Department of Homeland Security

DHS Guide: Improving Survivability in Improvised Explosive Device and Active Shooter Incidents

DHS-SurvivingActiveShooterIEDs

Recent improvised explosive device (IED) and active shooter incidents reveal that some traditional practices of first responders need to be realigned and enhanced to improve survivability of victims and the safety of first responders caring for them. This Federal, multi-disciplinary first responder guidance translates evidence-based response strategies from the U.S. military’s vast experience in responding to and managing casualties from IED and/or active shooter incidents and from its significant investment in combat casualty care research into the civilian first responder environment. Additionally, civilian best practices and lessons learned from similar incidents, both in the United States and abroad, are incorporated into this guidance. Recommendations developed in this paper fall into three general categories: hemorrhage control, protective equipment (which includes, but is not limited to, ballistic vests, helmets, and eyewear), and response and incident management.

(U//FOUO) DHS Assessment: Future ISIL Operations in the West Could Resemble Disrupted Belgian Plot

DHS-FutureOperationsISIL

I&A assesses that the plot disrupted by Belgian authorities in January 2015 is the first instance in which a large group of terrorists possibly operating under ISIL direction has been discovered and may indicate the group has developed the capability to launch more complex operations in the West. We differentiate the complex, centrally planned plotting in Belgium from other, more-simplistic attacks by ISIL-inspired or directed individuals, which could occur with littleto no warning.

(U//FOUO/LES) DHS Report: Assessing ISIL’s lnfluence and Perceived Legitimacy in the Homeland

DHS-AssessingLegitimacyISIL

This Field Analysis Report (FAR) is designed to support awareness and inform enforcement and collection operations of federal, state, and local partners involved in homeland security and counterterrorism efforts. Some of the activities described in the FAR may be constitutionally protected activities and should be supported by additional facts to justify increased suspicion. The totality of relevant circumstances should be evaluated when considering any law enforcement response or action. Our assessment of the level of the Islamic State of Iraq and the Levant’s (ISIL) name recognition since its declaration of a caliphate in June 2014 is based on a review of suspicious activity reporting (SAR) across the United States between 1 January and 30 December 2014, criminal complaints of US persons charged with supporting or seeking to support ISIL, Bureau of Prisons (BOP) intelligence reporting, and DHS I&A open source reporting to assess the influence of ISIL’s messaging campaign within the United States and ISIL’s perceived legitimacy among homegrown violent extremists (HVEs).

DHS Privacy and Civil Liberties Assessment Report on Executive Order 13636

DHS-ExecutiveOrder13636

Section 5 of Executive Order 13636 (Executive Order) requires the DHS Chief Privacy Officer and Officer for Civil Rights and Civil Liberties to assess the privacy and civil liberties impacts of the activities the Department of Homeland Security (DHS, or Department) undertakes pursuant to the Executive Order and to provide those assessments, together with recommendations for mitigating identified privacy risks, in an annual public report. In addition, the DHS Privacy Office and the Office for Civil Rights and Civil Liberties (CRCL) are charged with coordinating and compiling the Privacy and Civil Liberties assessments conducted by Privacy and Civil Liberties officials from other Executive Branch departments and agencies with reporting responsibilities under the Executive Order.

(U//FOUO) DHS Infrastructure Protection Note: Most Significant Tactics Against the Electricity Subsector

DHS-ElectricGridAttacks

This IP Note is a joint publication of OCIA and the DHS Office of Intelligence and Analysis (I&A) Homeland Counterterrorism Division. It is intended to identify high- consequence tactics, techniques, and procedures (TTPs) used during attacks and incidents that occurred at electrical substations, facilities, and associated electrical infrastructure from 2002 to 2013. The incidents identified in this report have no known nexus to terrorism.

(U//FOUO) DHS-DOT-EPA Crude Oil Transport by Rail Preparedness Initiatives Guide

DHS-DOT-EPA-CrudeTransportPreparedness

Domestic rail shipments of crude oil grew from 9,500 train car loads in 2008 to 435,560 loads in 2013—an increase of nearly 4,500 percent. The growth in shipment volume has increased the threat of spills, explosions, and other effects associated with a train derailment or crash. Recent incidents in Lac Mégantic, Quebec, Lynchburg, Virginia, Mount Carbon, West Virginia, and Galena, Illinois demonstrate the consequences of crude by rail incidents on surrounding communities and natural environments.

(U//FOUO) DHS-FBI Bulletin: Twenty Years After Oklahoma City Bombing, Domestic Extremism Remains a Persistent Threat

DHS-FBI-DomesticExtremistThreat

This Joint Intelligence Bulletin (JIB) prepared by the FBI and DHS is intended to provide law enforcement with a summary of significant domestic extremist incidents occurring during the previous 15 months. This product highlights the breadth and frequency of current domestic extremist threats against Homeland targets, and places them in the context of the 20th anniversary of the1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma. This information is provided to support the activities of the FBI and DHS and to assist other federal, state, local, tribal, and territorial counterterrorism and law enforcement officials and private sector security officials in identifying existing or emerging threats to homeland security.

