A facilitated brainstorming session was convened to identify and examine the most common misconceptions about conventional Homeland plotting. These misconceptions stemmed from inquiries received from Federal, state, local, tribal, and private-sector consumers and from articles published by outside experts and in the media. Analysts identified the following six misconceptions as the most common and compared them with current analytic lines.
United States
Department of Defense, North Korea
DoD Report to Congress on North Korea Military and Security Developments 2012
The Democratic People’s Republic of Korea (DPRK) remains one of the United States’ most critical security challenges in Northeast Asia. North Korea remains a security threat because of its willingness to undertake provocative and destabilizing behavior, including attacks on the Republic of Korea (ROK), its pursuit of nuclear weapons and long-range ballistic missiles, and its willingness to proliferate weapons in contravention of its international agreements and United Nations Security Council Resolutions. North Korean aspiration for reunification – attainable in its mind in part by expelling U.S. forces from the Peninsula – and its commitment to perpetuating the Kim family regime are largely unchanged since the nation’s founding in 1948, but its strategies to achieve these goals have evolved significantly. Under Kim Jong Il, DPRK strategy had been focused on internal security; coercive diplomacy to compel acceptance of its diplomatic, economic and security interests; development of strategic military capabilities to deter external attack; and challenging the ROK and the U.S.-ROK Alliance. We anticipate these strategic goals will be consistent under North Korea’s new leader, Kim Jong Un.
Department of Homeland Security, Federal Bureau of Investigation
DHS-FBI Bulletins Identifying IP Addresses, Hostnames Associated With Malicious Cyber Activity Against the U.S. Government
Various cyber actors have engaged in malicious activity against Government and Private Sector entities. The apparent objective of this activity has been the theft of intellectual property, trade secrets, and other sensitive business information. To this end, the malicious actors have employed a variety of techniques in order to infiltrate targeted organizations, establish a foothold, move laterally through the targets’ networks, and exfiltrate confidential or proprietary data. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation and other partners, has created this Joint Indicator Bulletin, containing cyber indicators related to this activity. Organizations are advised to examine current and historical security logs for evidence of malicious activity related to the indicators in this bulletin and deploy additional protections as appropriate.
Department of Defense, Iraq
Special Inspector General Lessons Learned on the Commander’s Emergency Response Program in Iraq
The CERP was formally established by the Coalition Provisional Authority in July 2003 to provide U.S. military commanders in Iraq with a stabilization tool that benefitted the Iraqi people. The program supported urgent, small-scale projects that local governments could sustain, that generally cost less than $25,000, and that provided employment. DoD defined urgent as “any chronic and acute inadequacy of an essential good or service that, in the judgment of the local commander, calls for immediate action.” Among other things, CERP funds were used to: build schools, health clinics, roads, and sewers; pay condolence payments; support economic development; purchase equipment; and perform civic cleanup. DoD used CERP as a “combat multiplier” whose projects helped improve and maintain security in Iraq through non-lethal means. The program was considered “critical to supporting military commanders in the field in executing counterinsurgency operations” and its pacification effects important to saving lives.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Indicators and Protective Measures In Light of Boston Marathon Explosions
This Joint Intelligence Bulletin provides law enforcement and private sector safety officials with protective measures in light of the recent explosions that took place at the 2013 Boston Marathon in Boston, Massachusetts. The information is provided to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Information Regarding the Devices Likely Used in Boston Marathon Explosions
This Joint Intelligence Bulletin provides information on the devices used in the 15 April 2013 Boston Marathon explosions. The information is intended to provide aid in identifying devices and to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Update: Pressure Cookers as IED Components
This is an update of an RCR published on 1 July 2010. Rudimentary improvised explosive devices (IEDs) using pressure cookers to contain the initiator, switch, and explosive charge frequently have been used in Afghanistan, India, Nepal, and Pakistan. Pressure cookers are common in these countries, and their presence probably would not seem out of place or suspicious to passersby or authorities. Presence in an unusual location—or if noticed in a contanier such as a backpack—should be treated as suspicious.
Department of Defense
DoD Strategy for Homeland Defense and Defense Support of Civil Authorities February 2013
Defending U.S. territory and the people of the United States is the highest priority of the Department of Defense (DoD), and providing appropriate defense support of civil authorities (DSCA) is one of the Department’s primary missions. This Strategy for Homeland Defense and Defense Support of Civil Authorities orients the Department towards an increasingly complex strategic environment. It emphasizes innovative approaches, greater integration, deepening of external partnerships, and increased effectiveness and efficiencies in DoD’s homeland activities. It applies the vital capabilities of the Total Force – in the Active and Reserve Components – to make the nation more secure and resilient. Finally, the Strategy guides future decisions on homeland defense and civil support issues consistent with the Defense Strategic Guidance and the Quadrennial Defense Review (QDR).
