they're aware of the "internet blackout" conspiracy theories. "We generally don't comment on cyberattack defenses (we are in a constant state of monitoring), and don't have any comment on the conspiracy theories," a Comcast spokesperson said in an email.
But Brian Dietz, SVP of strategic communications at cable industry trade group NCTA, said the ISPs and the broader communications sector are working side by side with DHS and CISA "to ensure that networks are secure as part of inauguration security preparations."
"We will be working closely with CISA throughout the whole inauguration," he said.
CISA and the Multi-State Information Sharing and Analysis Center will play an outsized role throughout high-stakes events this week. MS-ISAC serves as an around-the-clock threat-monitoring center for state and local governments, and it has developed a closer-than-ever relationship with CISA over the last six months, according to Wright. "That partnership is really well-exercised," Wright said. "That sharing goes two ways, so those out in state and local are pushing information up to CISA, CISA is analyzing, correlating and pushing back down to state and locals and other partners."
This year's inauguration takes place amid multiple overlapping crises with a polarized electorate, an ongoing pandemic, the recent attack on the U.S. Capitol and the SolarWinds cyberattack, which was one of the largest in U.S. history. But in many ways, cyber protections during this year's events will look just like they did in previous years.
"This is not unlike a physical disaster or situation, meaning if you haven't prepared for the flood before it comes, it's probably too late," Coleman said. "Government and industry organizations have been preparing for attacks on their systems. For cybersecurity, they've beefed [their defenses] up considerably. At this point, there's not a whole lot else except to make sure those holes are plugged."