OPERATION BLACKOUT

Government War Games & Exercises - 2020 Election

Operation Blackout was an election-hacking tabletop exercise that took place on November 5, 2019 and simulated terrorist attacks, sabotage of civilian infrastructure, and psychological operations/warfare directed against US citizens. It “explicitly excluded” the hacking of actual election equipment and instead focused on other components of the electoral system; media, social media, “influencers”, and voting locations.

This exercise was organized and run by the cybersecurity firm and government software provider Cybereason, with participants from the Department of Homeland Security, the FBI, US Secret Service, and Washington D.C. law firm Venable.

Cybereason held two other similar exercises in the run-up to the 2020 election, in September 2018 and early 2020, both in Boston. They held another simulation, also called Operation Blackout, in London in December 2019. It appears they have more tabletop exercises and wargames planned, all with the cooperation of US federal agencies.

Cybereason was founded by ex-members of Israeli military intelligence cyber division Unit 8200 and is advised by former and current officials in the CIA and Israeli military intelligence. Unit 8200 is infamous for their cyber attacks against governments and state-owned companies, as well as large-scale influence and psychological operations. Cybereason is a major software provider for the US government and military through it's partnership with Lockheed Martin and is the creator of one of the world's leading cyberdefense platforms.

Cybereason also supplies antivirus software, endpoint detection and response, and other cyberdefense tools to US government agencies and defense contractors. They receive funding from Lockheed Martin, a US weapons manufacturer and government contractor along with other financial institutions and multinational conglomerates such as Softbank Group. Softbank has close ties to Saudi Crown Prince Mohammed bin Salman and his close friend, Jared Kushner.

The other main participant in Operation Blackout was the US law firm Venable. Doug Emhoff, Kamala Harris' husband, was the former Managing Director of Venable's West Coast Offices and other notable alumni and attorneys employed by Venable include Amy Berman Jackson and Ari Schwartz. Schwartz is currently the Managing Director of Cybersecurity Service for Venable. They've also employed many other former and current US officials, including numerous federal judges, senators, state attorney generals, and Obama administration cabinet members.

Schwartz's integral role in Operation Blackout is especially interesting given his deep ties to the Obama administration. He was a member of the White House National Security Council as Special Assistant to the President and Senior Director for Cybersecurity. Schwartz was an internet policy advisor for the National Institute of Standards and Technology and a former employee of the Center for Democracy and Technology, a leading backer of Microsoft's ElectionGuard software. He also led the Department of Commerce's Internet Policy Task Force and helped develop the government's cybersecurity framework, a guideline for helping government agencies and companies “improve” their cybersecurity programs.

OPERATION BLACKOUT

“Recent times have seen election tampering by special interest groups and foreign powers in the United States, Europe and Asia.”

The stated goal of the exercise was to examine and improve the response of government entities to an anarchist group's (“ethical hackers”) attempts to “undermine democratic institutions and systems of governance” in the US. Operation Blackout was set in a fictional swing state called “Adversaria” on a mock-up of election day. The end result of the simulation was the election being canceled, hundreds of Americans killed, and martial law being declared.

“The scenario pitted a team of veteran law enforcement officers from the US Secret Service, Department of Homeland Security, the FBI, and the Arlington, VA police against a group of ethical hackers, academics and security professionals from the private sector. The law enforcement team was the Blue Team: Adversaria Task Force, and the white hat hackers were known as the Red Team: Kill Organized Systems (K-OS) hacktivist group.”

“The game administration and control as well as ad hoc role needs in the game sequence was controlled by a White Team, run by industry veteran and CSO Sam Curry, as well as Managing Director of Cybersecurity Services at Venable Ari Schwartz. Sam’s Cybereason-staffed team both adjudicated the event and provided US Federal support options as appropriate. The White Team also benefited from both experience with federal and state governance processes and the presence of seasoned government officials as observers of the event.”

Please take note, the perpetrators involved in these simulated attacks are referred to as “ethical hackers”, and are partnered with academics and security professionals from the private sector. NOT foreign governments/state actors. They are referred to as “white hat hackers”, implying that they’re the “good guys”.

“Cybereason conducted two similar exercises preceding the US midterm elections, one in September 2018 and one earlier in the year, both held in Boston. The results of those elections were expected to be reflected at least partially in this exercise. In the previous Autumn exercise, the system was not designed for this sort of threat, local law enforcement was not comfortable calling for help beyond their jurisdiction, and law enforcement was mostly reactive and flat footed during the day.”

Results:

“This tabletop event showed excellent preparation and execution by members of both the Red Team and the Blue Team. The Red Team implemented a fantastic set of moves that demonstrated daring and creativity. They developed capabilities early on that they could use throughout the day for multiple scenarios and took impactful actions at each turn. However, the primary mission of the Red Team failed due to overkill. Instead of undermining the election, they forced the Blue Team to cancel the election and they caused a terrorist attack. The aftermath of the Red Team’s efforts increased the fear of terrorism overall and started conspiracies about potential government collusion.”

The Blue Team made decisive, immediate action and expanded their capabilities early in the day. They focused on what they could control and called for federal aid at all the right points. However, the public did get hurt, with 200 people injured and 32 dead, and the election was canceled. The only thing the Blue Team could have done sooner was address the autonomous vehicle systems earlier in the day, but overall, they gave a solid performance and addressed the Red Team’s actions quickly.”

Lessons Learned from the Cybereason Election Simulations:

Communications are the New Battleground

●Recognizing that having clear channels of information or disinformation was very important for affecting public sentiment for both sides.

● Control of social media networks for journalists, influencers, and political figures allowed the Red Team to easily spread misinformation through supposedly “legitimate” channels.

● Lesson Learned: Law enforcement must create open lines of communication between government departments and media sources and social media companies. The government can only extend their capabilities so far without the support of the platforms upon which misinformation is spread.”

Developing Technology Poses Threats that are Difficult to Predict

● Autonomous vehicles were leveraged by the Red Team to wreak havoc at polling stations and cause many deaths and injuries. These vehicles can be used by attackers as a new set of weapons in their operation with no consequences to the Red Team.

● Deep fakes were used by the Red Team to impersonate the superiors of pollsters and law enforcement officers and direct them to execute actions that benefited the Red Team. In addition, deep fakes were used to create fake videos and spread misinformation about the candidates in the race.

● Lesson Learned: As we develop advanced technology for user convenience, we must consider the consequences of the technology and ways to prevent its misuse and abuse. Additionally, we must work to construct fail safes to prevent this technology from being abused so significantly that it results in the death or severe injury of others. Open lines of communication between the government and technology companies will also help in this effort.

OPERATION BLACKOUT, Cyber Polygon, and SolarWinds

Interestingly, by their own admission, the Transition Integrity Project is closely connected to Operation Blackout. Finding these connections has proven difficult and it’s suspected that because of both the TIP and Cybereason's ties to US government agencies, defense contractors, and the Obama administration, that this information is classified.

Something else that's important to note (especially in the context of the SolarWinds cyber attack that has been ongoing since March 2020); quite often these wargames and simulations end up being applied to events other than the ones specifically outlined in the exercises. More often than not, these “simulations” unfold in real life and sometimes even “go live” during the exercises. As more information becomes available about the SolarWinds attack, it will be discovered that many of the players involved in Operation Blackout and Cyber Polygon are also (former and current) high-level officials in the US government agencies and corporations affected by the SolarWinds hack, and possibly even SolarWinds itself.

Please download the Operation Blackout pdf and pay special attention to the Event Record Appendix near the end of the document (pages 9 - 13).

OPERATION BLACKOUT