This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment. Firms in critical infrastructure sectors may generate especially large negative spillover effects to the wider economy. Insufficient data may impair cybersecurity efforts. Successful protection against cyber threats requires cooperation across firms and between private and public sectors.
This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public’s interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.
The Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy, released concurrently with this National Electric Grid Security and Resilience Action Plan (Action Plan), details bilateral goals to address the vulnerabilities of the respective and shared electric grid infrastructure of the United States and Canada, not only as an energy security concern, but for reasons of national security. The implementation of the Strategy requires continued action of a nationwide network of governments, departments and agencies (agencies), and private sector partners. This Action Plan details the activities, deliverables, and timelines that will be undertaken primarily by U.S. Federal agencies for the United States to make progress toward the Strategy’s goals.
This Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy addresses the vulnerabilities of the two countries’ respective and shared electric grid infrastructure, not only as an energy security concern, but for reasons of national security. This joint Strategy relies on the existing strong bilateral collaboration between the United States and Canada, and reflects a joint commitment to enhance a shared approach to risk management for the electric grid. It also articulates a common vision of the future electric grid that depends on effective and expanded collaboration among those who own, operate, protect, and rely on the electric grid. Because the electric grid is complex, vital to the functioning of modern society, and dependent on other infrastructure for its function, the United States and Canada developed the Strategy under the shared principle that security and resilience require increasingly collaborative efforts and shared approaches to risk management.
AI has applications in many products, such as cars and aircraft, which are subject to regulation designed to protect the public from harm and ensure fairness in economic competition. How will the incorporation of AI into these products affect the relevant regulatory approaches? In general, the approach to regulation of AI-enabled products to protect public safety should be informed by assessment of the aspects of risk that the addition of AI may reduce alongside the aspects of risk that it may increase. If a risk falls within the bounds of an existing regulatory regime, moreover, the policy discussion should start by considering whether the existing regulations already adequately address the risk, or whether they need to be adapted to the addition of AI. Also, where regulatory responses to the addition of AI threaten to increase the cost of compliance, or slow the development or adoption of beneficial innovations, policymakers should consider how those responses could be adjusted to lower costs and barriers to innovation without adversely impacting safety or market fairness.
In 2011, the United States adopted the Strategy for Empowering Local Partners to Prevent Violent Extremism in the United States (Strategy) and a corresponding Strategic Implementation Plan. Since publication, the mission to prevent violent extremism has progressed, and violent extremist threats have continued to evolve. The overall goal of the Strategy and United States Government efforts to implement it remains unchanged: to prevent violent extremists and their supporters from inspiring, radicalizing, financing, or recruiting individuals or groups in the United States to commit acts of violence. This updated Strategic Implementation Plan responds to the current dynamics of violent extremism and reflects experiences and knowledge acquired over the last five years. It replaces the 2011 Strategic Implementation Plan for Empowering Local Partners to Prevent Violent Extremism in the United States.
For decades, the federal government has provided billions of dollars in equipment to state and local law enforcement agencies (LEAs) through excess equipment transfers, asset forfeiture programs and federal grants. Particularly in the years since September 11, 2001, Congress and the Executive Branch have steadily increased spending and support for these programs, in light of legitimate concerns about the growing threat of terrorism, shrinking local budgets, and the relative ease with which some criminals are able to obtain high-powered weapons. These programs have significantly expanded over decades across multiple federal agencies without, at times, a commensurate growth in the infrastructure required to standardize procedures governing the flow of equipment from the federal government to LEAs. At the same time, training has not been institutionalized, specifically with respect to civil rights and civil liberties protections, or the safe use of equipment received through the federal government. Concerns over the lack of consistent protections have received renewed focus and attention in light of the recent unrest in Ferguson, Missouri.
Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith to vigorously pursue the government’s counterterrorism mission and appreciates the government’s efforts to bring the program under the oversight of the FISA court, the Board concludes that Section 215 does not provide an adequate legal basis to support the program. There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.
