2025 US Presidential Inauguration

Background

The US Presidential Inauguration is scheduled for Monday, January 20, 2025, at the US Capitol Building in Washington, DC, where President-elect Donald Trump and Vice President-elect JD Vance will be sworn in at 12pm, local time at the West Lawn. The Inaugural Parade will commence shortly after the ceremony, running from the US Capitol, along Pennsylvania Avenue and ending at the White House.

Samdesk’s analyst team has produced the following inauguration day threat assessments:

Violent or disruptive protests: High

Terrorist attacks: Medium

Cyberattacks: Medium

See the below analysis for more detail.

Samdesk’s analyst team has produced the following inauguration day threat assessments:

Violent or disruptive protests: High

Terrorist attacks: Medium

Cyberattacks: Medium

See the below analysis for more detail.

Analysis

Protesting

Protesting is expected nationwide throughout January. Planned demonstrations for January 20 include:

National Day of Action. Coined a “nationwide mobilization,” is planned in at least 43 locations across the US
Peoples March on Washington could see at least 50,000 attendees. In 2017, this march saw roughly 4.6 million people attending various rallies across the US
Pro Palestine demonstrations. Rallies are planned in Washington, DC, Cleveland, OH, Chicago, IL, Seattle, WA, Houston, TX, Lancaster, PA and Detroit, MI
Make America Great Again victory rally is planned for January 19 at Capital One Arena at 3pm, local time. The arena holds 20,000 people; therefore, large crowds are expected

At least a dozen activist groups have requested permission to protest in the Capitol, although most permits have been denied. Additionally, those accused of participating in the January 6 Riots have also requested permission to attend the inauguration, with the Department of Justice arguing against these requests due to the potential risk to the DC community and local officials.

The risk of clashes between protesters and counter-protesters is probable, with a high threat level assessment. Heightened law enforcement response is expected to reduce the risk of violent clashes in the Capitol dependent on crowd size, however large demonstrations in other US cities could be at greater risk of escalation with fewer police resources.

Security Plans

The 2025 US Presidential Inauguration is designated a National Special Security Event (NSSE). Therefore, the United States Secret Service (USSS) is the lead agency for the design and implementation of its security plan and will work alongside local law enforcement to protect and respond to the event. Secret Service Washington Office’s Special Agent William McCool has stated that the public should expect heightened security measures for the upcoming inauguration. Security measures are expected to be similar to the 2017 inauguration where at least 28,000 officials were devoted to upholding security during the event. Preparations for this year indicate crowds of at least 500,000, in addition to the invitation of several world leaders, including Chinese President Xi Jinping, Argentine President Javier Milei, and Salvadoran President Nayib Bukele. The White House has confirmed outgoing President Joe Biden and First Lady Jill Biden will attend the ceremony.

On January 20, security screening gates will open at 6am, local time, followed by performances at 9:30am and opening remarks at 11:30am, leading to the swear-in ceremony at noon, per Washington DC official website. Ticketed guests are required to go through "airport style" security at the gates and must adhere to strict rules regarding prohibited items.

After being sworn in, Trump will go on a ceremonial parade on the East Front Steps of the Capitol down Pennsylvania Avenue from the US Capitol to the White House at 3pm, local time. The major thoroughfares through downtown DC will almost certainly be closed for the inauguration, along with several bridges to the city and many metro system stations. The National Park Service (NPS) has set a partial closure of Lafayette Park and along the White House sidewalks for public safety through February 2025.

Terrorism

Whilst intent is considered high, due to comprehensive security measures, the threat level of attacks occurring at official inauguration events or within the security perimeter on January 20 is deemed low. Attacks outside the security perimeter with fewer security measures implemented (e.g., local hotels, nearby amenities, protesting crowds) is considered a medium threat. Also note that there are non-ticketed parade viewing areas (National Mall, west of 4th Street NW) that are open to the public and may not be subject to enhanced security.

The threat continues to be characterized primarily by lone actors or small cells favoring traditional forms of attacks such as gunfire into crowds, pipe bombs, and vehicle ramming. Attackers continue to use accessible weapons and leverage online platforms and encrypted communication to share novel tactics and techniques collaboratively. According to the Counter Threat Center (CTC), government buildings such as the White House, the National Mall, the DC Central Detention Facility, the Department of State, the Department of the Treasury, the Department of Justice, the headquarters of the FBI along with apolitical venues like sports events and concerts, are likely to be targets for extremist attacks. Trump’s properties could also be potential targets for attacks, as demonstrated by the deliberate detonation of a Tesla Cybertruck outside of the Trump International Hotel in Las Vegas, Nevada. Recent attacks and foiled plans include an election-day mass shooting planned in Oklahoma by ISIS-K members targeting “large groups of people”, the fatal vehicle ramming attack on New Year’s Day in New Orleans, and the arrest of a man for bringing a machete and knives past a screening point at the Capitol Visitor Center (CVC) in Washington, DC.

