Department of Defense

(U//FOUO) U.S. Government Shutdown DoD Contingency Plan April 2011

This document provides guidance for identifying those missions and functions of the Department of Defense that may continue to be carried out in the absence of available appropriations. The information provided in this document is not exhaustive, but rather illustrative, and is intended primarily to assist in the identification of those activities that may be continued notwithstanding the absence of available funding authority in the applicable appropriations ( excepted activities). Activities that are determined not to be excepted, and which cannot be performed by utilizing military personnel in place of furloughed civilian personnel, will be suspended when appropriated funds expire. The Secretary of Defense may, at any time, determine that additional activities shall be treated as excepted.

(U//FOUO) U.S. Army Interagency Teaming to Counter Irregular Threats Handbook

If you have picked up this handbook, or had it handed to you, you are likely an interagency team leader or team member or a military commander or civilian leader with the responsibility for setting up an interagency team. If this is your first exposure to working with the interagency, it can be a daunting prospect. This handbook is intended to provide you with a basic understanding of the interagency environment as well as insights and best practices that your team can put to use to counter irregular threats in the field or at operational level.

HBGary DARPA Cyber Insider Threat (CINDER) Proposal

Like a lie detector detects physical changes in the body based on sensitivities to specific questions, we believe there are physical changes in the body that are represented in observable behavioral changes when committing actions someone knows is wrong. Our solution is to develop a paranoia-meter to measure these observables. Using shoplifing as an example, there are peaks and valleys of adrenaline during the entire theft process. There is the moment the thief puts an item in their pocket (high), then as they walk around the store the adrenaline begins to valley a bit, then they attempt to walk out of the store (very high). It is at these points that we want to be able to take as many behavioral measurements as possible because it is at these points the insiders activity will be as far from normal behavior. In this hypothesis we will have a rootkit on the host that monitors keystrokes, mouse movements, and visual cues through the system camera.

U.S. Army Enterprise Email CONOPS 2012

The strategic environment has changed significantly since the end of the Cold War, and events since September 11, 2001 have dramatically demonstrated that we have entered a new era of conflict with difficult challenges to overcome. To meet these challenges, the Department of the Army requires enterprise services to create an information advantage by providing seamless collaboration and moving the power of information to the tactical edge. Implementing an Army Enterprise Email Service (EMCS) is a major step towards meeting these needs.

(U//FOUO) U.S. Army Human Terrain Team Commander’s Guide

Human terrain teams (HTTs) consist of five to nine personnel deployed by the HTS to support field commanders. HTTs fill the socio-cultural knowledge gap in the commander’s operational environment and interpret events in his AO. The team, individuals with social science and operational backgrounds, deploys with military units to bring knowledge about the local population into a coherent analytic framework. The teams also assist in building relationships with the local community in order to provide advice and opportunities to commanders and staffs in the field.

U.S. Army Human Terrain System Afghanistan Pashtun Tribal Analysis

This report consists of two main parts: the first part is an overview of the existing historical and anthropological research on Pashtun “tribes” in Afghanistan, and the second part examines how “tribes” behave in Afghanistan. It is based mostly on academic sources, but it also includes unclassified government information and research performed by HTS Human Terrain Teams, which have been attached to U.S. Army brigades since 2007.

Bradley Manning’s Description of Abusive Treatment at Quantico

Under my current restrictions, in addition to being stripped at night, I am essentially held in solitary confinement. For 23 hours per day, I sit alone in my cell. The guards checked on me every five minutes during the day by asking me if I am okay. I am required to respond in some affirmative manner. At night, if the guards can not see me clearly, because I have a blanket over my head or I am curled up towards the wall, they will wake me in order to ensure that I am okay. I receive each of my meals in my cell. I am not allowed to have a pillow or sheets. I am not allowed to have any personal items in my cell. I am only allowed to have one book or one magazine at any given time to read. The book or magazine is taken away from me at the end of the day before I go to sleep. I am prevented from exercising in my cell. If I attempt to do push-ups, sit-ups, or any other form of exercise I am forced to stop by the guards. Finally, I receive only one hour of exercise outside of my cell daily. My exercise is usually limited to me walking figure eights in an empty room.