A report produced by the National Security Council Study Group headed by Paul Nitze in 1950. NSC-68 is considered to be one of the most significant documents in the history of the U.S. national security apparatus, defining goals, values, and functions of U.S. national security policy throughout the Cold War and beyond. Historian Michael J. Hogan, scholar of U.S. foreign policy and former fellow at the Harry S. Truman Presidential Library, has described the document as the “bible of American national security policy.”
The Hemisphere Project is coordinated from the Los Angeles Clearinghouse and is funded by ONDCP and DEA. Hemisphere provides electronic call detail records (CDRs) in response to federal, state, and local administrative/grand jury subpoenas. The Hemisphere database contains CDRs for any telephone carrier that uses an AT&T switch to process a telephone call. Hemisphere is an unclassified program. Hemisphere provides de-confliction within the Hemisphere database. 4 billion CDRs populate the Hemisphere database on a daily basis.
The Administration is focused on protecting the innovation that drives the American economy and supports jobs in the United States. As a Nation, we create products and services that improve the world’s ability to communicate, to learn, to understand diverse cultures and beliefs, to be mobile, to live better and longer lives, to produce and consume energy efficiently and to secure food, nourishment and safety. Most of the value of this work is intangible—it lies in America’s entrepreneurial spirit, our creativity, ingenuity and insistence on progress and in creating a better life for our communities and for communities around the world. These intangible assets are often captured as intellectual property—copyrights, patents, trademarks and trade secrets, and reflect America’s advantage in the global economy.
Our national security depends on our ability to share the right information, with the right people, at the right time. This information sharing mandate requires sustained and responsible collaboration between Federal, state, local, tribal, territorial, private sector, and foreign partners. Over the last few years, we have successfully streamlined policies and processes, overcome cultural barriers, and better integrated information systems to enable information sharing. Today’s dynamic operating environment, however, challenges us to continue improving information sharing and safeguarding processes and capabilities. While innovation has enhanced our ability to share, increased sharing has created the potential for vulnerabilities requiring strengthened safeguarding practices. The 2012 National Strategy for Information Sharing and Safeguarding provides guidance for effective development, integration, and implementation of policies, processes, standards, and technologies to promote secure and responsible information sharing.
Law enforcement and government officials for decades have understood the critical importance of building relationships, based on trust, with the communities they serve. Partnerships are vital to address a range of challenges and must have as their foundation a genuine commitment on the part of law enforcement and government to address community needs and concerns, including protecting rights and public safety. In our efforts to counter violent extremism, we will rely on existing partnerships that communities have forged with Federal, State, and local government agencies. This reliance, however, must not change the nature or purpose of existing relationships. In many instances, our partnerships and related activities were not created for national security purposes but nonetheless have an indirect impact on countering violent extremism (CVE).
This order directs structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties. Agencies bear the primary responsibility for meeting these twin goals. These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government. These policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks.
Emails and documents related to the ongoing investigation of the Bureau of Alcohol, Tobacco, Firearms and Explosives’ “Fast and Furious”/Project Gun Runner program leaked to CBS. Includes a map of distribution routes for weapons involved in the program leading to locations throughout Mexico.
Presidential Policy Directive-2 (PPD-2) Implementing National Strategy for Countering Biological Threats
Presidential Policy Directive 2 is one of a number that have not previously been released. It was publicly posted to a collaboration server for U.S. military personnel complete with its National Security Council coversheet intact, providing a rare look at dissemination guidelines utilized in high-level documentation.
Throughout history, violent extremists—individuals who support or commit ideologically-motivated violence to further political goals—have promoted messages of divisiveness and justified the killing of innocents. The United States Constitution recognizes freedom of expression, even for individuals who espouse unpopular or even hateful views. But when individuals or groups choose to further their grievances or ideologies through violence, by engaging in violence themselves or by recruiting and encouraging others to do so, it becomes the collective responsibility of the U.S. Government and the American people to take a stand. In recent history, our country has faced plots by neo-Nazis and other anti-Semitic hate groups, racial supremacists, and international and domestic terrorist groups; and since the September 11 attacks, we have faced an expanded range of plots and attacks in the United States inspired or directed by al-Qa’ida and its affiliates and adherents as well as other violent extremists. Supporters of these groups and their associated ideologies come from different socioeconomic backgrounds, ethnic and religious communities, and areas of the country, making it difficult to predict where violent extremist narratives will resonate. And as history has shown, the prevalence of particular violent extremist ideologies changes over time, and new threats will undoubtedly arise in the future.
