Cybersecurity and Infrastructure Security Agency Mail-In Voting in 2020 Infrastructure Risk Assessment

All forms of voting – in this case mail-in voting – bring a variety of cyber and infrastructure risks. Risks to mail-in voting can be managed through various policies, procedures, and controls.
The outbound and inbound processing of mail-in ballots introduces additional infrastructure and technology, which increases the potential scalability of cyber attacks. Implementation of mail-in voting infrastructure and processes within a compressed timeline may also introduce new risk. To address this risk, election officials should focus on cyber risk management activities, including access controls and authentication best practices when implementing expanded mail-in voting.

(U//FOUO) DHS Bulletin: Russia Likely to Continue Seeking to Undermine Faith in US Electoral Process

We assess that Russia is likely to continue amplifying criticisms of vote-by-mail and shifting voting processes amidst the COVID-19 pandemic to undermine public trust in the electoral process. Decisions made by state election officials on expanding vote-by-mail and adjusting in-person voting to accommodate challenges posed by COVID-19 have become topics of public debate. This public discussion represents a target for foreign malign influence operations that seeks to undermine faith in the electoral process by spreading disinformation about the accuracy of voter data for expanded vote-by-mail, outbound/inbound mail ballot process, signature verification and cure process, modifying scale of in-person voting, and safety and health concerns at polling places, according to CISA guidance documents provided to state and local election officials.

(U//FOUO) DHS Bulletin: Some Violent Opportunists Probably Engaging in Organized Activities

We assess that some violent opportunists have become more emboldened following a series of attacks against law enforcement during the last 24 hours nationwide. This could lead to an increase in potentially lethal engagements with law enforcement officials as violent opportunists increasingly infiltrate ongoing protest activity. We also have received an increase in reports on shots fired during lawful protests nationwide—an indicator we associate with the potential for increased violence moving forward—and several uncorroborated reports of probably violent opportunists pre-staging improvised weapons at planned protest venues. Law enforcement officers continue to be the primary targets of firearm attacks, though several incidents last night involved violent opportunists shooting into crowds of protestors.

(U//FOUO) DHS Bulletin: Violent Opportunist Tactics Observed During Civil Disturbances 26-31 May

We assess that violent opportunists will continue to exploit ongoing nationwide lawful protests as a pretext to attempt to disrupt law enforcement operations; target law enforcement personnel, assets, and facilities; and damage public and private property. We have identified multiple tactics currently at play, including the use of weapons, counter-mobility, physical barriers, screening and concealment, intercepted communications, and pre-operational activities.

(U//FOUO) DHS Bulletin: Ongoing Violence, Information Narratives Nationwide Poses Continued Threat to Law Enforcement

In the last 24 hours the types of people or groups seeking to carry out violence in response to the death of George Floyd in Minneapolis has shifted in many cities. The initial violent looters and protestors were believed to be organic members of the local communities. However, domestic violent extremists are attempting to structure the protests to target specific symbols of state, local, and federal authority. We anticipate armed individuals will continue to infiltrate the protest movement. We assess with high confidence during the period of darkness from 30 to 31 May the violent protest movements will grow and DVEs and others will seek to take over government facilities and attack law enforcement.

DoD Memo: Actions to Improve Defense Support in Complex Catastrophes

In a domestic complex catastrophe, with effects that would qualitatively and quantitatively exceed those experienced to date, the demand for Defense support of civil authorities would be unprecedented. Meeting this demand would be especially challenging if a cyber attack or other disruption of the electrical power grid creates cascading failures of critical infrastructure, threatening lives and greatly complicating DoD response operations.

(U//FOUO) New Jersey Fusion Center Report: Returning to Work After COVID-19

The New Jersey Regional Operations & Intelligence Center (ROIC) conducted research regarding the process necessary for successful recovery from COVID-19. This research and subsequent analysis focused on proper return-to-work procedures for first responders, while ensuring the safety of all. Although limited data is available specifically referencing first responders, numerous international scientific studies provide best practices for determining an individual’s ability to safely resume their duties. Links for more information are provided throughout this report.

(U//FOUO) DHS Bulletin: Cybercriminals See Opportunity to Exploit Online Distance Learning Platforms and Users

Most US school districts as of 23 March 2020 are and will remain closed until the end of the academic school year or “until further notice” because of COVID-19, according to data provided by a Maryland-based online publication that provides scholastic news and analysis. This Article assumes that while pre-kindergarten through 12th grade schools, institutions of higher education, and business and trade schools are closed, many are relying on internet-enabled distance learning (eLearning) alternatives in place of traditional classroom instruction.

