(U//FOUO) FBI Counterintelligence Vulnerability Assessment for Corporate America

FBI-CorporateAmericaCI

To prevent foreign entities from achieving their goals, a Counterintelligence Program (CIP) proactively searches for and uses information from multiple sources. An effective CIP draws information from security programs and other internal systems, as well as from the U.S. Intelligence Community (USIC). Once this information is assembled, an effective CIP develops a coherent picture and crafts a strategy to prevent the foreign entity from successfully achieving its goals and minimizes the damage already done. An effective CIP conducts active analysis of available information, requires annual CI education for all employees, and provides a system for immediate referral of behavior with CI implications.

U.S. Navy Arctic Roadmap 2014-2030

USNavy-ArcticRoadmap

This Roadmap outlines the Navy’s strategic approach for the Arctic Region and the ways and means to achieve the desired national end state. Resource constraints and competing near-term mission demands require that naval investments be informed, focused, and deliberate. Proactive planning today allows the Navy to prepare its forces for Arctic Region operations. This Roadmap emphasizes low-cost, long-lead activities that position the Navy to meet future demands. In the near to mid-term, the Navy will concentrate on improving operational capabilities, expertise, and capacity, extending reach, and will leverage interagency and international partners to achieve its strategic objectives. The Roadmap recognizes the need to guide investments by prudently balancing regional requirements with national goals.

(U//FOUO) DoD Strategy for Defense Critical Infrastructure

DoD-StrategyDCI

The United States currently faces a dynamic, flexible, and very pragmatic adversary. Due to the unconventional nature of the terrorist threat and the asymmetrical tactics demonstrated both at home and abroad by our enemies, we can no longer expect the protection formerly provided by the oceans bordering our coasts to serve as an effective deterrent to attack. The attacks of September 11, 2001, and other events demonstrated that an act of terrorism can cause worldwide infrastructure asset disruption. In the past decade, hurricanes or other violent storms have also revealed that our infrastructure assets are at risk from destruction, degradation, or disruption by natural events. Given scarce resources, this Strategy’s objectives must be balanced against other priorities outlined in the National Defense Strategy.

DoD Instruction: The Use of the National Guard for Defense Support of Civil Authorities

DoD-NationalGuardDSCA

This instruction establishes policy, assigns responsibilities, and provides procedures for the use of the National Guard for Defense Support of Civil Authorities (DSCA) in accordance with the authority in section 502(f) of Title 32, United States Code (U.S.C.) (Reference (a)), DoD Directive (DoDD) 5111.1 (Reference (b)), and Deputy Secretary of Defense Memorandum (Reference (c)); the responsibilities and functions in accordance with DoDD 5111.13 (Reference (d)); and the guidance in DoDD 3025.18 (Reference (e)).

Oakland Domain Awareness Center Draft Privacy and Data Retention Policy

Oakland-DAC-DraftPrivacyPolicy

The Joint City-Port Domain Awareness Center (interchangeably referred to in this document as “Joint City-Port Domain Awareness Center”, “Domain Awareness Center,” or “DAC”) was first proposed to the City Council’s Public Safety Committee on June 18, 2009, in an information report regarding the City of Oakland partnering with the Port of Oakland to apply for Port Security Grant funding under the American Recovery and Reinvestment Act, 2009. Under this grant program, funding was available for Maritime Domain Awareness (MDA) projects relative to “maritime” or “waterside”. The Port and City were encouraged to consider the development of a joint City Port Domain Awareness Center. The joint DAC would create a center that would bring together the technology, systems and processes that would provide for an effective understanding of anything associated with the City of Oakland boundaries as well as the Oakland maritime operations that could impact the security, safety, economy or environment.

(U//FOUO) DHS Infrastructure Protection Report: Higher Education Institutions

DHS-HigherEducationInstitutions

The higher education community in the United States consists of more than 11,000 higher education institutions that collectively serve more than 17 million students, employ more than 3.4 million faculty and staff, and have combined budgets approaching $360 billion. Higher education institutions range in size from small institutions with fewer than 100 students to large universities with tens of thousands of students and faculty occupying campuses the size of a small town or city. Institution grounds are generally open-access, with varying levels of security within the campus.

(U//FOUO) Joint Center for International Security Force Assistance Guide: Roles and Functions of Senior Advisors

JCISFA-SeniorAdvisors

When advising and assisting partner nation security ministries and their institutions, the U.S. Department of Defense (DoD) leverages the knowledge, skills, and abilities (KSA) from a combination of senior uniformed and civilian personnel, to include contractors to carryout development in a broad range of partner nation ministries and institutional requirements.

U.S. Army Cyber Electromagnetic Activities (CEMA) Manual

USArmy-CEMA

FM 3-38, Cyber Electromagnetic Activities, provides overarching doctrinal guidance and direction for conducting cyber electromagnetic activities (CEMA). This manual describes the importance of cyberspace and the electromagnetic spectrum (EMS) to Army forces and provides the tactics and procedures commanders and staffs use in planning, integrating, and synchronizing CEMA. This manual provides the information necessary for Army forces to conduct CEMA that enable them to shape their operational environment and conduct unified land operations. It provides enough guidance for commanders and their staffs to develop innovative approaches to seize, retain, and exploit advantages throughout an operational environment. CEMA enable the Army to achieve desired effects in support of the commander’s objectives and intent.