Federal Bureau of Investigation
(U//FOUO) FBI Bulletin: Potential Use of Exploding Targets as Explosives in IEDs
The FBI assesses with high confidence recreationally used exploding targets (ETs), commonly referred to as tannerite, or reactive targets, can be used as an explosive for illicit purposes by criminals and extremists and explosive precursor chemicals (EPCs) present in ETs can be combined with other materials to manufacture explosives for use in improvised explosive devices (IEDs).
Federal Bureau of Investigation
(U//FOUO) FBI Bulletin: Los Zetas Recruitment of Non-Traditional Associates in the United States
Recent FBI intelligence from multiple FBI HUMINT sources indicates a shift in Los Zetas recruiting methods and reliance on non-traditional associates. Past, accurate FBI reporting indicated Los Zetas previously focused its recruitment on members with prior specialized training, such as ex-military and ex-law enforcement officers, and not on US-based gangs or US persons in order to maintain a highly-disciplined and structured hierarchy. This hierarchy, which resembled a military-style command and control structure, facilitated drug trafficking operations and maintained lines of authority. However, current FBI reporting indicates that Los Zetas is recruiting and relying on non-traditional, non-military trained associates—US-based prison and street gangs and non-Mexican nationals—to perform drug trafficking and support operations in Mexico and in the United States.
U.S. Marine Corps
(U//FOUO) U.S. Marine Corps Light Armored Reconnaissance Battalion Operations in Afghanistan Lessons Learned Report
This report is a continuation of the collection effort on units supporting operations in Afghanistan as directed by the Deputy Commandant for Combat Development and Integration. The collection sought to examine the mission, scope, successes, shortfalls, equipment, manning and emerging issues associated with 4th Light Armored Reconnaissance Battalion (4th LAR) operations. Interviews of 28 commanders and staff were conducted at various camps and bases in Afghanistan from December 2009 – April 2010.
Drug Enforcement Administration
DEA General Principles for Payment of Records Requested via Administrative Subpoenas
This memorandum summarizes the basic payment principles. Title 21 U.S.C. § 876 authorizes the use of administrative subpoenas to obtain information relating to Title 21 investigations. DEA is under no obligation to pay for information provided in response to its issuance of an administrative subpoena unless a separate Federal statute or regulation specifically states that reimbursement is required.
Department of Defense
DoD Instruction 3025.21 Defense Support of Civilian Law Enforcement Agencies
Establishes DoD policy, assigns responsibilities, and provides procedures for DoD support to Federal, State, tribal, and local civilian law enforcement agencies, including responses to civil disturbances within the United States, including the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and any territory or possession of the United States or any other political subdivision thereof in accordance with DoDD 3025.18 (Reference (c)).
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Expressed or Implied Threat
Expressed or implied threats by an individual or a group communicating intent to commit acts of terrorism or violence or advocating violence against a person, population, or to damage or destroy a facility can be an indicator of pre-operational attack planning. For example, in 2010 a Virginia-based US person pled guilty to communicating threats after he posted a video to the Internet encouraging violent extremists to attack the creators of a television show, including highlighting their residence and urging online readers to “pay them a visit.” He also admitted to soliciting others to desensitize law enforcement by placing suspicious looking but innocent packages in public places, which could then be followed up by real explosives.
Department of Defense, Office of the Director of National Intelligence
U.S. Intelligence Community Performance Standards
A 2009 document from the Office of the Director of National Intelligence and the Department of Defense creating performance standards for “successful” and “outstanding” employee performance within the U.S. intelligence community.
Canada, U.S. Northern Command, United States
(U//FOUO) U.S.-Canada Civil Assistance Plan 2012
This bilateral plan provides a framework for military forces of one nation to support military forces of the other nation that are providing military support of civil authorities. The focus of this document is the unique, bilateral military planning considerations required to align our respective national military plans to respond quickly to national requests for military support of civil authorities. Nothing in this plan prevents either nation from responding unilaterally; rather, this plan will facilitate unity of effort, if and when requests for bilateral support are received.
Washington
(U//FOUO) Washington Fukushima Radiation Event After Action Report
This After Action Report/Improvement Plan covers the public health response in Washington to the disaster in Japan that began with the earthquake off of Japan’s northeastern coast on March 11, 2011. The 9.0 earthquake caused widespread devastation throughout Japan, and the resulting tsunami crippled the nation even further. The Fukushima Nuclear Power Plant, located in Fukushima Prefecture of Japan, was severely damaged by the earthquake and tsunami, creating a radiological disaster. The tsunami from the earthquake also made landfall across the Pacific Ocean including coastal areas of Washington state. The radiological release at the Fukushima Nuclear Power Plant was due to the loss of cooling capability in the reactor cores, causing a partial melt down of nuclear fuel, a buildup of hydrogen gas in containment that had to be vented, and resulting explosions that caused radioactivity from damaged fuel to enter the atmosphere and be carried by the jet stream to the Pacific Northwest. For the state of Washington, responding to potential public health and medical impacts of both the tsunami and radiation issues from the earthquake in Japan culminated in many lessons learned— strengths as well as areas in need of improvement. Those lessons learned are captured in this after action report.