Transnational organized crime refers to those self-perpetuating associations of individuals who operate transnationally for the purpose of obtaining power, influence, monetary and/or commercial gains, wholly or in part by illegal means, while protecting their activities through a pattern of corruption and/or violence, or while protecting their illegal activities through a transnational organizational structure and the exploitation of transnational commerce or communication mechanisms. There is no single structure under which transnational organized criminals operate; they vary from hierarchies to clans, networks, and cells, and may evolve to other structures.
In his address to the nation on Libya on March 28, 2011, President Obama presented a comprehensive explanation for why he authorized military action as part of an international coalition to protect the people of Libya and to enforce U.N. Security Council Resolution (UNSCR) 1973. In the intervening weeks and months, coalition efforts have been effective in protecting the Libyan population. The regime has suffered numerous defeats, cities and towns across Libya have been liberated from brutal sieges, strong sanctions are in place, and the regime is encountering serious difficulties raising revenues through oil sales or other means. All these actions and outcomes are consistent with UNSCR 1973.
Digital infrastructure is increasingly the backbone of prosperous economies, vigorous research communities, strong militaries, transparent governments, and free societies. As never before, information technology is fostering transnational dialogue and facilitating the global flow of goods and services. These social and trade links have become indispensable to our daily lives. Critical life-sustaining infrastructures that deliver electricity and water, control air traffic, and support our financial system all depend on networked information systems. Governments are now able to streamline the provision of essential services through eGovernment initiatives. Social and political movements rely on the Internet to enable new and more expansive forms of organization and action. The reach of networked technology is pervasive and global. For all nations, the underlying digital infrastructure is or will soon become a national asset.
A secure cyberspace is critical to our prosperity. We use the Internet and other online environments to increase our productivity, as a platform for innovation, and as a venue in which to create new businesses. “Our digital infrastructure, therefore, is a strategic national asset, and protecting it—while safeguarding privacy and civil liberties—is a national security priority” and an economic necessity. By addressing threats in this environment, we will help individuals protect themselves in cyberspace and enable both the private sector and government to offer more services online. As a Nation, we are addressing many of the technical and policy shortcomings that have led to insecurity in cyberspace Among these shortcomings is the online authentication of people and devices: the President’s Cyberspace Policy Review established trusted identities as a cornerstone of improved cybersecurity.
A copy of Barack Obama’s long-form birth certificate released April 27, 2011 by the White House.
On June 22, 2010, the U.S. Intellectual Property Enforcement Coordinator (IPEC) issued the Administration’s first Joint Strategic Plan on Intellectual Property Enforcement (Strategy), which was developed in coordination with many Federal agencies, including the Departments of Commerce, Health and Human Services, Homeland Security (DHS), Justice (DOJ), and State, and the U.S. Trade Representative. As part of the Strategy, the Administration undertook to review existing laws to ensure that they were effective and to identify deficiencies that could hinder enforcement. Based on that review, this White Paper identifies specific recommended legislative changes, designed to increase the effectiveness of U.S. enforcement efforts. We will, of course, continue to assess existing legislation and recommend any further changes to the law as the need arises.
Our national defense requires that sensitive information be maintained in confidence to protect our citizens, our democratic institutions, and our homeland. Protecting information critical to our nation’s security is the responsibility of each individual who is granted access to classified information. Any unauthorized disclosure of classified information is a violation of our law and compromises our national security. The recent irresponsible disclosure by WikiLeaks has resulted in significant damage to our national security. Any failure by agencies to safeguard classified information pursuant to relevant laws, including but not limited to Executive Order 13526, Classified National Security Information (December 29, 2009), is unacceptable and will not be tolerated.