The Transportation Security Administration’s Office of Intelligence (TSA-OI) unclassified annual Freight Rail Threat Assessment addresses the overall threat to the U.S. freight rail industry and presents conclusions regarding likely targets and actors based upon a review of successful attacks against rail systems overseas.
The most recent U.S. case, announced on 12 October 2014 is the first reported domestic transmission in the U.S. Three of the American EVD patients recovered and were discharged from the hospital, while three remain hospitalized. One American died while receiving treatment in Nigeria. The Liberian EVD patient was not symptomatic upon arrival and determined not to be infectious during travel. The Liberian patient died while in isolation on 8 October 2014. On 11 October 2014, the CDC and the Department of Homeland Security’s Customs & Border Protection (CBP) began enhanced entry screening of passengers with recent travel to West Africa at New York’s JFK International Airport. Enhanced entry screening is scheduled to begin on 16 October 2014 at Washington-Dulles, Newark, Chicago-O’Hare, and Atlanta international airports. Based on the recent domestic transmission, state and federal officials are re- examining whether equipment and procedures were properly followed, and whether additional protective steps and guidance are needed. The CDC believes the U.S. medical, public health infrastructure/responses are sufficient to prevent the spread of the Ebola virus in the U.S.
As of 3 October 2014, 43 states and the District of Columbia have reported 538 cases (+325 since 23 September 2014) of Enterovirus D68 (EV-D68) to the U.S. Centers for Disease Control and Prevention (CDC). Most of the cases have been identified among children; however, one case was identified in an adult. This outbreak was first announced in a media conference held on 8 September 2014. In this announcement, the CDC stated that EV-D68 was detected in clusters of individuals with respiratory illness in Kansas City, Missouri and Chicago, Illinois. Many of the initial identified cases had a history of asthma or wheezing. Recent increases in cases can be attributed to awareness of this issue among health officials and the amount of time necessary for disease investigation and confirmation. Current surveillance tools for influenza-like illness may not be appropriate for the detection of EV-D68 because many of the identified cases failed to develop fever. The CDC is involved in the ongoing investigation of a possible link between EV-D68 and acute paralysis. Furthermore, the CDC has identified EV-D68 in specimens from patients who have died, but the role of EV-D68 in these deaths remains unclear. EV-D68 has rarely been reported in the U.S. since first recognized in California in 1962. Enterovirus infections are not reportable in the U.S., so the illness is likely underreported because most enterovirus infections are self-limiting and do not require medical attention. The CDC estimates that non-polio enteroviruses are very common and are responsible for 10 to 15 million U.S. infections each year.
The Department of Homeland Security’s (DHS) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produced this National Risk Estimate (NRE) to provide an authoritative, coordinated, risk-informed assessment of the key security issues faced by the Nation’s infrastructure protection community from malicious insiders. DHS used subject matter expert elicitations and tabletop exercises to project the effect of historic trends on risks over the next 3 to 5 years. In addition, DHS used alternative futures analysis to examine possible futures involving insider threats to critical infrastructure over the next 20 years. The results are intended to provide owners and operators a better understanding of the scope of the threat and can inform mitigation plans, policies, and programs, particularly those focused on high-impact attacks.
On 8 August, the International Health Regulations Emergency Committee of the World Health Organization (WHO) declared the ongoing epidemic of Ebola virus to be a Public Health Emergency of International Concern (PHEIC). According to the WHO, regional health authorities in western Africa have reported 7,178 cases of Ebola virus disease with 3,338 deaths to the WHO since the outbreak was first recognized in March 2014. On 30 September 2014, The U.S. Centers for Disease Prevention and Control (CDC) announced that an unidentified man, who is receiving treatment at Texas Health Presbyterian Hospital in Dallas, Texas, has been diagnosed with Ebola virus. All previous cases associated with the U.S. were diagnosed in West Africa. One patient died while in Nigeria, and four were diagnosed in West Africa before traveling to the U.S. for treatment.
The NJ Office of Homeland Security and Preparedness (OHSP) compiles a statewide list of special events that provides situational awareness to law enforcement, as well as to assist in local planning requirements. Special events include any event that attracts large numbers of participants and spectators in both a public or private venue. Examples include concerts, marathons, firework displays, community celebrations, visits by VIPs, sporting events, holiday gatherings, etc.
(U//LES) Northern California Fusion Center Bulletin: Recreational Drones Create Problems for Law Enforcement
The expansion of Unmanned Aerial Vehicle (UAV) operations for military purposes in the last decade has driven growth in the commercial UAV industry where. the casual enthusiast can now purchase a ready-to-fly system for less than $300. These UAVs can be accessorized for varied purposes such as cinematography, agricultural monitoring, wildlife tracking, site surveillance, and potentially even for kinetic attacks with a firearm or improvised explosive. This Advisory Bulletin addresses an observed increase in UAV use by ordinary citizens, outlining capabilities and implications for the law enforcement community. The NCRIC has not received any specific or credible UAV threats in our 15-county AOR and presents the following information for situational awareness purposes.
Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.
DHS National Cybersecurity and Communications Integration Center Bulletin: Hotel Business Centers Keyloggers
The following is an advisory for owners, managers and stakeholders in the hospitality industry, which highlights recent data breaches uncovered by the United States Secret Service (USSS). The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software. The malicious actors were able to utilize a low-cost, high impact strategy to access a physical system, stealing sensitive data from hotels and subsequently their guest’s information. The NCCIC and the USSS have provided some recommendations at the end of this document that may help prevent similar attacks on publicly available computers.
