Massachusetts U.S. Attorney’s Office Framework for Countering Violent Extremism

In March 2014, the White House National Security Council (NSC) requested assistance from three regions with piloting the development of a comprehensive framework that promotes multidisciplinary solutions to countering violent extremism. The Greater Boston region was selected because of its existing collaborative efforts and nationally recognized success with developing robust comprehensive violence prevention and intervention strategies. With the support of the Department of Justice, Federal Bureau of Investigation, Department of Homeland Security and National Counterterrorism Center, a range of stakeholders in the Greater Boston region began to develop a locally-driven framework. The U.S. Attorney’s Office for the District of Massachusetts has had a coordinating role in this process.

Asymmetric Warfare Group Report: Psychological and Sociological Concepts of Radicalization

Radicalization is the process by which an individual, group, or mass of people undergo a transformation from participating in the political process via legal means to the use or support of violence for political purposes (radicalism). Radicalism includes specific forms, such as terrorism, which is violence against the innocent bystander, or insurgency, which is violence against the state. It does not include legal and/or nonviolent political protest, such as protest that is more properly called activism.

FAA Proposed Rules on Operation and Certification of Small Unmanned Aircraft Systems

The FAA is proposing to amend its regulations to adopt specific rules to allow the operation of small unmanned aircraft systems in the National Airspace System. These changes would address the operation of unmanned aircraft systems, certification of their operators, registration, and display of registration markings. The proposed rule would also find that airworthiness certification is not required for small unmanned aircraft system operations that would be subject to this proposed rule. Lastly, the proposed rule would prohibit model aircraft from endangering the safety of the National Airspace System.

UK Computer Emergency Response Team (CERT) Introduction to Social Engineering

Social engineering is one of the most prolific and effective means of gaining access to secure systems and obtaining sensitive information, yet requires minimal technical knowledge. Attacks vary from bulk phishing emails with little sophistication through to highly targeted, multi-layered attacks which use a range of social engineering techniques. Social engineering works by manipulating normal human behavioural traits and as such there are only limited technical solutions to guard against it.

(U//FOUO) Committee on National Security Systems Supply Chain Risk Management (SCRM) Directive

In accordance with CNSSP No. 22, “Information Assurance Risk Management Policy for National Security Systems” and the strategy established by the Comprehensive National Cybersecurity Initiative (CNCI), this Directive assigns responsibilities, and establishes the minimum criteria for the development and deployment of capabilities for the protection of National Security Systems (NSS), as defined in Reference d, from supply chain risk.

DoD Cloud Computing Security Requirements Guide (SRG) Version 1

Cloud computing technology and services provide the Department of Defense (DoD) with the opportunity to deploy an Enterprise Cloud Environment aligned with Federal Department-wide Information Technology (IT) strategies and efficiency initiatives, including federal data center consolidation. Cloud computing enables the Department to consolidate infrastructure, leverage commodity IT functions, and eliminate functional redundancies while improving continuity of operations. The overall success of these initiatives depends upon well executed security requirements, defined and understood by both DoD Components and industry. Consistent implementation and operation of these requirements assures mission execution, provides sensitive data protection, increases mission effectiveness, and ultimately results in the outcomes and operational efficiencies the DoD seeks.

(U//FOUO) Marine Corps Intelligence Activity Mauritania Cultural Field Guide

Mauritania is the westernmost country in the Sahel region. Its location between Arab-influenced North Africa and Sub-Saharan Africa has created some ethnic divides and tensions between people of Arab origin and the indigenous populations. In other cases, the population has become united under a common belief; nearly all Mauritanians are Muslim. Most of the country is desert, making life in Mauritania difficult. In the past, northern populations were nomadic herders and the southern populations were sedentary farmers. Many continue these lifestyles today, but desertification and droughts have severely reduced the amount of fertile land in Mauritania.This has hurt herders and farmers. Many have had to abandon their lifestyles to attempt make a living in the cities. As a result, most Mauritanian cities are overcrowded and have high unemployment rates.

(U//FOUO) Marine Corps Intelligence Activity Norway Country Handbook

This handbook provides essential information on Norway, including a quick reference and a country profile featuring sections on the military, geography, culture, language, history, government, economy, communications, and transportation. It is intended for use by military personnel providing assistance and training to Norway. By making the handbook unclassified and in a cargo-pocket size format, it will fulfill the need for a “field” ready-reference publication.

(U//FOUO) DHS Intelligence Assessment: Malicious Cyber Actors Target US Universities and Colleges

Malicious cyber actors have targeted US universities and colleges with typical cybercrime activities, such as spear phishing students and faculty with university-themed messages, creating fake university websites, and infecting computers with malicious software, likely in an attempt to gain access to student and faculty e-mail and bank accounts. We have no indication that cybercriminals target university systems and users more than any other cybercrime victims.

EU Parliament Study on Mass Surveillance

The disclosure of controversial mass surveillance programmes by intelligence and national security agencies has evoked an international debate on the right of citizens to be protected from illegitimate or warrantless collection and analysis of their data and meta-data. This report aims at identifying what are the risks of data breaches for users of publicly available Internet services such as web browsing, email, social networks, cloud computing, or voice communications, via personal computers or mobile devices, and what are the possible impacts for the citizens and the European Information Society. In this context a clear distinction has to be made between data and meta-data. Also it must be differentiated between mass unwarranted and indiscriminate interception, and targeted lawful interception of Internet and telephony data for the purpose of law enforcement and crime investigation. While targeted lawful interception constitutes a necessary and legitimate instrument of intelligence and law enforcement agencies, mass surveillance is considered a threat to civil liberties such as the right to freedom of opinion and expression. These civil liberties are essential human rights in democratic societies and of particular importance for safeguarding independent journalism and political opposition.