There have been two assassination attempts during Trump’s presidential campaign. The first attempt occurred at July’s campaign rally in Butler, Pennsylvania, and another in September at Trump’s South Florida golf course. Multiple members of Trump's cabinet nominees and White House picks have also been subjected to violent threats. Extremists have also used online messaging to increasingly promote the swatting and doxxing of ideological opponents. At least nine people were targeted with suspected “swatting incidents,” including Matt Gaetz, Congresswoman Elise Stefanik, Howard Lutnick, Majorie Taylor Green, and Ohio Secretary of State Frank LaRose.

Hoax bomb threats impacted polling centers nationwide during the election, primarily targeting swing states Georgia, Pennsylvania, Arizona, Wisconsin, and Michigan, and prompting evacuations and delays to polls. The FBI states that these threats appeared to “originate from Russian email domains.”

Cybersecurity Threats

Cyber attacks involving the inauguration could include cyber espionage, ransomware, malware, phishing, and distributed denial of service (DDoS) attacks.

Threat actors may introduce malware to exploit the high volume of air traffic due to the inauguration to disrupt operations at Washington DC area airports. The Counter Threat Center reports that air traffic systems at the Ronald Reagan Washington National Airport and Washington Dulles International Airport will be vulnerable to such attacks due to their proximity to government infrastructure. Insiders may be exploited to gain unauthorized access to critical networks and systems to compromise physical security during the inauguration.

Adam Isles, former Deputy Chief of Staff at the Department of Homeland Security, suggested cyber threats posed by domestic groups should be the primary concern at the inauguration in light of the US Capitol Riot on January 6, 2021. During Former President Trump’s first inauguration in 2017, a hacktivist attempted to orchestrate a DDoS attack by encouraging people to help “take down” WhiteHouse.gov. Attempts to disrupt broadcasts relating to Trump have also been prevalent in foreign hacktivist groups. For example, in August 2024, RipperSec, a Malaysian pro-Palestine hacktivist group, conducted a DDoS attack targeting X to disrupt a broadcast of an interview between Elon Musk and Trump. While such groups can disrupt broadcasts during the inauguration, the overall impact on operations will remain minimal.

While it is likely that such actors may conduct similar attacks during this inauguration, their impact is minimal due to the government's enhanced cyber resilience resources. As a result, the threat level of a cyberattack from domestic threat actors is low.

Foreign actors have previously conducted attacks against critical infrastructure in the days leading up to the inauguration. Notably, in December 2016, two Romanian citizens were arrested for illegally accessing 123 computers linked to the Metropolitan Police Department’s surveillance cameras to distribute ransomware during the January 2017 inauguration.

Despite the sophisticated nature of the attack, its impact was minimal as authorities secured the cameras before the inauguration.

Nation-state actors may launch cyberattacks elsewhere in the US while attention is focused on the inauguration. In March 2020, SolarWinds software supply chain was attacked by Russia’s Foreign Intelligence Service (SVR). Similarly, since May 2024, members of the Iranian Islamic Revolutionary Guard Corps (IRGC) have successfully conducted spear-phishing campaigns and compromised accounts of officials and advisors for the 2024 presidential campaigns. While similar attacks have been conducted around the election period, they have not targeted presidential inaugurations in the past.

Nation-state actors possess the capabilities and intent to disrupt operations during the inauguration; however, attacks have not previously been conducted on this day. Therefore, the threat level of an attack from foreign threat actors is medium.

Opportunistic cybercrime groups often use high-profile topics, events, and individuals as content for spam messaging and phishing campaigns. They will likely exploit the inauguration to conduct phishing campaigns for financial gain. While the impact of such attacks can be mitigated by avoiding malicious links, if the victim's device becomes affected, they may incur financial loss or identity theft. The intent of such groups conducting an attack is high, and the threat level of an attack from opportunistic cybercrime groups is also high.

Therefore, the overall threat level for cybersecurity attacks impacting the inauguration is medium.