FBI Private Sector Report: Indicators of Fraudulent 3M Personal Protective Equipment

The FBI’s Minneapolis Division, in coordination with the Office of Private Sector (OPS), Criminal Investigative Division (CID), and 3M, prepared this LIR to make the Healthcare and Public Health Sectors aware of indicators related to fraudulent sales solicitation of 3M Personal Protective Equipment (PPE), or indicators of counterfeit 3M PPE, including N95 respirators.

(U//FOUO) DHS Bulletin: APT Actors Likely View Zoom Vulnerabilities as Opportunity to Threaten Public and Private Sector Entities

APT actors likely will identify new or use existing vulnerabilities in Zoom to compromise user devices and accounts for further exploitation of corporate networks. This judgment includes critical infrastructure entities using Zoom. We base this judgment on recent public exposure of Zoom’s numerous vulnerabilities. While vendors regularly publish patches for vulnerabilities, reports indicate there are instances in which users and organizations delay updates. The patching process is undermined by APT actors who often capitalize on delays and develop exploits based on the vulnerability and available patches.

World Health Organization-China Joint Mission on Coronavirus Disease 2019 (COVID-19) Report

The COVID-19 virus is a new pathogen that is highly contagious, can spread quickly, and must be considered capable of causing enormous health, economic and societal impacts in any setting. It is not SARS and it is not influenza. Building scenarios and strategies only on the basis of well-known pathogens risks failing to exploit all possible measures to slow transmission of the COVID-19 virus, reduce disease and save lives.

(U//FOUO) California State Warning Center Situation Cell Incident Report 2020 novel Coronavirus (2019-nCoV) February 9, 2020

Outbreaks of novel virus infections among people are always of public health concern. The risk from these outbreaks depends on characteristics of the virus, including whether and how well it spreads between people, the severity of resulting illness, and the medical or other measures available to control the impact of the virus. Investigations are ongoing to learn more, but some degree of person-to-person spread of 2019-nCoV is occurring. It is not clear yet how easily 2019-nCoV spreads from person-to-person. While CDC considers this as a serious public health concern, based on current information, the immediate health risk from 2019-nCoV to the general American public is considered low at this time.

FBI Cyber Bulletin: Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

Following last week’s US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating Pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in content management systems (CMSs) to upload defacement files.

(U//FOUO) DHS-FBI-NCTC Bulletin: Escalating Tensions Between the United States and Iran Pose Potential Threats to the Homeland

This Joint Intelligence Bulletin (JIB) is intended to assist federal, state, local, tribal, and territorial counterterrorism, cyber, and law enforcement officials, and private sector partners, to effectively deter, prevent, preempt, or respond to incidents, lethal operations, or terrorist attacks in the United States that could be conducted by or on behalf of the Government of Iran (GOI) if the GOI were to perceive actions of the United States Government (USG) as acts of war or existential threats to the Iranian regime.

(U//FOUO) TSA Vehicle Ramming Attacks Report April 2019

Based on our analysis of terrorist publications such as Rumiyah and observations of terrorism-inspired events worldwide, we believe terrorist organizations overseas have advocated conducting vehicle ramming attacks against crowds, buildings, and other vehicles, using modified or unmodified large-capacity vehicles. Such attacks could target locations where large numbers of people congregate, including sporting events, entertainment venues, shopping centers, or celebratory gatherings such as parades.

U.S. Army Doctrine Publication: Defense Support of Civil Authorities July 2019

ADP 3-28 clarifies similarities and differences between defense support of civil authorities (DSCA) and other elements of decisive action. DSCA and stability operations are similar in many ways. Both revolve around helping partners on the ground within areas of operations. Both require Army forces to provide essential services and work together with civil authorities. However, homeland operational environments differ from those overseas in terms of law, military chain of command, use of force, and inter-organizational coordination among unified action partners. This ADP helps Army leaders understand how operations in the homeland differ from operations by forces deployed forward in other theaters. It illustrates how domestic operational areas are theaters of operations with special requirements. Moreover, this ADP recognizes that DSCA is a joint mission that supports the national homeland security enterprise. The Department of Defense conducts DSCA under civilian control, based on U.S. law and national policy, and in cooperation with numerous civilian partners. National policy, in this context, often uses the word joint to include all cooperating partners, as in a joint field office led by civil authorities.

(U//FOUO) National Reconnaissance Office Acquisition Manual Change Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies

The National Reconnaissance Office (NRO) Acquisition Manual is hereby amended by adding new sub-part N4.21, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, to implement a provision of the 2019 National Defense Authorization Act prohibiting the procurement and use of covered equipment and services produced or provided by Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company.

FBI Cyber Bulletin: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication

The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security efforts. Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks.