United States

(U//FOUO) DHS Intelligence Note: Germany Christmas Market Attack Underscores Threat to Mass Gatherings and Open-Access Venues

A 25-ton commercial truck transporting steel beams from Poland to Germany plowed into crowds at a Christmas market in Berlin at about 2000 local time on 19 December, killing at least 12 people and injuring 48 others, several critically, according to media reporting citing public security officials involved in the investigation. The truck was reportedly traveling at approximately 40 miles per hour when it rammed the Christmas market stands. Police estimate the vehicle traveled 80 yards into the Christmas market before coming to a halt.

National Intelligence Council Global Trends Assessment: Paradox of Progress

We are living a paradox: The achievements of the industrial and information ages are shaping a world to come that is both more dangerous and richer with opportunity than ever before. Whether promise or peril prevails will turn on the choices of humankind. The progress of the past decades is historic—connecting people, empowering individuals, groups, and states, and lifting a billion people out of poverty in the process. But this same progress also spawned shocks like the Arab Spring, the 2008 Global Financial Crisis, and the global rise of populist, anti-establishment politics. These shocks reveal how fragile the achievements have been, underscoring deep shifts in the global landscape that portend a dark and difficult near future.

DoD Cybersecurity Discipline Implementation Plan February 2016

Inspections and incidents across the Department of Defense (DoD) reveal a need to reinforce basic cybersecurity requirements identified in policies, directives, and orders. In agreement with the Secretary of Defense, the Deputy Secretary of Defense, and the Joint Chiefs of Staff, the DoD Chief Information Officer (CIO) identified key tasks needed to ensure those requirements are achieved. The DoD Cybersecurity Campaign reinforces the need to ensure Commanders and Supervisors at all levels, including the operational level, are accountable for key tasks, including those identified in this Implementation Plan. The Campaign does not relieve a Commander’s and Supervisor’s responsibility for compliance with other cybersecurity tasks identified in policies, directives, and orders, but limits the risk assumed by one Commander or Supervisor in key areas in order to reduce the risk to all other DoD missions.

Office of the Director of National Intelligence Background Report: Assessing Russian Activities and Intentions in Recent US Elections

The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation—malicious or not—leaves a trail. US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source. In every case, they apply the same tradecraft standards described in the Analytic Process above.

U.S. National Electric Grid Security and Resilience Action Plan

The Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy, released concurrently with this National Electric Grid Security and Resilience Action Plan (Action Plan), details bilateral goals to address the vulnerabilities of the respective and shared electric grid infrastructure of the United States and Canada, not only as an energy security concern, but for reasons of national security. The implementation of the Strategy requires continued action of a nationwide network of governments, departments and agencies (agencies), and private sector partners. This Action Plan details the activities, deliverables, and timelines that will be undertaken primarily by U.S. Federal agencies for the United States to make progress toward the Strategy’s goals.

Joint United States-Canada Electric Grid Security and Resilience Strategy

This Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy addresses the vulnerabilities of the two countries’ respective and shared electric grid infrastructure, not only as an energy security concern, but for reasons of national security. This joint Strategy relies on the existing strong bilateral collaboration between the United States and Canada, and reflects a joint commitment to enhance a shared approach to risk management for the electric grid. It also articulates a common vision of the future electric grid that depends on effective and expanded collaboration among those who own, operate, protect, and rely on the electric grid. Because the electric grid is complex, vital to the functioning of modern society, and dependent on other infrastructure for its function, the United States and Canada developed the Strategy under the shared principle that security and resilience require increasingly collaborative efforts and shared approaches to risk management.

DHS-FBI Joint Analysis Report on GRIZZLY STEPPE Russian Malicious Cyber Activity

This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.

U.S. House Encryption Working Group Year-End Report 2016

The law enforcement community often refers to their challenge in this context as “going dark.” In essence, “going dark” refers to advancements in technology that leave law enforcement and the national security community unable to obtain certain forms of evidence. In recent years, it has become synonymous with the growing use of strong default encryption available to consumers that makes it increasingly difficult for law enforcement agencies to access both real-time communications and stored information. The FBI has been a leading critic of this trend, arguing that law enforcement may no longer be able “to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.” As a result, the law enforcement community has historically advocated for legislation to “ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to keep America safe.”