Retracted Center for Naval Analyses Assessment of the Human Terrain System

The Human Terrain System is a U.S. Army project intended to provide military decisionmakers in Iraq and Afghanistan with greater understanding of the local population’s cultures and perspectives. HTS deploys Human Terrain Teams (HTTs) of five to nine civilian and military personnel to support brigade, division, and theater-level staffs and commanders with operationally relevant information. The program also provides training for deploying personnel, reachback analysis, and software tools developed by HTS to support socio-cultural analysis. HTS emphasizes the use of tools and approaches commonly associated with the academic disciplines of anthropology and sociology’ in its efforts to collect and analyze data about local populations.

U.S. Army Special Forces Unconventional Warfare Training Manual November 2010

The intent of U.S. UW efforts is to exploit a hostile power’s political, military, economic, and psychological vulnerabilities by developing and sustaining resistance forces to accomplish U.S. strategic objectives. Historically, the military concept for the employment of UW was primarily in support of resistance movements during general-war scenarios. While this concept remains valid, the operational environment since the end of World War II has increasingly required U.S. forces to conduct UW in scenarios short of general war (limited war). Enabling a resistance movement or insurgency entails the development of an underground and guerrilla forces, as well as supporting auxiliaries for each of these elements. Resistance movements or insurgencies always have an underground element. The armed component of these groups is the guerrilla force and is only present if the resistance transitions to conflict. The combined effects of two interrelated lines of effort largely generate the end result of a UW campaign. The efforts are armed conflict and subversion. Forces conduct armed conflict, normally in the form of guerrilla warfare, against the security apparatus of the host nation (HN) or occupying military. Conflict also includes operations that attack and degrade enemy morale, organizational cohesion, and operational effectiveness and separate the enemy from the population. Over time, these attacks degrade the ability of the HN or occupying military to project military power and exert control over the population. Subversion undermines the power of the government or occupying element by portraying it as incapable of effective governance to the population.

(U//FOUO) U.S. Navy WikiLeaks Safeguarding Classified National Security Information Recommendations


HBGary DoD Cyber Warfare Support Work Statement

Cyber Warfare is warfare in the Cyberspace domain, which is defined by the SECDEF as “a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems and embedded processors and controllers.” Cyber Warfare encompasses Computer Network Operations (e.g. Attack, Defend and Exploit,) Information Assurance, and the network operations that encompass Command, Control, Communications, Intelligence, Surveillance and Reconnaissance (C4ISR) and Information Operations (IO) functions that occur within the Cyberspace domain. This includes Computer Network Operations (CNO) against automated systems (e.g. C4ISR), and the interaction between the physical, social and biological networks that define human-machine interaction.

HBGary DARPA Cyber Genome Technical Management Proposal

While it is a challenging undertaking, we plan to research and develop a fully automated malware analysis framework that will produce results comparable with the best reverse engineering experts, and complete the analysis in a fast, scalable system without human interaction. In the completed mature system, the only human involvement will be the consumption of reports and visualizations of malware profiles. Our approach is a major shift from common binary and malware analysis today, requiring manual labor by highly skilled and well-paid engineers. Results are slow, unpredictable, expensive and don’t scale. Engineers are required to be proficient with low-level assembly code and operating system internals. Results depend upon their ability to interpret and model complex program logic and ever-changing computer states. The most common tools are disassemblers for static analysis and interactive debuggers for dynamic analysis. The best engineers have an ad-hoc collection of non-standard homegrown or Internet-collected plug-ins. Complex malware protection mechanisms, such as packing, obfuscation, encryption and anti-debugging techniques, present further challenges that slow down and thwart traditional reverse engineering technique.

HBGary General Dynamics DARPA Cyber Genome Program Proposal

Current technologies and methods for producing and examining relationships between software products, particularly malware, are lacking at best. The use of hashing or “fuzzy” hashing and matching techniques are conducted at the program level, ignoring any reflection of the actual development process of malware. This approach is only effective at finding closely related variants or matching artifacts found within malware that are only tangent to the development process, such as hard coded IP address, domains, or login information. This matching process is often unaware of internal software structure except in the most rudimentary sense, dealing with entire sections of code at a time, attempting to align matches while dealing with arbitrary block boundaries. The method is akin to an illiterate attempting comparing two books on the same topic. Such a person would have a chance of correlating different editions of the same book, but not much else. The first fundamental flaw in today’s approach is that it ignores our greatest advantage in understanding relationships in malware lineage, we can deduce program structure into blocks (functions, objects, and loops) that reflect the development process and gives software its lineage through code reuse.

