A map of Department of Homeland Security protective security advisors (PSA) around the country from March 2012.
DHS National Operations Center Operations Counterterrorism Desk (NCOD) Database Privacy Impact Assessment
The National Operations Center (NOC), within the Office of Operations Coordination and Planning (OPS), operates the NOC Counterterrorism Operations Desk (NCOD) and serves as the primary DHS point of contact to streamline counterterrorism Requests for Information (RFIs). The NCOD Database is a tracking tool used by NCOD Officers to track all counterterrorism related incoming and outgoing inquiries. OPS has conducted this Privacy Impact Assessment (PIA) because the NCOD Database contains personally identifiable information (PII).
DHS National Protection and Programs Directorate Protective Security Advisors and Special Event Domestic Incident Tracker Overview presented at the FEMA National Preparedness Symposium on August 8, 2012.
Security guards at large facilities, such as airports, monitor multiple screens that display images from individual surveillance cameras dispersed throughout the facility. If a guard zooms with a particular camera, he may lose image resolution, along with perspective on the surrounding area. Embodiments of the inventive Imaging System for Immersive Surveillance (ISIS) solve these problems by combining multiple cameras in one device. When properly mounted, example ISIS systems offer up to 360-degree, 240-megapixel views on a single screen. (Other fields of view and resolutions are also possible.) Image-stitching software merges multiple video feeds into one scene. The system also allows operators to tag and follow targets, and can monitor restricted areas and sound an alert when intruders breach them.
Terrorists may attempt to breach secured perimeters or gain unauthorized access to facilities, sensitive locations, or restricted areas for preoperational activity or to conduct an attack. Timothy McVeigh breached a locked storage shed at a Kansas rock quarry with a battery-operated drill and stole explosives that were later used in the 1995 Oklahoma City bombing. Attempts at intrusion could take the form of trespassing, forced entry, or impersonation of authorized personnel and could possibly involve the assistance of knowledgeable ‘insiders.”
Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.
DHS Infrastructure Protection Note: Performance Venues – Indicators of Violence and Protective Measures
Performance venues include theaters, concert halls, auditoriums, and amphitheaters, ranging in size and function from small neighborhood movie theaters or community playhouses to high-capacity venues in major metropolitan areas. Performance venues are relatively open-access, limited egress facilities and have been successfully targeted in the past.
The objective of this project is to create and manage a comprehensive dataset of groups and movements that have used terrorist tactics within the United States – at some point between 1970 and 2007 – to achieve political, religious, social or economic goals. These data will be integrated into the Terrorist and Extremist Violence in the United States (TEVUS) database in the near future as part of the larger Integrating U.S. Security Databases (IUSSD) project.
Cold packs, packaged and sold commercially, contain chemicals—usually 30 to 85 grams of ammonium nitrate or urea—that, when extracted in sufficient quantity, can be used as precursors for improvised explosives. The chemicals are packaged in prill form, and can be used directly or ground into powder when being used in homemade explosive production. Five hundred packs would yield 30 to 90 pounds of precursor material for use in an improvised explosive device (IED).
The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”
Terrorist or criminals may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees, and their associates. Persistent, intrusive or probing questions about security, operations or other sensitive aspects of a facility by individuals with no apparent need for the information could provide early warning of a potential attack.
An early April 2012 suicide bombing of a theater in Somalia and a violent extremist communication advocating attacks on US theaters highlight terrorists’ continued interest in attacking such venues. Although we have no specific or credible information indicating that terrorists plan to attack theaters in the United States, terrorists may seek to emulate overseas attacks on theaters here in the United States because they have the potential to inflict mass casualties and cause local economic damage.
The Federal Bureau of Investigation, Department of Homeland Security and fusion centers around the country are warning that terrorists are interested in using fire as a weapon, particularly in the form of large-scale wildfires near densely populated areas. A newly released DHS report states that for more than a decade “international terrorist groups and associated individuals have expressed interest in using fire as a tactic against the Homeland to cause economic loss, fear, resource depletion, and humanitarian hardship.” The report notes that the tactical use of fire as a weapon is “inexpensive and requires limited technical expertise” and “materials needed to use fire as a weapon are common and easily obtainable, making preoperational activities difficult to detect and plot disruption and apprehension challenging for law enforcement.”
California, Colorado, Department of Homeland Security, Intelligence Fusion Centers, Nevada, New York
International terrorist groups and violent extremists have long shown interest in using fire as a weapon due to the low cost and limited technical expertise required, the potential for causing large-scale damage, and the low risk of apprehension. Recent encouragement of use of this tactic by terrorist groups and violent extremists in propaganda materials and extremist Web forums is directed at Western audiences and supports Homeland attacks.
Though the United States has been engaged in a Global War on Terror for more than a decade, the U.S. Government surprisingly does not have a standardized definition of terrorism that is agreed upon by all agencies. The State Department, Federal Bureau of Investigation and a number of other government agencies all utilize differing definitions of what constitutes an act of terrorism. This lack of agreement has allowed individual agencies to present vastly different and, in some cases, far more inclusive definitions of terrorist acts enabling the use of expanded law enforcement and investigative procedures that might not be applicable in other agencies. In fact, some agencies have presented a definition of terrorism so expansive as to include a number of activities that are not traditionally associated with terrorism or terrorist organizations.
Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches. Information systems supporting the Games, transport infrastructure, law enforcement communications, financial operations and similar will become prime targets for criminals. A collective of approximately eighty-seven UK banks exercised their ability to withstand cyber attacks last November. Olympic organizers anticipated cyber threats and began testing their cybersecurity posture during ‘technical rehearsals’ by running scenarios from their Technology Operations Center (TOC) situated on Canary Wharf. The TOC will be manned with over one hundred personnel continuously monitoring critical applications, such as the Commentator Information System, organizers’ intranet, and a telecom infrastructure encompassing 900 servers, 1,000 network and security devices, and 9,500 computers. In addition, British law enforcement organizations have been collaborating with the U.S. Secret Service and other industry experts to understand attack vectors, detection methods and mitigation strategies to combat the threat. However, the cyber implications are more expansive than localized attacks against systems and encompass globally distributed Olympic-themed malware, spam campaigns and scams.
An updated version of a 2009 “Domestic Extremism Lexicon” produced by the Department of Homeland Security’s Office of Intelligence and Analysis. The list of terms has been substantially reduced and does not include a number of controversial terms from the first version, such as “alternative media” and “direct action.”
The expanded use of wireless technology on the enterprise network of medical facilities and the wireless utilization of MDs opens up both new opportunities and new vulnerabilities to patients and medical facilities. Since wireless MDs are now connected to Medical information technology (IT) networks, IT networks are now remotely accessible through the MD. This may be a desirable development, but the communications security of MDs to protect against theft of medical information and malicious intrusion is now becoming a major concern. In addition, many HPH organizations are leveraging mobile technologies to enhance operations. The storage capacity, fast computing speeds, ease of use, and portability render mobile devices an optimal solution.
This Joint Intelligence Bulletin is intended to increase awareness and provide understanding of the nature of potentially emergent threats in response to the alleged killing of civilians by a US soldier in Afghanistan and the burning of Korans and other religious documents on a military base. This Information is provided to support the activities of FBI and DHS and to assist federal, state, local, tribal, and territorial counterterrorism and law enforcement officials and the private sector to prevent or respond to terrorist attacks against the United States.
The DHS Homeland Infrastructure Threat and Risk Analysis Center produced this threat assessment to support implementation of 6 Code of Federal Regulations Part 27, “Chemical Facility Anti-Terrorism Standards (CFATS).” This assessment describes the potential terrorist threat to the chemical and petroleum facilities regulated under CFATS and determined to be high risk by the Secretary of Homeland Security. It does not address facilities that may hold threshold quantities of the chemicals listed in CFATS that fall outside its scope, such as public water facilities or facilities regulated under the Maritime Transportation Security Act of 2002. Nor does it address the transportation of chemicals, which is regulated under other authorities. Potential terrorist tactics against such facilities—based on DHS’ knowledge of terrorist intentions and capabilities—are included to aid industry security personnel in implementing security measures at their facilities.
Improvised incendiary devices (IIDs) typically are less expensive to make than improvised explosive devices but still are capable of creating mass casualties and causing widespread fear and panic. Improvised incendiary devices (IIDs) can be constructed easily from everyday materials available at hardware and grocery stores. IIDs can be used against many types of infrastructure targets; violent extremists have used them successfully in attacks in the United States and overseas.
A manual for the Department of Homeland Security’s Media Monitoring Capability that was reportedly obtained by EPIC via a FOIA request. The manual has been slightly redacted by DHS to remove names and contact information and the URL of the Network Operations Center Media Monitoring Capability reporting website. This website has been listed in three of the four publicly available manuals as an example of a website monitored by DHS.
The Office of Infrastructure Protection (IP) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Infrastructure Protection Notes to address issues impacting the infrastructure protection community’s risk environment from terrorist threats and attacks, natural hazards, and other events. Based on the analysis within the DHS Office of Intelligence and Analysis product Evolution of the Terrorist Threat to the United States this IP Note outlines the evolution of terrorist threats and impacts to the Nation’s critical infrastructure.
(U//FOUO) DHS Mass Transit and Passenger Railroad Systems Terrorist Attack Preparedness Info Regarding a Realistic Threat
Terrorist attack tactics used against mass transit and passenger railroad systems abroad provide insights that can assist law enforcement officers in securing these critical infrastructure assets. The chart below highlights common tactics noted in attempted or successful use of explosive or incendiary devices against mass transit or passenger railroad systems in attacks conducted between March 2004 and November 2009. The information about these attacks provides insights into device type, selection, and construction and can help law enforcement identify patterns and develop protective measures. Analysis shows terrorists have timed attacks during periods of peak ridership; used multiple, coordinated, drop-and-leave devices in identical or similar baggage; and placed devices inside rail cars to cause casualties among passengers.
Social media are web-based and mobile technologies that turn communication into an interactive dialogue in a variety of online fora. It may be appropriate for the government, including DHS, to use social media for a variety of reasons. The President has challenged his Administration to use technology and tools to create a more efficient, effective, and transparent government1. DHS recognizes that the use of social media by government actors must occur with appropriate privacy, civil rights, and civil liberties protections; whether DHS is disclosing its informationand press releases via social media platforms like Twitter and Facebook, reviewing news feeds for situational awareness, or researching identified, discrete targets for legitimate investigatory purposes. Accordingly, DHS has created Department-wide standards designed to protect privacy, civil rights, and civil liberties in each category of its use.