Destructive malware used by unknown computer network exploitation (CNE) operators has been identified. This malware has the capability to overwrite a victim host’s master boot record (MBR) and all data files. The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods. Analysis of this malware is presented to provide the computer network defense (CND) community with indicators of this malware.
An intelligence assessment released last month by the Department of Homeland Security’s Office of Intelligence and Analysis found that a domestic terrorist attack conducted by individuals affiliated with or inspired by the Islamic State of Iraq and the Levant (ISIL) would most likely “employ tactics involving edged weapons, small arms, or improvised explosive devices (IEDs).” The assessment, which was obtained by Public Intelligence, was released in October following several recent attacks conducted in Europe and Australia by individuals sympathetic to ISIL. Based on a review of these and other planned attacks, analysts at DHS evaluated the tactics and targets, as well as operational security measures employed in order to determine “tactics, targets, and tradecraft that potentially could be used in the Homeland by individuals associated with or inspired” by ISIL.
This Assessment highlights the tactics, targets, and tradecraft that potentially could be used in the Homeland by individuals associated with or inspired by the Islamic State of Iraq and the Levant (ISIL); we do not address the likelihood of an attack against the United States by the group. This Assessment is intended to support the activities of DHS to assist federal, state, and local government counterterrorism and law enforcement officials, first responders, and private sector security partners in effectively deterring, preventing, preempting, or responding to terrorist attacks against the United States.
For decades, the federal government has provided billions of dollars in equipment to state and local law enforcement agencies (LEAs) through excess equipment transfers, asset forfeiture programs and federal grants. Particularly in the years since September 11, 2001, Congress and the Executive Branch have steadily increased spending and support for these programs, in light of legitimate concerns about the growing threat of terrorism, shrinking local budgets, and the relative ease with which some criminals are able to obtain high-powered weapons. These programs have significantly expanded over decades across multiple federal agencies without, at times, a commensurate growth in the infrastructure required to standardize procedures governing the flow of equipment from the federal government to LEAs. At the same time, training has not been institutionalized, specifically with respect to civil rights and civil liberties protections, or the safe use of equipment received through the federal government. Concerns over the lack of consistent protections have received renewed focus and attention in light of the recent unrest in Ferguson, Missouri.
Police leaders who have deployed body-worn cameras say there are many benefits associated with the devices. They note that body-worn cameras are useful for documenting evidence; officer training; preventing and resolving complaints brought by members of the public; and strengthening police transparency, performance, and accountability. In addition, given that police now operate in a world in which anyone with a cell phone camera can record video footage of a police encounter, body-worn cameras help police departments ensure events are also captured from an officer’s perspective.
The 2014 NDTA Summary uses information provided by 1,226 state and local law enforcement agencies through the 2014 National Drug Threat Survey (NDTS). At a 95 percent confidence level, the 2014 NDTS results are within 2.59 percentage points of the estimates reported. NDTS data used in this report do not imply that there is only one drug threat per state or region or that only one drug is available per state or region. A percentage given for a state or region represents the proportion of state and local law enforcement agencies in that state or region that identified a particular drug as their greatest threat or as available at low, moderate, or high levels.
Training guide released in November 2014 for airmen who perform “duties to develop, sustain, and enhance cyberspace capabilities to defend national interests from attack and to create effects in cyberspace to achieve national objectives. Conduct Offensive Cyberspace Operations (OCO) and Defensive Cyberspace Operations (DCO) using established tactics, techniques and procedures (TTPs) to achieve COCOM and national objectives. Executes command and control (C2) of assigned cyberspace forces and de-conflict cyberspace operations across the kinetic and non-kinetic spectrum. Supports cyberspace capability development, testing and implementation. Partners with DoD, interagency and Coalition Forces to detect, deny, disrupt, deceive, and mitigate adversarial access to sovereign national cyberspace systems.”
Large-scale events provide local governments with a number of valuable opportunities, including increasing revenue, revitalizing a city, and providing an increased sense of community. With these benefits comes greater responsibility for local law enforcement to ensure the public’s safety. When law enforcement executives are tasked with managing a large event, they can maximize their efforts by learning from other agencies and adopting proven practices. Too often, however, past lessons learned are not documented in a clear and concise manner. To address this information gap, the U.S. Department of Justice’s Bureau of Justice Assistance worked in partnership with CNA to develop this Planning Primer.
This handbook contains standard security designs and procedures common to Sensitive Compartmented Facilities (SCIF) and physical security construction standard and established by the Director National Intelligence (DNI) for protection of classified intelligence information. Users should refer to Director of Central Intelligence Directives (DCIDS) and other documents cited under Authorities for guidance on specific security functions.
The Afghanistan Opium Survey is implemented annually by the Ministry of Counter Narcotics (MCN) of Afghanistan in collaboration with the United Nations Office on Drugs and Crime (UNODC). The survey team collects and analyses information on the location and extent of opium cultivation, potential opium production and the socio-economic situation in rural areas. Since 2005, MCN and UNODC have also been involved in the verification of opium eradication conducted by provincial governors and poppy-eradication forces. The results provide a detailed picture of the outcome of the current year’s opium season and, together with data from previous years, enable the identification of medium- and long-term trends in the evolution of the illicit drug problem. This information is essential for planning, implementing and monitoring the impact of measures required for tackling a problem that has serious implications for Afghanistan and the international community.