(U//FOUO) DHS-FBI-NORTHCOM Super Bowl 2011 Joint Special Event Threat Assessment

This Joint Special Event Threat Assessment (JSETA) addresses potential threats to the National Football League (NFL)USPER Super Bowl XLV, which will be played on 6 February 2011 at Cowboys Stadium in Arlington, Texas. It focuses on potential threats to the game—and to various NFL-sanctioned events scheduled for the Dallas/Ft. Worth Metroplex-area during the 12 days prior to the game—from international and domestic terrorists, cyber actors, criminals, and foreign intelligence services.

(U//FOUO) USMC Wireless Local Area Networks (WLANs) Information Assurance Directive

Marine Corps Order (MCO) 5239.1 formally establishes the Marine Corps Information Assurance Program (MCIAP) and defines the responsibilities for protecting the Marine Corps information infrastructure as well as delineating Department of Defense (DoD) directives, instructions, and guidance governing DoD Information Assurance (IA). United States Marine Corps (USMC) IA Enterprise Directive 014 Wireless Local Area Networks (WLANs) outlines the security configuration and implementation standards for WLANs within the Marine Corps Enterprise Network (MCEN) boundary security framework.

(U//FOUO) USMC Enterprise Network Accreditation Process Directive

The Marine Corps Enterprise Network (MCEN) Designated Accrediting Authority (DAA) issues Marine Corps Enterprise Information Assurance Directives (EIAD). The EIAD series provides modules that guide the implementation of policy direction established in Marine Corps Order (MCO) 5239.2. The modules provide procedural. technical, administrative, and supplemental guidance for all information systems, used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or receipt of data within the MCEN as well as other Marine Corps information systems. Each module focuses on a distinct subject and describes a standard methodology for planning, implementing and executing an element of the Marine Corps Information Assurance Program (MCIAP). The Marine Corps EIAD series will be the authoritative source for implementation of IA policy direction.

U.S. Military Police Internment/Resettlement Operations Manual

Field Manual (FM) 3-19.40 depicts the doctrinal foundation, principles, and processes that MP will employ when dealing with enemy prisoners of war (EPWs), civilian internees (CIs), US military prisoner operations, and MP support to civil-military operations (populace and resource control [PRC], humanitarian assistance [HA], and emergency services [ES]). FM 3-19.40 is not a standalone manual, and it must be used in combination with other publications. These publications are pointed out throughout the manual, and a consolidated list is provided in the bibliography.

(U//FOUO/LES) U.S. Air Combat Command Threat Information Fusion Cell Reports

The following five reports are from the U.S. Air Force Air Combat Command’s Threat Information Fusion Cell. The “Homeland Defense Information Summary” reports focus entirely on domestic security matters and feature content from local police departments and regional fusion centers. The very existence of the reports should be a matter of scrutiny given the fundamental divide between domestic military affairs and civilian law enforcement necessitated by legislation such as the Posse Comitatus Act.

USMC Marine Air-Ground Task Force Information Operations

Marine Corps Warfighting Publication (MCWP) 3-40.4, Marine Air-Ground Task Force Information Operations, operationalizes the concept of information operations (IO). This publication introduces doctrine for employment of IO in support of Marine air-ground task force (MAGTF) operations. IO language and organizations continue to evolve and to be debated. This publication gives Marines a warfighter’s orientation to IO, providing a basis to understand the relevance of IO and a framework to implement IO. This publication is intended for MAGTF planners responsible for both operational and IO planning.

U.S. Navy NATOPS Instrument Flight Manual

This manual presents an overview of information required for flying U.S. Navy and Marine Corps aircraft under Instrument Flight Rules (IFR) and conditions in various operating environments. It has been prepared for use as a reference for U.S. Navy and Marine Corps Aircrew preparing for their annual instrument flight evaluations, especially those unable to attend instrument ground training. It also provides guidance and standardization for instrument flight evaluators and aircrews on criteria for evaluating the instrument flying abilities and proficiency of aircrew members and conducting NATOPS Instrument Flight Evaluations.