The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), has statutory responsibility to (1) provide situational awareness and establish a common operating picture for the federal government, and for state, local, and tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other man-made disaster, and (2) ensure that critical terrorism and disaster-related information reaches government decisionmakers. Traditional media sources and, more recently, social media sources such as Twitter, Facebook, and a vast number of blogs provide public reports on breaking events with a potential nexus to homeland security. By examining open source traditional and social media information, comparing it with many other sources of information, and including it where appropriate into reports, the NOC can provide a more comprehensive picture of breaking or evolving events.
Terrorist groups, including al-Qa‘ida, and violent extremists have considered using or have possessed cyanide compounds. Cyanides probably appeal to terrorists because of their toxicity, availability, and ease of dissemination. Some of the cyanide tactics that have been considered by terrorists include mixing it with oils and lotions for use as a contact poison, contaminating food or water supplies, or by using it in an improvised chemical dispersal device.
While passenger vessels and terminals will likely remain potentially attractive targets for terrorist attacks, trends in overseas terrorist attacks and the lack of any reporting on maritime terrorist plots against the U.S.-Canada MTS suggests the threat to the majority of the system is low; violent extremists could attack U.S. and Canadian ferries and similar soft maritime targets with little or no warning.
Terrorists might use disguises, fraudulent or stolen credentials, and cloned or repurposed vehicles to gain access to restricted areas, to blend in with their surroundings when conducting surveillance, or to conceal other activities while planning or executing an attack. Anders Breivik, the gunman who was sentenced to 21 years in prison for the July 2011 attack on the Workers’ Youth League summer camp in Norway, wore a police uniform and displayed false identification to gain unauthorized access to the camp. Depending on the target, disguises might be aimed at impersonating law enforcement, emergency services, or officials of an institution who have legitimate access to secured/restricted sites.
Known or possible terrorists have displayed suspicious behaviors while staying at hotels overseas—including avoiding questions typically asked of hotel registrants; showing unusual interest in hotel security; attempting access to restricted areas; and evading hotel staff. These behaviors also could be observed in U.S. hotels, and security and law enforcement personnel should be aware of the potential indicators of terrorist activity.
The Department of Homeland Security’s production of domestic intelligence has increased substantially over the last few years according to a brochure of “intelligence products” published last month by Cryptome. The 2012 DHS Intelligence Enterprise Product Line Brochure is “a standardized catalogue of intelligence reports and products that represent the full breadth” of the agency’s analytical capabilities. It provides descriptions of each type of product created by the DHS Intelligence Enterprise as well as the classification level and instructions on how DHS “customers” can obtain the products.
The Subcommittee investigation found that DHS-assigned detailees to the fusion centers forwarded “intelligence” of uneven quality – oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism. Congress directed the Department of Homeland Security (DHS) to lead this initiative. A bipartisan investigation by the Permanent Subcommittee on Investigations has found, however, that DHS’ work with those state and local fusion centers has not produced useful intelligence to support federal counterterrorism efforts.
This Instruction applies throughout DHS regarding the access to and collection, use, maintenance, retention, disclosure, deletion, and destruction of Personally Identifiable Information (PII) in relation to operational use of social media, with the exception of operational use of social media for: (a) communications and outreach with the public authorized by the Office of Public Affairs; (b) situational awareness by the National Operations Center; (c) situational awareness by Components other than the National Operations Center, upon approval by the Chief Privacy Officer following completion of a Social Media Operational Use Template; and (d) the conduct of authorized intelligence activities carried out by the Office of Intelligence and Analysis, the intelligence and counterintelligence elements of the United States Coast Guard, or any other Component performing authorized foreign intelligence or counterintelligence functions, in accordance with the provisions of Executive Order 12333, as amended.
The Robotic Aircraft for Public Safety (RAPS) project will invite SUAS vendors to a chosen location and evaluate each system using key performance parameters under a wide variety of simulated but realistic and relevant real-world operational scenarios, such as law enforcement operations, search and rescue, and fire and hazardous material spill response. The SUAS vendors will provide technically mature, flight proven vehicles and their fully-integrated sensors for evaluation. Safety concerns will also be assessed such as the aircraft’s capability for safe flight in the event of a loss of communications between the aircraft and the ground controller.
A map of Department of Homeland Security protective security advisors (PSA) around the country from March 2012.
DHS National Operations Center Operations Counterterrorism Desk (NCOD) Database Privacy Impact Assessment
The National Operations Center (NOC), within the Office of Operations Coordination and Planning (OPS), operates the NOC Counterterrorism Operations Desk (NCOD) and serves as the primary DHS point of contact to streamline counterterrorism Requests for Information (RFIs). The NCOD Database is a tracking tool used by NCOD Officers to track all counterterrorism related incoming and outgoing inquiries. OPS has conducted this Privacy Impact Assessment (PIA) because the NCOD Database contains personally identifiable information (PII).
DHS National Protection and Programs Directorate Protective Security Advisors and Special Event Domestic Incident Tracker Overview presented at the FEMA National Preparedness Symposium on August 8, 2012.