As the magnitude and complexity of cyberspace increases, so too does the threat1 landscape. Cyber attacks have increased in both frequency and sophistication resulting in significant challenges to organizations that must defend their infrastructure from attacks by capable adversaries. These adversaries range from individual attackers to well-resourced groups operating as part of a criminal enterprise or on behalf of a nation-state. These adversaries are persistent, motivated, and agile; and employ a variety of tactics, techniques, and procedures (TTPs) to compromise systems, disrupt services, commit financial fraud, expose sensitive information, and steal intellectual property. To enhance incident response actions and bolster cyber defenses, organizations must harness the collective wisdom of peer organizations through information sharing and coordinated incident response. This publication expands upon the guidance introduced in Section 4, Coordination and Information Sharing of NIST Special Publication (SP) 800-61, Computer Security Incident Handling Guide and explores information sharing, coordination, and collaboration as part of the incident response life cycle.
Propaganda providing guidance and/or encouraging “individual jihad” or small cell operations against the West continues to be a prevalent theme in jihadist messaging. This bulletin was created by the CFIX in order to address recent propaganda from the Islamic State and its supporters which provides guidance on targeting law enforcement officers. The CFIX bases its analysis in this bulletin from open source reporting and internet postings with varying degrees of reliability, especially in regards to the true intention and capabilities of terrorist organizations and their supporters. This information is intended to support local, state and federal government agencies along with other entities in developing / prioritizing protective and support measures relating to an existing or emerging threat to homeland security.
The purpose of this brief is to provide law enforcement, first responders, corrections officers, and other personnel who interact with the general public, with guidance and protective measures when coming in contact with individuals demonstrating symptoms of the Ebola Virus Disease (EVD). Personnel who become familiar with the identification of possible exposure, proper response protocols and protective measures will be better prepared to respond, secure, transport and decontaminate to prevent further spread of this deadly disease.
United States cleared industry is a prime target of many foreign intelligence collectors and foreign government economic competitors. Cleared employees working on America’s most sensitive programs are of special interest to other nations. The number of reported collection attempts rises every year, indicating an increased risk for industry. While any geographic region can target sensitive or classified U.S. technology, DSS has consistently found that the majority of suspicious contacts reported by cleared industry originate from East Asia and the Pacific regions. Every region has active collectors. Cleared contractors should remain vigilant regardless of the collector’s assumed country of origin.
The Transportation Security Administration’s Office of Intelligence (TSA-OI) unclassified annual Freight Rail Threat Assessment addresses the overall threat to the U.S. freight rail industry and presents conclusions regarding likely targets and actors based upon a review of successful attacks against rail systems overseas.
The current Ebola virus disease outbreak was declared a ‘Public Health Emergency of International Concern’ by WHO on 8 August 2014. On 8 September, the UN Secretary-General activated the UN system-wide crisis framework and subsequently announced the establishment of the ‘United Nations Mission on Ebola Emergency Response’ – UNMEER. UNMEER is described as a ‘unified mission’, different from a ‘regular’ or ‘integrated’ mission, with HQ UNMEER in Accra, Ghana, and offices in each of Liberia, Sierra Leone and Guinea.
National and foreign military forces can play a vital role in the response. In natural disasters, many national militaries are designated auxiliary or even primary first responders in-country. If a large-scale disaster exceeds the response capacity of an affected country, the Government may seek assistance from the international community or neighbouring and partner countries. As part of their response, foreign Governments tend to deploy their military forces, especially if these are already deployed in the region. In armed conflicts and complex emergencies, humanitarian and military actors share the same operating space, but not the same mission. They are likely to have very distinct roles and mandates.
A collection of recent intelligence summaries for Operation United Assistance which is being conducted by U.S. Africa Command through U.S. Army Africa. The operation began in September and provides “coordination of logistics, training, and engineering support to the U.S. Agency for International Development (USAID) in West Africa to assist in the overall U.S. Government Foreign Humanitarian Assistance/Disaster Relief efforts to contain the spread of the Ebola Virus/Disease, as part of the international assistance effort supporting the Governments of Liberia, Sierra Leone and Guinea.”
Multi-Service Tactics, Techniques, and Procedures for Installation Emergency represents a significant renaming and revision to the November 2007 publication Multiservice Tactics, Techniques, and Procedures for Installation CBRN Defense. It expands the scope from chemical, biological, radiological, and nuclear (CBRN) defense to all-hazards installation emergency management (IEM), including the management of CBRN events. This publication defines the roles of Department of Defense (DOD) installation commanders and staffs and provides the tactics, techniques, and procedures (TTP) associated with installation planning and preparedness for response to, and recovery from, hazards to save lives, protect property, and sustain mission readiness. The purpose of this publication is to summarize existing policies, responsibilities, and procedures for IEM programs at DOD installations worldwide for all hazards, as defined by DODI 6055.17, and to translate this policy into tactical terms applicable to military installation commanders.
The most recent U.S. case, announced on 12 October 2014 is the first reported domestic transmission in the U.S. Three of the American EVD patients recovered and were discharged from the hospital, while three remain hospitalized. One American died while receiving treatment in Nigeria. The Liberian EVD patient was not symptomatic upon arrival and determined not to be infectious during travel. The Liberian patient died while in isolation on 8 October 2014. On 11 October 2014, the CDC and the Department of Homeland Security’s Customs & Border Protection (CBP) began enhanced entry screening of passengers with recent travel to West Africa at New York’s JFK International Airport. Enhanced entry screening is scheduled to begin on 16 October 2014 at Washington-Dulles, Newark, Chicago-O’Hare, and Atlanta international airports. Based on the recent domestic transmission, state and federal officials are re- examining whether equipment and procedures were properly followed, and whether additional protective steps and guidance are needed. The CDC believes the U.S. medical, public health infrastructure/responses are sufficient to prevent the spread of the Ebola virus in the U.S.