DHS Acquisition of License Plate Reader Data from a Commercial Service Privacy Impact Assessment

DHS-CommercialLPR

U.S. Immigration and Customs Enforcement (ICE) uses information obtained from license plate readers (LPR) as one investigatory tool in support of its criminal investigations and civil immigration enforcement actions. Because LPR information can be combined with other data to identify individuals and therefore meets the definition of personally identifiable information (PII), ICE is conducting this Privacy Impact Assessment (PIA) to describe how it intends to procure the services of a commercial vendor of LPR information in order to expand the availability of this information to its law enforcement personnel. ICE is neither seeking to build nor contribute to a national public or private LPR database.

National Strategy for the National Network of Fusion Centers 2014-2017

NationalFusionCenterStrategy-2014-2017

The vision of the 2014–2017 National Strategy is to connect the geographic and public safety diversity of over 38,000 states, counties, cities, and towns together in a way that creates a national information sharing asset that is coordinated with and contributes to federal information sharing efforts. Federal efforts to connect the knowledge and capabilities of the Intelligence Community (IC) often involve state and local law enforcement joining federal efforts. The NNFC is the reversal and broadening of this framework, inviting federal partners to join state and local public safety information sharing efforts. In carrying out this strategy, IC professionals have an opportunity and avenue to bring their knowledge and capabilities to state and major urban area fusion centers, designated by governors and staffed by state and local professionals. As a unique national asset, this state and local network must work seamlessly with field-based intelligence and information sharing entities, providing geographic and interdisciplinary knowledge and perspective without interrupting or replicating federal efforts. The 2014–2017 National Strategy integrates with other criminal intelligence sharing efforts supported by the Criminal Intelligence Coordinating Council.

(U//FOUO) DHS-FBI Bulletin: ISIL Social Media Messaging Resonating with Western Youth

DHS-FBI-SocialMediaISIL

This Joint Intelligence Bulletin (JIB) is intended to provide information on a continuing trend of Western youth being inspired by Islamic State of Iraq and the Levant (ISIL) messaging via social media to travel to Syria to participate in the conflict. This JIB is provided to support the activities of FBI and DHS to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks in the United States.

(U//FOUO) Virginia Fusion Center Bulletin: Malicious Activists May Promote Harm to Emergency Vehicles

VFC-ViolentProtesters

The Virginia Fusion Center (VFC) has observed via open sources that actors affiliated with the Anonymous hacktivist movement released a video which purportedly identifies a Chicago Office of Emergency Management and Communications (OEMC) vehicle as a tool for law enforcement wiretapping efforts by police and fusion center personnel in Chicago, Illinois. The VFC is sharing this information for situational awareness, as emergency management vehicles operating near protest areas may be targeted by precipitating violent or malicious activity.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorists Encouraging Use of Propane Cylinders as IEDs

DhS-FBI-NCTC-PropaneIEDs

Since the May 2010 publication of the Roll Call Release “Terrorist Use of Propane Cylinders,” terrorists have continued to advocate the use of propane cylinders in building improvised explosive devices (IEDs). Throughout 2014, al-Qa‘ida-inspired violent extremists posted on the Internet English-language instructions for building and using propane IEDs and encouraged attacks in the United States. The posts recommended military, commercial, and financial sector targets, major metropolitan areas, and mass gatherings.

(U//FOUO) DHS Intelligence Assessment: Sovereign Citizen Extremist Ideology Driving Violence

DHS-SovereignCitizenIdeology

This Assessment is based on an I&A review of 24 law enforcement investigations into acts and threats of sovereign citizen extremist (SCE) violence since 2010, detailing locations, targets of violence, and their statements about the violence, when available. It is intended to inform law enforcement at the federal, state, and local levels about the nature and circumstances of SCE violence to help officers prepare for, anticipate, and ultimately avoid violent incidents. Most sovereign citizens are non-violent, and this assessment applies only to those that use violence to advance their goals.

(U//FOUO) DHS Intelligence Assessment: Malicious Cyber Actors Target US Universities and Colleges

DHS-UniversityCyberThreats

Malicious cyber actors have targeted US universities and colleges with typical cybercrime activities, such as spear phishing students and faculty with university-themed messages, creating fake university websites, and infecting computers with malicious software, likely in an attempt to gain access to student and faculty e-mail and bank accounts. We have no indication that cybercriminals target university systems and users more than any other cybercrime victims.

DHS NCCIC Report on Assessing Risks of Your Digital Footprint

NCCIC-DigitalFootprint

To facilitate efficiency and effectiveness on a global scale, massive amounts of data are stored and processed in systems comprised of hardware and software. Each digital transaction or interaction we make creates a digital footprint of our lives. Too often, we don’t take the time to assess not only the size of our digital footprint, but what risks are involved in some of the choices we make. Our data lives in our social media profiles, mobile devices, payment accounts, health records, and employer databases among other places. The loss or compromise of that data can result in an array of impacts from identity theft to financial penalties, fines, and even consumer loyalty and confidence. This results in both a shared risk and therefore shared responsibility for individuals, businesses, organizations and governments. The following product is intended to facilitate awareness of one’s digital footprint as well as offer suggestions for a unified approach to securing that data. This is not an all-encompassing product, but rather offers discussion points for all that hold a stake in the security of our data.

