There’s a cyberattack coming, and it’s going to be a big one. Whether it’s an attack on the power grid, air traffic control, the stock market, a weakness we haven’t found yet, or all of the above, you can count on serious confusion and chaos to result.

Just so we’re clear, I’m telling you this so you can prepare, not panic. That way when a digital Paul Revere starts yelling, “The hackers are coming! That hackers are coming!” you won’t be taken by surprise.

First, let’s talk about the scope of the problem. We’ve known for years that America’s infrastructure isn’t as robust as it should be.

Back in 2003, for example, a large portion of the American northeast and some of Canada was blacked out thanks to a minor software bug at an electrical station. Combine that with older hardware across the board and lax security, and a hacker could easily knock out power stations at will.

In fact, back in January, the Department of Defense accidentally released an 800-page document on the Aurora Project. It was a detailed analysis of how hackers could take down the U.S. power grid and water systems. It wasn’t very comforting, especially combined with the report that an attack on the power grid could cost the U.S. up to $1 trillion.

Just this year, we’ve seen it isn’t only the power grid. The U.S. air traffic control system is getting a major upgrade, and it brings with it some problems that a hacker can exploit. If you want to know how bad that could be, just last week, a short-term glitch in United Airlines’ computer system grounded 4,900 flights and delayed travel across the country.

At the same time, an update gone wrong shut down the New York Stock Exchange for four hours and brought trading to a standstill. And you can believe that hackers are busy trying to replicate that kind of situation.

The FBI recently caught three Russian spies trying to trigger a Flash Crash in the stock market like the one in 2010. That happened when computers trading at millisecond speeds over-corrected and dropped the Dow Jones 1,000 points in minutes.

And even if hackers don’t attack Wall Street directly, we’ve seen in the past that incorrect information posted on Twitter can cause major panic. In 2013, the Syrian Electronic Army hacked the Associated Press Twitter account and tweeted that there had been an explosion at the White House and President Obama was injured. This caused panic trading that created a temporary loss of around $136.5 billion in the S&P.

Speaking of the White House, hackers have been poking around its unclassified networks for years. I don’t doubt they’ll get into the classified section one of these days. Who knows what information they’ll find that helps them launch an attack.

I think I’ve proved my point about the various ways hackers could launch a cyberattack that causes major disruption. However, there are two more surprising avenues that you might not have considered.

Back in 2014, hackers knocked a radio station in Louisiana off the air, which is worrying since radio is one of the fallback ways to get information when everything else goes down. The radio station in question was running unsecure Windows XP computers, so it made the hackers’ job easier. However, it’s still evidence that hackers can get to just about anything.

If hackers can’t attack electronically, they might stoop to something a bit cruder. There’s been a rash of instances where hackers have cut Internet cables manually. San Francisco had an Internet outage recently after vandals broke into a secure vault and cut a major Internet backbone cable.