Department of Homeland Security

(U//FOUO) California Cybersecurity Integration Center Advisory: Security Concerns with Kaspersky Labs Products

On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks. Last month the Senate Armed Services Committee passed a defense spending policy bill that would ban Kaspersky products from use in the military. The move came a day after the FBI interviewed several of the company’s U.S. employees at their private homes as part of a counterintelligence investigation into its operations.

DHS-FBI-NCTC Bulletin: Complex Operating Environment Food and Agriculture

Food and agriculture infrastructure is a $1 trillion industry, almost entirely under private ownership and comprises an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities. Intentional contamination of the food supply could have significant public health and economic consequences depending on the commodity, the agent used, and where in the supply chain the contaminant was added. This product provides first responders and private-sector stakeholders an awareness of the complex operating environment that may result from intentional contamination of the food supply and identifies key collaborative partners and indicators to minimize the risk of an intentional attack on the food supply.

(U//FOUO) DHS Assessment: Foreign Terrorist Organization-Inspired Vehicle-Ramming Attacks

assesses the increase in the number of vehicle-ramming attacks since January 2016 indicates Foreign Terrorist Organization (FTO) messaging efforts are probably resonating with violent extremists and will most likely continue in the near term. FTO-inspired violent extremists will probably continue to plan and engage in vehicle-ramming attacks against Western-based mass gathering and public venues since this tactic often requires minimal training, expertise, and preoperational planning. Since January 2016, eight FTO-inspired vehicle-ramming attacks have occurred in Western countries. OCIA identified three common characteristics among these attacks: targeting of public venues or mass gatherings; use of secondary weapons; and lack of observable indicators immediately before the attack.

DHS-FBI Guide: Handling Threats to Private Citizens and Locations Named Online by Violent Extremists

The fusion center has no information to indicate specific or credible threats to people whose names have been published online by violent extremists. You are being provided this advisory to assist your agency in responding to queries from members of the public or other concerned parties. This information, which often includes personally identifiable information (PII) obtained maliciously via the Internet, most likely represents aspirational threats. Its primary purpose is likely to heighten anxiety and a sense of vulnerability. It is unlikely that violent extremist-inspired individuals in the United States will target people identified online, but this cannot be ruled out entirely.

DHS-FBI-NCTC Bulletin: Acid Attacks Potential Opportunistic Threat and Treatment Awareness

The number of criminal and gang-related assaults involving acid or other corrosive substances has risen sharply in some Western countries. As of July 2017, police statistics in England indicate assaults and threats involving corrosives have risen from 183 in 2012 to more than 500 this year, according to open source reporting. Although there has been minimal specific interest by terrorists in acid attacks to date, we judge the increase in criminal incidents coupled with recent English-language terrorist messaging encouraging attacks using acid may spur opportunistic terrorist use of the tactic, underscoring the potential threat and importance of an immediate on-scene emergency response.

(U//FOUO) Northern California Fusion Center: Violent Tactics Showcased at Berkeley Riots Likely to be Used at Future Demonstrations

Tactics used by violent Anti-fascists at events in Berkeley on 1 February, 4 March, and 15 April 2017 highlight their ability to exploit peaceful protests with coordinated violent demonstrations, attack law enforcement personnel, destroy property, and conduct information campaigns to advance their socio-political goals. This Advisory Bulletin is intended to inform law enforcement involved in operational planning and event safety at gatherings that violent anti-fascist elements may target.

DHS Infrastructure Assessment: Electric Vehicle Charging Stations

Electric vehicle (EV) usage continues to increase in the United States, along with its supporting infrastructure. As EVs increase in market share, issues like charging speed and battery capacity will drive future development of EV charging technology. As EV demand increases, manufacturers will continue to develop, build, and deploy additional Internet-connected charging stations and new connected technologies to satisfy demand.

Customs and Border Protection Alert: Fentanyl Analogues Not Resistant to Narcan (Naloxone)

Contrary to recent news reporting, there are no fentanyl analogues resistant to Naloxone. News reports indicated a “new” fentanyl analogue, acrylfentanyl, was “extremely powerful” and implied it resisted Naloxone’s effects. However, acrylfentanyl binds to the same receptors within the human body as fentanyl, meaning correctly administered Naloxone is effective against it.