DHS Geospatial Concept of Operations (GeoCONOPS) Version 6

DHS-GeoCONOPS-6

This Homeland Security (HLS) Geospatial Concept of Operations (GeoCONOPS) has been developed as a strategic starting point for understanding how the coordination of Homeland Security and Homeland Defense (HD) geospatial activities can be improved at the federal level. The intended audience for this document is the full geospatial community supporting the missions of the federal government under the National Response Framework (NRF) and Presidential Policy Directive 8 (PPD-8). This includes the stakeholders and actors representing the Emergency Support Functions (ESFs), the Joint Field Offices (JFO), Federal Operations Centers, the disaster preparedness exercise and evaluation community, and those involved in other NRF missions. Individuals representing these groups and activities have been extensively engaged in providing input for this document.

(U//FOUO) Colorado Fusion Center Bulletin: Law Enforcement Officers Should Minimize or Eliminate Social Media Footprint

CIAC-SocialMediaAwareness

The Colorado Information Analysis Center (CIAC) is disseminating this awareness bulletin to help law enforcement officers and military personnel to minimize their social media footprint and protect their identity and family. Recent calls for attacks against law enforcement officers by foreign terrorist organizations and recent reports released by the U.S. Senate Select Intelligence Committee’s report on the CIA’s Detention Interrogation Program may exacerbate tensions or even spark violence against officers, intelligence personnel, government officials, and their families. This awareness bulletin seeks to make general recommendations to limit an individual’s digital footprint and diminish a violent actor’s targeting capability.

DHS National Cybersecurity and Communications Integration Center: Suspicious “Invoic” Email Sent to Government Personnel

NCCIC-SuspiciousEmails

On 15 October 2014, a phishing email was dispersed to a wide variety of government employees. NCCIC has also received a number of reports indicating that members within the Education Sector and Financial Sector; International, State, Local, and Tribal organizations have also received similar email messages. The email suggested that the recipient had an unpaid debt and the attachment was an invoice showing the debt information. The subject line reads “UNPAID INVOIC” and the content simply instructs recipients to open the attachment which is a PDF file that is believed to be malicious. Rather than installing malware files from the PDF file itself, it appears to use embedded JavaScript within the file to redirect victims to a malicious website where additional malware can be installed.

(U//FOUO) DHS Intelligence Assessment: Potential Tactics and Targets in ISIL-Linked Western Attacks

DHS-ISIL-AttackTactics

This Assessment highlights the tactics, targets, and tradecraft that potentially could be used in the Homeland by individuals associated with or inspired by the Islamic State of Iraq and the Levant (ISIL); we do not address the likelihood of an attack against the United States by the group. This Assessment is intended to support the activities of DHS to assist federal, state, and local government counterterrorism and law enforcement officials, first responders, and private sector security partners in effectively deterring, preventing, preempting, or responding to terrorist attacks against the United States.

(U//FOUO) DHS Sensitive Compartmented Information Facility (SCIF) Construction Standards

DHS-SCIF-Standards

This handbook contains standard security designs and procedures common to Sensitive Compartmented Facilities (SCIF) and physical security construction standard and established by the Director National Intelligence (DNI) for protection of classified intelligence information. Users should refer to Director of Central Intelligence Directives (DCIDS) and other documents cited under Authorities for guidance on specific security functions.

(U//FOUO) CFIX Bulletin: Jihadist Propaganda Provides Guidance for Attacks on Law Enforcement

CFIX-LoneJihadistAttacks

Propaganda providing guidance and/or encouraging “individual jihad” or small cell operations against the West continues to be a prevalent theme in jihadist messaging. This bulletin was created by the CFIX in order to address recent propaganda from the Islamic State and its supporters which provides guidance on targeting law enforcement officers. The CFIX bases its analysis in this bulletin from open source reporting and internet postings with varying degrees of reliability, especially in regards to the true intention and capabilities of terrorist organizations and their supporters. This information is intended to support local, state and federal government agencies along with other entities in developing / prioritizing protective and support measures relating to an existing or emerging threat to homeland security.

(U//FOUO) Central Florida Information Exchange Brief: Ebola Guidance for Law Enforcement

CFIX-EbolaGuidance

The purpose of this brief is to provide law enforcement, first responders, corrections officers, and other personnel who interact with the general public, with guidance and protective measures when coming in contact with individuals demonstrating symptoms of the Ebola Virus Disease (EVD). Personnel who become familiar with the identification of possible exposure, proper response protocols and protective measures will be better prepared to respond, secure, transport and decontaminate to prevent further spread of this deadly disease.