(U//LES) DHS Assessment: Domestic Violent Extremists Pose Increased Threat to Law Enforcement and Government Officials
After years of only sporadic violence from violent domestic extremists motivated by anti-government ideologies, I&A has seen a spike within the past year in violence committed by militia extremists and lone offenders who hold violent anti-government beliefs. These groups and individuals recognize government authority but facilitate or engage in acts of violence due to their perception that the United States Government is tyrannical and oppressive, coupled to their belief that the government needs to be violently resisted or overthrown. Historically, spikes in violence have followed high-profile confrontations involving the United States Government, such as Ruby Ridge and Waco. The April 20 14 Bunkerville, Nevada standoff likely represents a similar event that could inspire further violence.
The FBI San Antonio Division recently reported that groups of young individuals in Texas, and possibly other states, were attempting to elicit information regarding residences of firefighters, military personnel, police officers, etc. The subjects knocked on neighborhood doors, telling residents they worked for an organization that helps young people with public speaking by sending them out to contact random people at their homes and ask about their professions. The youths reportedly received points based on the professions they located, with the potential of winning a college scholarship and a large sum of money. Police officer had the highest point value.
Humming bird and Marilyn Monroe tattoos may have a nexus to the Mexican Mafia, while “G Shields” (Aztec warrior shields) and mariposas (butterflies) may be decreasing in popularity. As certain tattoos sported by Mexican Mafia members and supporters become mainstream, and because California Department of Corrections is known to use certain tattoos as validation points, Mexican Mafia members may introduce new tattoos to make it difficult for law enforcement and correctional officers to identify membership or affiliation with the group. Tattoos are also increasingly disguised within other tattoos, which can make them more difficult to easily identify.
The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS/OCIA) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Sector Resilience Reports to improve partner understanding of the interdependencies and resilience of certain sectors. Specifically, this report provides a brief overview of the electric power system, and analysis of key electric power system dependencies and interdependencies. Additionally, this product includes an assessment of, and best practices for, improving community, system, and facility resilience. This Sector Resilience Report was produced to complement other sector-specific guidance, analysis, and scholarly papers on infrastructure resilience by applying data obtained from DHS site visits and assessments analyzing the resilience of critical infrastructure assets and systems.
(U//FOUO) DHS-FBI-NCTC Bulletin: Medical Treatment Presents Opportunity for Discovery of Violent Extremist Activities
Efforts to gain expertise with explosive, incendiary, and chemical/biological devices may lead to injuries and emergency treatment, which may provide potential indicators of violent extremist activities to responding emergency medical service (EMS) personnel. Scene size-up and patient assessment provide first responders the opportunity to view both the scene and any patient injuries. EMS personnel and other first responders should consider the totality of information gleaned through direct observation and the statements of patients, witnesses, and bystanders to evaluate whether an injury is a genuine accident or related to violent extremist activity.
We analyzed these locations to determine the factors pushing child migration to the US Border. We assess these reasons vary regionally. For example, many Guatemalan children come from rural areas, indicating they are probably seeking economic opportunities in the US. Salvadoran and Honduran children, on the other hand, come from extremely violent regions where they probably perceive the risk of traveling alone to the US preferable to remaining at home. This violence, combined with poor economies and other secondary factors will make stemming the flow of UACs to the US a very complex issue to address.
(U//FOUO) Utah Fusion Center Bulletin: New Ransomware “CryptoWall” Rapidly Infecting Systems Across the U.S.
First responders, such as law enforcement, emergency medical services (EMS), and firefighters, often arrive at incidents completely focused on the emergency at hand. Whether it is a fire, a chest pain complaint, or a vehicular accident, the first responders prepare for certain events to take place during emergency situations and personal safety is a priority throughout the response. Unfortunately, in the past few years there are have been several occurrences where first responders became the victims of ambushes while performing their duties to protect citizens and save lives.
Over the last week there have been three attacks – one in Canada and two in the United States – in which law enforcement officers were targeted, leading to the death of five officers and one civilian. Based upon reporting it appears all the suspects in these incidents were motivated by elements of a far right anti-government ideology with a particular fixation on law enforcement. While it is unknown whether this spike is indicative of a long term increasing trend, it is significant from a near term perspective due to the short time frame and purposeful targeting of law enforcement.
Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.
Incidents involving the theft of fuel (gasoline, diesel, kerosene, ethanol, etc.) from fuel storage tanks have been reported across the United States. Fuel theft has significant health and safety implications, including risk for spills, fires, and explosions. Fuel thieves typically do not adhere to security standards or practices, and may inadvertently expose fuel to a hot engine, lit cigarette, or ignition source. First responders and other maintenance personnel also may be exposed to fuels through skin contact or inhalation routes during recovery and/or cleanup operations, which can result in potential health effects.
(U//FOUO) Colorado Information Analysis Center Bulletin: Vulnerabilities in Knox-Box Key Entry Systems
The Knox-Box® rapid entry system is an access control system utilized by public safety agencies. This system allows facilities to securely store entry keys or cards on site for first responders. First responders utilize a master key that unlocks all Knox boxes within their jurisdiction. Currently there are over 3.5 million Knox-Box rapid entry systems in use nationwide and over 11,500 fire departments in North America that use the Knox-Box rapid entry system. In one Colorado fire district there are over 4,000 Knox-Box systems in use within the local, state, and federal government which includes; energy, water, postal, emergency services, defense, transportation, and communication sectors. Unauthorized access to the system would allow individuals to bypass physical security measures at the site. The unauthorized individuals would also be able to duplicate keys, or remove entry keys or cards which would delay first responders.