Lt. Colin Johnson was up late at Camp Carroll outside the city of Deagu, South Korea. Colin was on loan from USCYBERCOM and had been asked by his commander to keep a close eye on any signs by of unusual activity from the North Korean-affiliated 'Guardians of Peace' targeting South Korea, the U.S., or its allies. Colin decided to make use of a new AI-powered offering called Jewel to scan the dark web for any relevant chatter, along with probing known North Korean drop sites for activity. It was at one of these sites that he found information about a worm that the hackers were referring to only as "Hyeogmyeong," which translated loosely as "Revolution." Posing as a potential buyer, Colin was able to purchase a copy of the worm.

Colin flagged his finding as a priority action item and sent it on to his superiors. The investigation preceded quickly. The cyber forensics experts at Ft. Meade determined that the Revolution worm used a nine hitherto unknown zero-day exploits to exploit vulnerabilities in programmable logic controllers (PLCs). These controllers are integral to myriad supply chains and are regularly installed in systems as diverse as nuclear power plants and traffic lights. Given the quickly expanding Internet of Things, though, they have become even more ubiquitous. USCYBERCOM has to decide what to tell impacted utilities, and how to handle the worm, which is quietly proliferating around the world.

Meanwhile Nile, a leading manufacturer of Internet-connected device, uses a huge array of PLCs in its products including a new surveillance camera offering that it is offering as part of its 'Smart City 2020' push. Dozens of cities across the United States have purchased equipment from Nile to help better surveil public places and control violent crime. A key selling point of the system is marrying the cameras with Nile's industry-leading AI and 5G capabilities.

Unbeknownst to USCYBERCOM, or the Army, the Revolution worm was expressly designed to target Nile products and services, including the Smart City 2020 suite of devices. On Nov 11, 2022, the worm is activated. It encrypts systems across the country through ranswomare with a countdown timer threatening widespread blackouts, and even coordinated attacks on public transit and autonomous vehicles, unless the U.S. agrees to withdraw all troops from South Korea and Japan, and cease freedom of navigation expeditions in the South China Sea. If the U.S. government does not comply, all the infected systems will be wiped. There is also intelligence that the worm has compromised voting machines across an as yet untold number of counties. Widespread disinformation on social media is fueling panic, leading an increasing number of Americans to act as 'patriotic hackers' and launch their own cyber attacks. Leadership at Nile is threatening to do something similar.

The U.S. President has mere hours to decide on a course of action. What should she do?

Include at least one short, medium, and long-term step that the President should take, in your opinion, to respond to this crisis and help ensure against a repeat in the future.