Oregon
(U//FOUO) Oregon Fukushima Radiation Event After Action Report
The Oregon response to the Japan Radiation Event was a real-time response triggered by the Tohuku Earthquake and Tsunami of March 11, 2011. Damage caused by the tsunami to the Oregon coast did not necessitate a state Public Health response. Rather, state PH focused primarily on the health and medical informational needs of the public, public health and medical partners and other state agencies and tribes. OPHD initially responded in an ad hoc manner. It was subsequently determined that a more effective approach would be to establish an Incident Management Team and activate the Agency Operations Center, which were accomplished on 16 March and 21 March respectively. Agency Operations Center and Public Health Information Center operations worked well, with enhanced cooperation demonstrated in message development and interaction with the media. Use of HAN, links on the OHA website to FAQs and statistical data, rapid translation of messages into 6 languages, teleconferences with LHDs, tribes, PIOs and Region X Federal and state partners and Oregon Emergency Management facilitated calls with sister state agencies resulted in consistent information being provided. The major deficiency in the process was the lack of clarity and responsiveness from the national headquarters of federal agencies (EPA, FDA).
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Terrorist Tradecraft: Impersonation Using Stolen, Cloned or Repurposed Vehicles
Stolen, cloned, or repurposed commercial or official vehicles—such as police cars, ambulances, and public utility service trucks—have been used in terrorist attacks. These vehicles could facilitate terrorist access to restricted and hardened targets as well as to emergency scenes. The use of these vehicles can provide individuals the ability to approach targets to conduct pre-operational surveillance or carry out primary attacks or secondary attacks against first responders.
Department of Homeland Security
(U//FOUO) DHS Cybersecurity Executive Order 13636 Critical Infrastructure Presentation
A DHS presentation from March 11, 2013 regarding the implementation of Executive Order 13636 “Improving Critical Infrastructure Cybersecurity” authored by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG).
Central Intelligence Agency
CIA Chief Technology Officer Big Data and Cloud Computing Presentations
Several sets of presentation slides for talks given by Ira A. “Gus” Hunt, the CIA’s Chief Technology Officer, on the topic of “big data” and cloud computing. A recent presentation given by Hunt at the GigaOM Structure:Data conference last week garnered significant attention for his discussion of the CIA’s desire to “collect everything and hang on to it forever.” Hunt’s presentation was similar to several he has given before, many of which share the same slides, including one which states: “It is really very nearly within our grasp to be able to compute on all human generated information.”
U.S. Air Force
(U//FOUO) U.S. Air Force Office of Special Investigations Cybersex Extortion Scams Report
This Special Product was produced in response to reports of Department of Defense (DoD) personnel becoming victims of internet-based extortion scams known as sextortion. Its purpose is to inform United States Air Force (USAF) personnel of this new online scam and offer mitigating steps that can reduce the chances of becoming a victim.
FEMA
FEMA Guide: Improving Your Community’s Awareness and Reporting of Suspicious Activity
This guide offers recommendations for local outreach campaigns, explains how to effectively develop and disseminate messages in order to help the public better understand their role in reporting suspicious activity, and helps law enforcement agencies and community partners to understand, navigate, and use the many resources available to help build and sustain local efforts. New technologies, resources, and innovative practices highlighted within this document can be used to improve the education, communication, and trust amongst communities and law enforcement agencies who serve them. With the proper tools and knowledge, individuals and entire communities will help law enforcement agencies identify, investigate, and prevent crime and terrorism.
Government Accountability Office
GAO Report: Increasing the Effectiveness of Efforts to Share Terrorism-Related Suspicious Activity Reports
The Department of Justice (DOJ) has largely implemented the Nationwide Suspicious Activity Reporting Initiative among fusion centers—entities that serve as the focal point within a state for sharing and analyzing suspicious activity reports and other threat information. The state and local law enforcement officials GAO interviewed generally said the initiative’s processes worked well, but that they could benefit from additional feedback from the Federal Bureau of Investigation (FBI) on how the reports they submit are used. The FBI has a feedback mechanism, but not all stakeholders were aware of it. Implementing formalized feedback mechanisms as part of the initiative could help stakeholders conduct accurate analyses of terrorism-related information, among other things.
National Counterterrorism Center
(U//FOUO) National Counterterrorism Center: Urban Exploration Offers Insight on Infrastructure Vulnerabilities
Urban Explorers (UE)—hobbyists who seek illicit access to transportation and industrial facilities in urban areas—frequently post photographs, video footage, and diagrams on line that could be used by terrorists to remotely identify and surveil potential targets. Advanced navigation and mapping technologies, including three dimensional modeling and geo-tagging, could aid terrorists in pinpointing locations in dense urban environments. Any suspicious UE activity should be reported to the nearest State and Major Area Fusion Center and to the local FBI Joint Terrorism Task Force.