Security guards at large facilities, such as airports, monitor multiple screens that display images from individual surveillance cameras dispersed throughout the facility. If a guard zooms with a particular camera, he may lose image resolution, along with perspective on the surrounding area. Embodiments of the inventive Imaging System for Immersive Surveillance (ISIS) solve these problems by combining multiple cameras in one device. When properly mounted, example ISIS systems offer up to 360-degree, 240-megapixel views on a single screen. (Other fields of view and resolutions are also possible.) Image-stitching software merges multiple video feeds into one scene. The system also allows operators to tag and follow targets, and can monitor restricted areas and sound an alert when intruders breach them.
Terrorists may attempt to breach secured perimeters or gain unauthorized access to facilities, sensitive locations, or restricted areas for preoperational activity or to conduct an attack. Timothy McVeigh breached a locked storage shed at a Kansas rock quarry with a battery-operated drill and stole explosives that were later used in the 1995 Oklahoma City bombing. Attempts at intrusion could take the form of trespassing, forced entry, or impersonation of authorized personnel and could possibly involve the assistance of knowledgeable ‘insiders.”
Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.
DHS Infrastructure Protection Note: Performance Venues – Indicators of Violence and Protective Measures
Performance venues include theaters, concert halls, auditoriums, and amphitheaters, ranging in size and function from small neighborhood movie theaters or community playhouses to high-capacity venues in major metropolitan areas. Performance venues are relatively open-access, limited egress facilities and have been successfully targeted in the past.
The objective of this project is to create and manage a comprehensive dataset of groups and movements that have used terrorist tactics within the United States – at some point between 1970 and 2007 – to achieve political, religious, social or economic goals. These data will be integrated into the Terrorist and Extremist Violence in the United States (TEVUS) database in the near future as part of the larger Integrating U.S. Security Databases (IUSSD) project.
Cold packs, packaged and sold commercially, contain chemicals—usually 30 to 85 grams of ammonium nitrate or urea—that, when extracted in sufficient quantity, can be used as precursors for improvised explosives. The chemicals are packaged in prill form, and can be used directly or ground into powder when being used in homemade explosive production. Five hundred packs would yield 30 to 90 pounds of precursor material for use in an improvised explosive device (IED).
The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”
Terrorist or criminals may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees, and their associates. Persistent, intrusive or probing questions about security, operations or other sensitive aspects of a facility by individuals with no apparent need for the information could provide early warning of a potential attack.
An early April 2012 suicide bombing of a theater in Somalia and a violent extremist communication advocating attacks on US theaters highlight terrorists’ continued interest in attacking such venues. Although we have no specific or credible information indicating that terrorists plan to attack theaters in the United States, terrorists may seek to emulate overseas attacks on theaters here in the United States because they have the potential to inflict mass casualties and cause local economic damage.
The Federal Bureau of Investigation, Department of Homeland Security and fusion centers around the country are warning that terrorists are interested in using fire as a weapon, particularly in the form of large-scale wildfires near densely populated areas. A newly released DHS report states that for more than a decade “international terrorist groups and associated individuals have expressed interest in using fire as a tactic against the Homeland to cause economic loss, fear, resource depletion, and humanitarian hardship.” The report notes that the tactical use of fire as a weapon is “inexpensive and requires limited technical expertise” and “materials needed to use fire as a weapon are common and easily obtainable, making preoperational activities difficult to detect and plot disruption and apprehension challenging for law enforcement.”
California, Colorado, Department of Homeland Security, Intelligence Fusion Centers, Nevada, New York
International terrorist groups and violent extremists have long shown interest in using fire as a weapon due to the low cost and limited technical expertise required, the potential for causing large-scale damage, and the low risk of apprehension. Recent encouragement of use of this tactic by terrorist groups and violent extremists in propaganda materials and extremist Web forums is directed at Western audiences and supports Homeland attacks.
Though the United States has been engaged in a Global War on Terror for more than a decade, the U.S. Government surprisingly does not have a standardized definition of terrorism that is agreed upon by all agencies. The State Department, Federal Bureau of Investigation and a number of other government agencies all utilize differing definitions of what constitutes an act of terrorism. This lack of agreement has allowed individual agencies to present vastly different and, in some cases, far more inclusive definitions of terrorist acts enabling the use of expanded law enforcement and investigative procedures that might not be applicable in other agencies. In fact, some agencies have presented a definition of terrorism so expansive as to include a number of activities that are not traditionally associated with terrorism or terrorist organizations.
Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches. Information systems supporting the Games, transport infrastructure, law enforcement communications, financial operations and similar will become prime targets for criminals. A collective of approximately eighty-seven UK banks exercised their ability to withstand cyber attacks last November. Olympic organizers anticipated cyber threats and began testing their cybersecurity posture during ‘technical rehearsals’ by running scenarios from their Technology Operations Center (TOC) situated on Canary Wharf. The TOC will be manned with over one hundred personnel continuously monitoring critical applications, such as the Commentator Information System, organizers’ intranet, and a telecom infrastructure encompassing 900 servers, 1,000 network and security devices, and 9,500 computers. In addition, British law enforcement organizations have been collaborating with the U.S. Secret Service and other industry experts to understand attack vectors, detection methods and mitigation strategies to combat the threat. However, the cyber implications are more expansive than localized attacks against systems and encompass globally distributed Olympic-themed malware, spam campaigns and scams.