U.S. House Permanent Select Committee on Intelligence Declassified Report on Snowden Disclosures

In June 2013, former National Security Agency (NSA) contractor Edward Snowden perpetrated the largest and most damaging public release of classified information in U.S. intelligence history. In August 2014, the Chairman and Ranking Member of the House Permanent Select Committee on Intelligence (HPSCI) directed Committee staff to carry out a comprehensive review of the unauthorized disclosures. The aim of the review was to allow the Committee to explain to other Members of Congress–and, where possible, the American people–how this breach occurred, what the U.S. Government knows about the man who committed it, and whether the security shortfalls it highlighted had been remedied.

House Oversight Committee Report on Law Enforcement Use of Cell-Site Simulation Technologies

Advances in emerging surveillance technologies like cell-site simulators – devices which transform a cell phone into a real-time tracking device – require careful evaluation to ensure their use is consistent with the protections afforded under the First and Fourth Amendments to the U.S. Constitution. The United States’ military and intelligence agencies have developed robust and sophisticated surveillance technologies for deployment in defense against threats from foreign actors. These technologies are essential to keeping America safe. Increasingly though, domestic law enforcement at the federal, state, and local levels are using surveillance technologies in their every-day crime-fighting activities. In the case of cell-site simulators, this technology is being used to investigate a wide range of criminal activity, from human trafficking to narcotics trafficking, as well as kidnapping, and to assist in the apprehension of dangerous and violent fugitives.

U.S. Army Special Operations Command Study: Legal Implications of the Status of Persons in Resistance

The purpose of this study is to provide a synthesis of the prevailing issues and analysis concerning the legal status of persons in resistance. This document refers broadly to resistance and those involved in it, meaning those individuals comprising the resistance element, US personnel supporting or countering the resistance, and the standing government. In alignment with this focus, the document explores the status of personnel particularly in foreign internal defense (FID), counterinsurgency (COIN), and unconventional warfare (UW) operations. When originally conceived, this manuscript was to be an updated volume of the 1961 American University Special Operations Research Office (SORO) study, The Legal Status of Participants in Unconventional Warfare. The National Security Analysis Department (NSAD) of the Johns Hopkins University Applied Physics Laboratory (JHU/APL) was asked by the US Army Special Operations Command (USASOC), G-3X Special Programs Division, to review and analyze the historical use of international law, the law of land warfare, and applicable international conventions and update the SORO study accordingly and also include unique legal considerations regarding the status of irregular forces. Because many aspects of both law and policy have changed since the 1961 publication, particularly within the context of US involvement in Afghanistan and Iraq, USASOC requested that this manuscript be a new document to account for these changes, highlight key legal questions, and position these questions within the context of hypothetical scenarios and historical examples.

Joint Operating Environment 2035: The Joint Force in a Contested and Disordered World

The Joint Operating Environment 2035 (JOE 2035) is designed to encourage the purposeful preparation of the Joint Force to effectively protect the United States, its interests, and its allies in 2035. For the Joint Force, thinking through the most important conditions in a changing world can mean the difference between victory and defeat, success and failure, and the needless expenditure of human lives and national treasure versus the judicious and prudent application of both to defend our vital interests.

