The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation—malicious or not—leaves a trail. US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source. In every case, they apply the same tradecraft standards described in the Analytic Process above.
The Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy, released concurrently with this National Electric Grid Security and Resilience Action Plan (Action Plan), details bilateral goals to address the vulnerabilities of the respective and shared electric grid infrastructure of the United States and Canada, not only as an energy security concern, but for reasons of national security. The implementation of the Strategy requires continued action of a nationwide network of governments, departments and agencies (agencies), and private sector partners. This Action Plan details the activities, deliverables, and timelines that will be undertaken primarily by U.S. Federal agencies for the United States to make progress toward the Strategy’s goals.
This Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy addresses the vulnerabilities of the two countries’ respective and shared electric grid infrastructure, not only as an energy security concern, but for reasons of national security. This joint Strategy relies on the existing strong bilateral collaboration between the United States and Canada, and reflects a joint commitment to enhance a shared approach to risk management for the electric grid. It also articulates a common vision of the future electric grid that depends on effective and expanded collaboration among those who own, operate, protect, and rely on the electric grid. Because the electric grid is complex, vital to the functioning of modern society, and dependent on other infrastructure for its function, the United States and Canada developed the Strategy under the shared principle that security and resilience require increasingly collaborative efforts and shared approaches to risk management.
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
The law enforcement community often refers to their challenge in this context as “going dark.” In essence, “going dark” refers to advancements in technology that leave law enforcement and the national security community unable to obtain certain forms of evidence. In recent years, it has become synonymous with the growing use of strong default encryption available to consumers that makes it increasingly difficult for law enforcement agencies to access both real-time communications and stored information. The FBI has been a leading critic of this trend, arguing that law enforcement may no longer be able “to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.” As a result, the law enforcement community has historically advocated for legislation to “ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to keep America safe.”
In June 2013, former National Security Agency (NSA) contractor Edward Snowden perpetrated the largest and most damaging public release of classified information in U.S. intelligence history. In August 2014, the Chairman and Ranking Member of the House Permanent Select Committee on Intelligence (HPSCI) directed Committee staff to carry out a comprehensive review of the unauthorized disclosures. The aim of the review was to allow the Committee to explain to other Members of Congress–and, where possible, the American people–how this breach occurred, what the U.S. Government knows about the man who committed it, and whether the security shortfalls it highlighted had been remedied.
Advances in emerging surveillance technologies like cell-site simulators – devices which transform a cell phone into a real-time tracking device – require careful evaluation to ensure their use is consistent with the protections afforded under the First and Fourth Amendments to the U.S. Constitution. The United States’ military and intelligence agencies have developed robust and sophisticated surveillance technologies for deployment in defense against threats from foreign actors. These technologies are essential to keeping America safe. Increasingly though, domestic law enforcement at the federal, state, and local levels are using surveillance technologies in their every-day crime-fighting activities. In the case of cell-site simulators, this technology is being used to investigate a wide range of criminal activity, from human trafficking to narcotics trafficking, as well as kidnapping, and to assist in the apprehension of dangerous and violent fugitives.
U.S. Army Special Operations Command Study: Legal Implications of the Status of Persons in Resistance
The purpose of this study is to provide a synthesis of the prevailing issues and analysis concerning the legal status of persons in resistance. This document refers broadly to resistance and those involved in it, meaning those individuals comprising the resistance element, US personnel supporting or countering the resistance, and the standing government. In alignment with this focus, the document explores the status of personnel particularly in foreign internal defense (FID), counterinsurgency (COIN), and unconventional warfare (UW) operations. When originally conceived, this manuscript was to be an updated volume of the 1961 American University Special Operations Research Office (SORO) study, The Legal Status of Participants in Unconventional Warfare. The National Security Analysis Department (NSAD) of the Johns Hopkins University Applied Physics Laboratory (JHU/APL) was asked by the US Army Special Operations Command (USASOC), G-3X Special Programs Division, to review and analyze the historical use of international law, the law of land warfare, and applicable international conventions and update the SORO study accordingly and also include unique legal considerations regarding the status of irregular forces. Because many aspects of both law and policy have changed since the 1961 publication, particularly within the context of US involvement in Afghanistan and Iraq, USASOC requested that this manuscript be a new document to account for these changes, highlight key legal questions, and position these questions within the context of hypothetical scenarios and historical examples.
The Joint Operating Environment 2035 (JOE 2035) is designed to encourage the purposeful preparation of the Joint Force to effectively protect the United States, its interests, and its allies in 2035. For the Joint Force, thinking through the most important conditions in a changing world can mean the difference between victory and defeat, success and failure, and the needless expenditure of human lives and national treasure versus the judicious and prudent application of both to defend our vital interests.
Joint Staff Strategic Multi-Layer Assessment on Bio-Psycho-Social Applications to Cognitive Engagement
The underlying concept of this paper is how bio-psycho-social approaches to cognitive engagement, described in greater depth by DeGennaro, may be put to use to collect, analyze, and/or apply information to meet a tactical, operational, or strategic end. This White Paper will focus on the proverbial “rubber meets the road” approaches of behavioral operations in the human domain where the former is “the study of attributes of human behavior and cognition that impact the design, management, and improvement of operating systems, and the study of the interaction between such attributes and operating systems and processes” and the latter is “the presence, activities (including transactions both physical and virtual), culture, social structure/organization, networks and relationships, motivation, intent, vulnerabilities, and capabilities of humans (single or groups) across all domains of the operational environment (Space, Air, Maritime, Ground, and Cyber).” Information Operations (IO) doctrine defines the cognitive domain as the component of the information environment (IE) that encompasses the gray matter of those who transmit, receive, and act upon information. Cognitive operations such as information processing, perception, judgment, and decision-making are the most vital aspect of the IE. Cognition is influenced by individual and cultural beliefs, norms, vulnerabilities, motivations, emotions, experiences, morals, education, mental health, identities, and ideologies and thus requires research and analysis methods from the bio-psycho-social sciences to understand and manipulate. When, how, and most importantly why to apply that understanding to US advantage at the tactical, operational, and strategic level is the focus of this effort.
FBI Cyber Bulletin: APT Targeting U.S. Private Sector, Government Networks Using Presidential Election Lures
Likely Advanced Persistent Threat (APT) cyber actors have targeted US private sector and government networks since August 2016 with spear phishing campaigns, using newly identified exploits contained within lures related to foreign affairs and the recent US presidential election. The FBI analyzed malicious Microsoft Office documents, a zip archive, a first-stage downloader, a second-stage in-memory-only PNG wrapped malware, and a BAT-initiated PowerShell script associated with the campaigns. This FLASH provides rules and signatures to assist in network defense efforts.
(U//FOUO) DHS, Fusion Centers Reference Aid: Malicious Terrorism Hoaxes Likely to Endure, Strain State and Local First Responder Resources
This Reference Aid is intended to provide information on malicious terrorism hoaxes that will continue to challenge first responder resources throughout the Homeland and territories. This Reference Aid is provided by I&A, DIAC, NCRIC, NVRIC, and NJ-ROIC to support their respective activities, to provide situational awareness, and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and first responders with recognizing the indicators and implications of malicious terrorism hoaxes. The use of hoax calls may also be used as a technique to lure authorities to a particular location for the purpose of conducting a potential attack, but is not discussed in this article, as luring is viewed as its own distinct tactic.
This report serves to present information and analysis associated with fire, arson, and bombing incidents at houses of worship (HOWs) occurring within the United States for the past 5 years, between January 2011 through December 2015, and reported to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). In total, there were 733 fire and explosion related incidents, per ATF reporting, for all 50 States. The information contained herein does not represent all fire, arson and bombing incidents for the United States. This report only represents those incidents that have been reported to and investigated by ATF.
AI has applications in many products, such as cars and aircraft, which are subject to regulation designed to protect the public from harm and ensure fairness in economic competition. How will the incorporation of AI into these products affect the relevant regulatory approaches? In general, the approach to regulation of AI-enabled products to protect public safety should be informed by assessment of the aspects of risk that the addition of AI may reduce alongside the aspects of risk that it may increase. If a risk falls within the bounds of an existing regulatory regime, moreover, the policy discussion should start by considering whether the existing regulations already adequately address the risk, or whether they need to be adapted to the addition of AI. Also, where regulatory responses to the addition of AI threaten to increase the cost of compliance, or slow the development or adoption of beneficial innovations, policymakers should consider how those responses could be adjusted to lower costs and barriers to innovation without adversely impacting safety or market fairness.
(U//FOUO) California Fusion Center: California Leads in Unauthorized UAS Encounters, Risk to Public Safety
California has had more disclosed unauthorized Unmanned Aircraft Systems (UAS) encounters than any other state between October 2015 and September 2016—accounting for 21 percent of the reported encounters nationwide—according to the Federal Aviation Administration (FAA). These encounters continue to pose a direct risk to public safety air assets.
DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.
FBI Cyber Bulletin: Denial of Service Attack Against DNS Host Highlights Vulnerability of Internet of Things Devices
Army commanders rely upon timely, relevant, and accurate combat information and intelligence in order to successfully plan, prepare, and execute operations. Human intelligence (HUMINT) and counterintelligence (CI) are two critical assets commanders have, either organic to their unit’s table of organization and equipment (TOE) or through attachment from a supporting command, which can provide input to both combat information and intelligence. While there are similarities between the methodology and tactics, techniques, and procedures (TTP) used by HUMINT and CI, their training and missions are separate and distinct.
In 2011, the United States adopted the Strategy for Empowering Local Partners to Prevent Violent Extremism in the United States (Strategy) and a corresponding Strategic Implementation Plan. Since publication, the mission to prevent violent extremism has progressed, and violent extremist threats have continued to evolve. The overall goal of the Strategy and United States Government efforts to implement it remains unchanged: to prevent violent extremists and their supporters from inspiring, radicalizing, financing, or recruiting individuals or groups in the United States to commit acts of violence. This updated Strategic Implementation Plan responds to the current dynamics of violent extremism and reflects experiences and knowledge acquired over the last five years. It replaces the 2011 Strategic Implementation Plan for Empowering Local Partners to Prevent Violent Extremism in the United States.
AT&T shall provide certain data and reports to the Government Agency, as specified in section 3.0 Tasks. The data that will be provided to the Government Agency is limited to telecommunications information and records and analysis thereof. In addition to the items provided in section 3.0 Tasks, AT&T shall provide expedited processing of information requested by compulsory legal requests (collectively referred to as Legal Process) regarding telecommunications information and records under the AT&T’s ownership or control.
Despite battlefield losses, ISIS continues to operate its own terrorist pseudostate and claims a growing global footprint. At least 34 radical Islamist groups have pledged their allegiance to ISIS. As of this printing, the organization has managed to expand its presence to dozens of countries and territories—in addition to recruiting tens of thousands of fighters from over 120 nations. Most alarmingly, ISIS is driving an unprecedented surge of terror plots against the West and poses a persistent and grave threat to the U.S. homeland.