(U//FOUO) DHS Reference Aid: Overview of Recently Successful or Arrested HVEs’ Radicalization to Violence

This Reference Aid is based on I&A’s review of the radicalization to violence of 39 US homegrown violent extremists (HVEs) who either successfully carried out or were arrested before attempting to carry out attacks in the Homeland between 1 January 2015 and 31 December 2016. It is intended to inform federal, state, local, tribal, and territorial counterterrorism, law enforcement, and countering violent extremism (CVE) officials. For additional information about these HVEs, please see the classified I&A Intelligence Assessment “(U//FOUO) Commonalities in HVEs’ Radicalization to Violence Provide Prevention Opportunities,” published 10 February 2017.

(U//FOUO) DHS-FBI-NCTC Guide: Terrorist Attack Planning Cycle – A Homeland Case Study

This case study is an examination of behaviors that resulted in a disrupted terrorist attack, revealing a cycle of planning and preparation that could provide indicators for preventing similar attempts. The terrorist attack planning cycle is not a static, linear process but rather could begin in any of the several stages with variances in details, sequence, and timing. An individual’s mobilization to violence often provides observable behavioral indicators such as, pre-attack surveillance, training, and rehearsal. The indicators potentially allow third-party observers and law enforcement to identify individuals moving to violence, circumstances that may allow for disruption of planned attacks. This product is intended to cultivate an awareness of the planning cycle among stakeholders for identification, mitigation, and disruption of attack planning.

DHS-FBI-NCTC Guide: International Partnerships Necessary To Mitigate ISIS’s Organ Harvesting for Terrorist Funding

The Islamic State of Iraq and ash-Sham (ISIS) is attempting to obtain money from organ harvesting, including from its own injured members, captives, and deceased individuals. Identification, prevention, and interdiction of organ harvesting and trafficking is a highly complex issue which may be effectively addressed through international partnerships among governmental, health, law enforcement, legal, and private-sector entities.

(U//FOUO) DHS-FBI-NCTC Guide: Cyber Threats to First Responders are a Persistent Concern

We assess with moderate confidence that cyber actors, including those who support violent extremism, are likely to continue targeting first responders on the World Wide Web, including by distributing personally identifiable information (PII) for the purpose of soliciting attacks from willing sympathizers in the homeland, hacking government websites, or attacking 911 phone systems to hinder first responders’ ability to respond to crises.

(U//FOUO) Delaware Fusion Center: Officer Safety Smart Watches

The Delaware State Police (DSP) Intelligence Unit is providing the following information for officer safety and situational awareness. Officers should be mindful, when placing prisoners in custody, of smart watches and similar devices that can connect via Bluetooth to a cellular device. Smart watches have the capability to both make and receive phone calls and text messages, as well as erasing same. This could cause an issue if a cellular device and it’s contents are being used as evidence. Through experimentation at Troop 7, it was determined that if a prisoner is in the detention area and the phone is seized, the watch could still be operational.

DHS Electromagnetic Pulse (EMP) Protection and Restoration Guidelines for Equipment and Facilities

The EMP protection guidelines presented in this report were initially developed by Dr. George H. Baker, based on his previous work where he led the Department of Defense program to develop EMP protection standards while at the Defense Nuclear Agency (DNA) and the Defense Threat Reduction Agency (DTRA). He is currently serving as a consultant to the Department of Homeland Security (DHS) and is emeritus professor of applied science at James Madison University (JMU). He presently serves on the Board of Directors of the Foundation for Resilient Societies, the Board of Advisors for the Congressional Task Force on National and Homeland Security, the JMU Research and Public Service Advisory Board, the North American Electric Reliability Corporation GMD Task Force, the EMP Coalition, and as a Senior Scientist for the Congressional EMP Commission.

DHS Report: Threats Posed by Autonomous Vehicles

Autonomous vehicles collect and process data from their environments, taking actions that can either help or replace drivers. OCIA assesses that these vehicles will benefit society by improving road safety and reducing deaths, injuries, and costs associated with collisions. Autonomous vehicles will also likely lead to a decrease in traffic congestion, decreasing fuel consumption and emissions per mile, and helping save drivers’ money and time. However, as vehicles become increasingly connected and a part of the Internet of Things, vulnerabilities and potential consequences are likely to increase unless cybersecurity is better integrated into vehicle design and development. Legal and regulatory gaps exist on issues such as collision liability and safety standards; if these gaps are not addressed, cities and states might implement their own laws and regulations, creating inefficiencies for automobile manufacturers, shipping companies, and drivers. Moreover, fully autonomous vehicles will likely have an adverse effect on the professional driver workforce when bus, taxi, and truck drivers are eventually replaced.