Joint Staff Strategic Multi-Layer Assessment on Bio-Psycho-Social Applications to Cognitive Engagement

The underlying concept of this paper is how bio-psycho-social approaches to cognitive engagement, described in greater depth by DeGennaro, may be put to use to collect, analyze, and/or apply information to meet a tactical, operational, or strategic end. This White Paper will focus on the proverbial “rubber meets the road” approaches of behavioral operations in the human domain where the former is “the study of attributes of human behavior and cognition that impact the design, management, and improvement of operating systems, and the study of the interaction between such attributes and operating systems and processes” and the latter is “the presence, activities (including transactions both physical and virtual), culture, social structure/organization, networks and relationships, motivation, intent, vulnerabilities, and capabilities of humans (single or groups) across all domains of the operational environment (Space, Air, Maritime, Ground, and Cyber).” Information Operations (IO) doctrine defines the cognitive domain as the component of the information environment (IE) that encompasses the gray matter of those who transmit, receive, and act upon information. Cognitive operations such as information processing, perception, judgment, and decision-making are the most vital aspect of the IE. Cognition is influenced by individual and cultural beliefs, norms, vulnerabilities, motivations, emotions, experiences, morals, education, mental health, identities, and ideologies and thus requires research and analysis methods from the bio-psycho-social sciences to understand and manipulate. When, how, and most importantly why to apply that understanding to US advantage at the tactical, operational, and strategic level is the focus of this effort.

FBI Cyber Bulletin: APT Targeting U.S. Private Sector, Government Networks Using Presidential Election Lures

Likely Advanced Persistent Threat (APT) cyber actors have targeted US private sector and government networks since August 2016 with spear phishing campaigns, using newly identified exploits contained within lures related to foreign affairs and the recent US presidential election. The FBI analyzed malicious Microsoft Office documents, a zip archive, a first-stage downloader, a second-stage in-memory-only PNG wrapped malware, and a BAT-initiated PowerShell script associated with the campaigns. This FLASH provides rules and signatures to assist in network defense efforts.

(U//FOUO) DHS, Fusion Centers Reference Aid: Malicious Terrorism Hoaxes Likely to Endure, Strain State and Local First Responder Resources

This Reference Aid is intended to provide information on malicious terrorism hoaxes that will continue to challenge first responder resources throughout the Homeland and territories. This Reference Aid is provided by I&A, DIAC, NCRIC, NVRIC, and NJ-ROIC to support their respective activities, to provide situational awareness, and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and first responders with recognizing the indicators and implications of malicious terrorism hoaxes. The use of hoax calls may also be used as a technique to lure authorities to a particular location for the purpose of conducting a potential attack, but is not discussed in this article, as luring is viewed as its own distinct tactic.

(U//LES) U.S. Bomb Data Center Report: Attacks on Houses of Worship 2011-2015

This report serves to present information and analysis associated with fire, arson, and bombing incidents at houses of worship (HOWs) occurring within the United States for the past 5 years, between January 2011 through December 2015, and reported to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). In total, there were 733 fire and explosion related incidents, per ATF reporting, for all 50 States. The information contained herein does not represent all fire, arson and bombing incidents for the United States. This report only represents those incidents that have been reported to and investigated by ATF.

National Science and Technology Council Report: Preparing for the Future of Artificial Intelligence

AI has applications in many products, such as cars and aircraft, which are subject to regulation designed to protect the public from harm and ensure fairness in economic competition. How will the incorporation of AI into these products affect the relevant regulatory approaches? In general, the approach to regulation of AI-enabled products to protect public safety should be informed by assessment of the aspects of risk that the addition of AI may reduce alongside the aspects of risk that it may increase. If a risk falls within the bounds of an existing regulatory regime, moreover, the policy discussion should start by considering whether the existing regulations already adequately address the risk, or whether they need to be adapted to the addition of AI. Also, where regulatory responses to the addition of AI threaten to increase the cost of compliance, or slow the development or adoption of beneficial innovations, policymakers should consider how those responses could be adjusted to lower costs and barriers to innovation without adversely impacting safety or market fairness.

(U//FOUO) California Fusion Center: California Leads in Unauthorized UAS Encounters, Risk to Public Safety

California has had more disclosed unauthorized Unmanned Aircraft Systems (UAS) encounters than any other state between October 2015 and September 2016—accounting for 21 percent of the reported encounters nationwide—according to the Federal Aviation Administration (FAA). These encounters continue to pose a direct risk to public safety air assets.

(U//FOUO) DHS Assessment: Cyber Threats and Vulnerabilities to US Election Infrastructure

DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.