(U//FOUO) DHS-FBI-NCTC Bulletin: Building Security Measures May Hinder Emergency Response Efforts

DHS-FBI-NCTC-SecurityMeasuresResponse

Facility security measures, such as interior control points or exterior barriers, may require first responders to adjust normal protocols and procedures to operate rapidly during emergencies. The timeline below is an overview of attacks and plots against US-based facilities with varying levels of security. The diversity of tactics and targets used underscores the need for interagency exercises and training that incorporates multiple scenarios to account for building security measures likely to be encountered.

Information Sharing Environment Strategic Implementation Plan for the National Strategy for Information Sharing and Safeguarding

ISE-InformationSharingPlan

In December 2012 the President signed the National Strategy for Information Sharing and Safeguarding (Strategy) which is anchored on the 2010 National Security Strategy and builds upon the 2007 National Strategy for Information Sharing. The Strategy provides guidance for more effective integration and implementation of policies, processes, standards, and technologies to promote secure and responsible national security information sharing. This document provides a higher-level overview of a longer, more detailed implementation plan for the Strategy, and is intended to assist in briefing senior policy makers on plans, progress, and performance related to achieving the vision of the NSISS.

(U//FOUO) DHS-FBI-NCTC Bulletin: Extortion Schemes Use Telephony-Based Denial-of-Service Attacks

DHS-FBI-NCTC-TDoSExtortion

Since at least January 2012, criminals are using telephony-based denial-of-service (TDoS) combined with extortion scams to phone an employee’s office and demand the employee repay an alleged loan. If the victim does not comply, the criminals initiate TDoS attacks against the employer’s phone numbers. TDoS uses automated calling programs—similar to those used by telemarketers—to prevent victims from making or receiving calls.

(U//FOUO) Kansas Intelligence Fusion Center Nairobi Westgate Mall Attack Lessons Learned

KIFC-WestgateAttack

On Saturday, September 21, 2013, members of Al Shabaab, a Somali based Islamic terrorist organization affiliated with the international Al Qaeda network, executed a complex terrorist attack on an upscale shopping mall in Nairobi, Kenya. The attackers simultaneously entered the mall from two different entrances, shooting shoppers with assault rifles and throwing hand grenades. The terrorists remained in the mall, engaging government security forces for the next four days, resulting in a major fire and partial collapse of the mall. The Kenyan government has officially reported 72 deaths and more than 200 injured as a result of the attack. A significant number of those killed and injured were foreign citizens, including 6 U.S. citizens who were injured in the attack.

U.N. Assistance Mission in Afghanistan (UNAMA) Protection of Civilians in Armed Conflict 2013 Annual Report

UNAMA-CivilianDeaths2013

Armed conflict in Afghanistan took an unrelenting toll on Afghan civilians in 2013. The United Nations Assistance Mission in Afghanistan (UNAMA) documented 8,615 civilian casualties (2,959 civilian deaths and 5,656 injured) in 2013, marking a seven percent increase in deaths, 17 percent increase in injured, and a 14 percent increase in total civilian casualties compared to 2012.

Google Inferring Events Based on Mob Source Video Patent

GoogleMobVideoPatent

Methods and systems are disclosed for inferring that an event of interest (e.g., a public gathering, a performance, an accident, etc.) has likely occurred. In particular, when there are at least a given number of video clips with similar timestamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.).

(U//LES) Virginia Fusion Center Bulletin: TOR, Bitcoins, Silk Road and the Hidden Internet

VFC-Tor

The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements. While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.

Privacy and Civil Liberties Oversight Board NSA Bulk Telephone Records Collection Report

PCLOB-Report

Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith to vigorously pursue the government’s counterterrorism mission and appreciates the government’s efforts to bring the program under the oversight of the FISA court, the Board concludes that Section 215 does not provide an adequate legal basis to support the program. There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.

Oakland Police Department Urban Shield 2013 Protest Documentation

OPD-UrbanShield-2013-2_Page_01

The following documents were obtained via a public records request made by members of Occupy Oakland. The documents concern the Oakland Police Department response to protests against the 2013 Urban Shield homeland security exercise held in Alameda County. Urban Shield is an annual exercise series that features nearly fifty different training scenarios for law enforcement ranging from terrorist attacks conducted by “homegrown extremists” to hostage situations, fires and even natural disasters. The 2013 Urban Shield exercise involved dozens of federal, state and local law enforcement organizations, representatives of foreign countries such as Switzerland, Brazil, Bahrain, Jordan, as well as more than a dozen corporations including FedEx, Cisco Systems and Verizon Wireless. The documents are heavily redacted and include an operations plan, a presentation on Occupy Oakland, arrest reports and other miscellaneous documentation related to the protests.