DHS NCCIC Report on Assessing Risks of Your Digital Footprint

To facilitate efficiency and effectiveness on a global scale, massive amounts of data are stored and processed in systems comprised of hardware and software. Each digital transaction or interaction we make creates a digital footprint of our lives. Too often, we don’t take the time to assess not only the size of our digital footprint, but what risks are involved in some of the choices we make. Our data lives in our social media profiles, mobile devices, payment accounts, health records, and employer databases among other places. The loss or compromise of that data can result in an array of impacts from identity theft to financial penalties, fines, and even consumer loyalty and confidence. This results in both a shared risk and therefore shared responsibility for individuals, businesses, organizations and governments. The following product is intended to facilitate awareness of one’s digital footprint as well as offer suggestions for a unified approach to securing that data. This is not an all-encompassing product, but rather offers discussion points for all that hold a stake in the security of our data.

DoJ Update to Policy Regarding Questioning, Arresting, or Charging Members of the News Media

This final rule revises the existing provisions in the Department’s regulations at 28 C.F.R. § 50.10. The revisions are intended to ensure consistent interpretation and application of the policy; clarify and expand the scope of the policy; and ensure the highest level of oversight when members of the Department seek to obtain information from, or records of, a member of the news media. The most significant change is the elimination of the phrase “ordinary newsgathering activities,” which has been replaced throughout with “newsgathering activities.” The change mandates that, unless one of the exceptions identified in paragraphs (c)(3) or (d)(4) is applicable, when the investigative or prosecutorial need for information or records relates to newsgathering activities, the Attorney General must authorize the issuance of all subpoenas to members of the news media; the use of all subpoenas or court orders issued pursuant to 18 U.S.C. §§ 2703(d) or 3123 to obtain communications records or business records as defined by paragraphs (b)(3)(i) and (b)(3)(iii); and all applications for warrants to search the premises or property, or to obtain from third-party communication service providers the communications records or business records of members of the news media.

National Counterintelligence Executive Unauthorized Disclosures of Classified Information Training Course

This course identifies and discusses employees’ responsibilities for safeguarding classified information against unauthorized disclosures. This course also outlines the criminal and administrative sanctions which can be imposed for an unauthorized disclosure. While there are multiple categories of unauthorized disclosures, this course will focus on unauthorized disclosures to the media due to the significance of the damage these leaks have caused to both the Intelligence Community (IC) and national security.

DHS Geospatial Concept of Operations (GeoCONOPS) Version 6

This Homeland Security (HLS) Geospatial Concept of Operations (GeoCONOPS) has been developed as a strategic starting point for understanding how the coordination of Homeland Security and Homeland Defense (HD) geospatial activities can be improved at the federal level. The intended audience for this document is the full geospatial community supporting the missions of the federal government under the National Response Framework (NRF) and Presidential Policy Directive 8 (PPD-8). This includes the stakeholders and actors representing the Emergency Support Functions (ESFs), the Joint Field Offices (JFO), Federal Operations Centers, the disaster preparedness exercise and evaluation community, and those involved in other NRF missions. Individuals representing these groups and activities have been extensively engaged in providing input for this document.

Law Library of Congress Study: Police Weapons in Selected Jurisdictions

This report examines the weapons and equipment generally at the disposal of law enforcement officers in several countries around the world. It also provides, for each of these countries, a brief overview of the rules governing the use of weapons by law enforcement officers. Precise and reliable information on the weapons and equipment of some countries’ police forces was often difficult to find. Nevertheless, certain interesting facts and patterns emerged from the Law Library’s research.

(U//FOUO) Colorado Fusion Center Bulletin: Law Enforcement Officers Should Minimize or Eliminate Social Media Footprint

The Colorado Information Analysis Center (CIAC) is disseminating this awareness bulletin to help law enforcement officers and military personnel to minimize their social media footprint and protect their identity and family. Recent calls for attacks against law enforcement officers by foreign terrorist organizations and recent reports released by the U.S. Senate Select Intelligence Committee’s report on the CIA’s Detention Interrogation Program may exacerbate tensions or even spark violence against officers, intelligence personnel, government officials, and their families. This awareness bulletin seeks to make general recommendations to limit an individual’s digital footprint and diminish a violent actor’s targeting capability.

U.S. Southern Command Human Rights Awareness Education for General Officers

A central goal of U.S. foreign policy is promotion of respect for human rights, as embodied in the Universal Declaration of Human Rights. Human rights are freedoms, immunities, and benefits that are deemed universal, inherent, and inalienable possessions of all humankind. This means that human rights are not a concession granted by society or any particular government. Human Rights Law requires a nation to guarantee the fundamental human rights of its citizens throughout the peace-war-peace spectrum. The Law of War* is that part of international law that regulates the conduct of armed hostilities.

FBI Alert: Iranian Cyber Actors Targeting Defense Contractors, Schools and Energy Sector

A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. The actors typically utilize common computer intrusion techniques such as the use of TOR, open source reconnaissance, exploitation via SQL injection and web shells, and open source tools for further network penetration and persistence. Internet-facing infrastructures, such as web servers, are typical targets for this group. Once the actors penetrate a victim network, the actors exfiltrate network design information and legitimate user credentials for the victim network. Often times, the actors are able to harvest administrative user credentials and use the credentials to move laterally through a network.