DHS Report: Artificial Intelligence Risk to Critical Infrastructure

Artificial Intelligence (AI) is an emerging risk that will affect critical infrastructure (CI) as it becomes common throughout the United States. The purpose of this research paper is to analyze the narratives about AI to understand the prominence of perceived key benefits and threats from AI adoption and the resulting implications for infrastructure security and resilience. Narratives are strongly held beliefs, and understanding them will help decision makers mitigate potential consequences before they become significant problems.

(U//LES) EPIC Bulletin: Transnational Criminal Organizations (TCOs) Continue to Profit from Marijuana Sales in Legalized Markets

In January 2016, EPIC published Intelligence Note 02303-16a, this product provided analysis of data provided by the Drug Enforcement Administration (DEA) and open source reporting that indicated Transnational Criminal Organizations (TCOs) continued to operate and profit from marijuana sales in legalized U.S. marijuana markets. EPIC research further showed that legalization of marijuana in some U.S. markets had not adversely impacted TCO profitability in marijuana markets, and that the effort of legalization had conversely brought new opportunities for illicit profits from marijuana sales. As of January 2017, EPIC research indicates that TCOs continue to exploit legalized marijuana markets in the United States.

(U//FOUO) DHS Bulletin: Food Product Adulteration Within Reach of Violent Extremists and Insiders

Terrorist and violent extremist groups have long expressed interest in poisoning and adulterating food and beverage supplies in the West but rarely use this as a tactic. Nonetheless, recent incidents in Europe and Africa underscore the continued interest by some groups in targeting food products at point-of-sale, distribution, and storage. The mere threat of product adulteration in the Homeland almost certainly would cause psychological and economic harm. While we have not seen any specific, credible terrorist threats against Homeland food production and distribution infrastructure, we cannot rule out the possibility of inspired violent extremists or disgruntled insiders attempting to adulterate or poison food and beverages with commonly available toxic industrial chemicals or crude biological toxins due to the relative ease of product manipulation, especially at the last point of sale, which criminal actors have demonstrated consistently in the past.

(U//FOUO) DHS Report: Ransomware Goals of Malicious Actors and Current System Vulnerabilities

OCIA assesses that if specific industrial control systems (ICS) were successfully infected with ransomware, it could affect the ability of certain sectors to provide real-time management and control of large networks of geographically scattered equipment. Although security researchers have demonstrated the possibility of ransomware targeting control systems, OCIA assesses that such an attack is highly unlikely given the higher success rate against consumer and business systems, the likelihood that business and process control networks are segmented, and the ability for operators to take a control system out of service and employ manual overrides.

(U//FOUO) DHS Report: Potential Impacts of WannaCry Ransomware on Critical Infrastructure

On May 12, 2017, organizations across the world reported ransomware infections impacting their computer systems. The infections, caused by a ransomware strain referred to as WannaCry, restricts users’ access to a computer and demands a ransom to unlock it. The U.S. Department of Justice defines ransomware as, a type of malicious software cyber actors use to deny access to systems or data until the ransom is paid. After the initial infection, ransomware attempts to spread through systems and networks.

(U//FOUO) Los Angeles Joint Regional Intelligence Center: Vehicle Ramming Attacks Increasing

Use of vehicles by violent extremists for ramming attacks has increased steadily, while use of vehicle-borne improvised explosive devices (VBIEDs) remains rare outside the Middle East. Given the ease with which ramming attacks can be accomplished, it is likely use of this tactic will continue to rise. Unlike VBIEDs, ramming attacks require little specialized training or skill, present minimal risk of detection when acquiring the weapon, and offer flexibility with regard to preparation, timing, and target. Foreign terrorist organizations (FTOs) have pointedly encouraged use of vehicle ramming attacks, offering explicit tactical advice on vehicle selection, driving tips to maximize fatalities, and targeting suggestions that include parades, festivals, street fairs, outdoor markets or conventions, political rallies, and other crowded targets of opportunity.

(U//FOUO) TSA Report: Vehicle Ramming Attacks Threat Landscape, Indicators, Countermeasures

Vehicle-ramming attacks are considered unsophisticated, in that a perpetrator could carry out such an attack with minimal planning and training. It is likely that terrorist groups will continue to encourage aspiring attackers to employ unsophisticated tactics such as vehicle-ramming, since these types of attacks minimize the potential for premature detection and could inflict mass fatalities if successful. Furthermore, events that draw large groups of people—and thus present an attractive vehicle ramming target—are usually scheduled and announced in advance, which greatly facilitates attack planning and training activities.