The Department of Homeland Security (DHS) assesses that given the high value of patient information and proprietary data on the black market, the Healthcare and Public Health Sector will continue to be one of the primary targets for malicious cyber actors. Stolen health data sells on the black market for more than 10 to 20 times the price of stolen credit card data. DHS assesses that growth in the medical device market over the next 4 years will result in more devices connected to the Internet, and an increase in the number of cyber-related incidents that target those devices. This is partly because manufacturers do not place enough emphasis on the security of medical devices.
It seemed as if war had been declared on cops. First a sniper in Dallas and then an active shooter in Baton Rouge. “It has been a tough week physically and emotionally,” said Senior Corporal Trevor Perez, one of a couple dozen Dallas police officers and honor guard members to make the seven-hour trip to Baton Rouge to attend the funerals of Baton Rouge police officers, in this case that of Matthew Gerald. All the more tough because the corporal and his colleagues had just recently paid their respects at nearly a dozen similar funerals back in Texas.
With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. The potential for malicious actors to access and adversely affect physical electricity assets of U.S. electricity generation, transmission, or distribution systems via cyber means is a primary concern for utilities contributing to the bulk electric system. This paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks, the likelihood of cyber attacks, and the impacts cyber events and threat actors can achieve on the power grid. In addition, this paper highlights utility perspectives, perceived challenges, and requests for assistance in addressing cyber threats to the electric sector.
An unidentified actor or actors between November 2016 and January 2017 targeted a US water and sewage authority’s network, resulting in excessive cellular charges and unusual traffic on ports 10000 and 9600, according to an FBI source with excellent access who spoke in confidence but whose reliability cannot be determined. The FBI source indicated that four of the seven devices on the authority’s cellular data plan were impacted with high data usage, which was likely a result of compromised network devices. The November 2016–December 2016 billing cycle totaled $45,000, and the December 2016–January 2017 billing cycle totaled $53,000.
This TC serves as a guide to describe the fundamentals of how to incorporate IO at the tactical and operational level. Appendixes A through F offer tactics, techniques, and procedures (TTP) Special Forces (SF) Soldiers can use to analyze and plan information operations. This TC implements Army and joint IO doctrine established in FM 3-13, Inform and Influence Activities, and Joint Publication (JP) 3-13, Information Operations. This TC reinforces the definition of IO used by Army forces: IO employs the core capabilities of electronic warfare (EW), computer network operations (CNO), Military Information Support operations (MISO), military deception (MILDEC), and operations security (OPSEC), in concert with specified supporting and related capabilities, to affect or defend information and information systems and to influence decisionmaking. This TC is specifically targeted for SF; however, it is also useful to Army special operations forces (ARSOF) and the Army in understanding how SF employs IO.
U.S. competitors pursuing meaningful revision or rejection of the current U.S.-led status quo are employing a host of hybrid methods to advance and secure interests that are in many cases contrary to those of the United States. These challengers employ unique combinations of influence, intimidation, coercion, and aggression to incrementally crowd out effective resistance, establish local or regional advantages, and manipulate risk perceptions in their favor. So far, the United States has not come up with a coherent countervailing approach. It is in this “gray zone”—the awkward and uncomfortable space between traditional conceptions of war and peace—where the United States and its defense enterprise face systemic challenges to U.S. position and authority. As a result, gray zone competition and conflict should be pacers for defense strategy.
(U//FOUO) U. S. Marine Corps Forces Europe and Africa Campaign Plan 2016-2020: Theater Crisis and Contingency Response Forces in Readiness
The U.S. Marine Corps Forces Europe and Africa Campaign Plan 2016-2020 defines the organization’s desired baseline operating conditions and capabilities beyond a one-year planning and execution cycle and directs action to achieve desired end states. The Campaign Plan synthesizes strategic guidance provided by U.S. European Command (USEUCOM), U.S. Africa Command (USAFRICOM), and Headquarters Marine Corps (HQMC); accounts for the Commanders’ priorities and vision; establishes a deliberate yet broadly-defined multi-year plan to achieve stated objectives; and provides a framework for implementation, periodic assessment, and refinement.
(U//FOUO) NCTC Homegrown Violent Extremist Mobilization Indicators for Public Safety Personnel 2017 Edition
The indicators of violent extremist mobilization described herein are intended to provide federal, state, local, territorial and tribal law enforcement a roadmap of observable behaviors that could inform whether individuals or groups are preparing to engage in violent extremist activities including potential travel overseas to join a Foreign Terrorist Organization (FTO). The indicators are grouped by their assessed levels of diagnosticity—meaning how clearly we judge the behavior demonstrates an individual’s trajectory towards terrorist activity.
FBI Cyber Bulletin: Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information
The FBI is aware of criminal actors who are actively targeting File Transfer Protocol (FTP) servers operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI) and personally identifiable information (PII) in order to intimidate, harass, and blackmail business owners.
Published in three volumes, (Ground; Airspace & Air Defense Systems; and Naval & Littoral Systems) the WEG is the approved document for OPFOR equipment data used in U.S. Army training. Annual updates are posted on the ATN website. Therefore it is available for downloading and local distribution. Distribution restriction is unlimited. This issue replaces all previous issues.
The primary goal of Boko Haram is to institute an Islamic state throughout Nigeria based on a fundamentalist interpretation of Islamic law with an inevitable regional expansion. The founder and spiritual leader of Boko Haram, Muhammed Yusuf, and his followers originally believed in a peaceful transition and made what the current Boko Haram leadership considered illegitimate concessions to and compromises with secular and government leaders. The group has since adopted a takfirist ideology—the belief that less than a strict adherence to Salafist Islam makes a Muslim an “apostate” equal to infidels and, therefore, a legitimate target. Boko Haram has targeted and killed a number of prominent Muslim leaders who have been critical of the organization. Boko Haram considers any support of Western or secular ideas, such as schools based on Western influence, heretical and worthy of attack.
Department of Homeland Security, Federal Bureau of Investigation, Intelligence Fusion Centers, U.S. Secret Service
(U//FOUO) DHS-FBI-USSS Joint Threat Assessment 2017 Presidential Address to a Joint Session of Congress
This Joint Threat Assessment (JTA) addresses threats to the 2017 Presidential Address to a Joint Session of Congress (the Presidential Address) at the US Capitol Building in Washington, DC, on 28 February 2017. This assessment does not consider nonviolent civil disobedience tactics (for example, protests without a permit) that are outside the scope of federal law enforcement jurisdiction; however, civil disobedience tactics designed to cause a hazard to public safety and/or law enforcement fall within the scope of this assessment.
Cell phones, smart phones, the Internet, and GPS are increasingly available and are changing the nature of conflict, even in remote areas. Information can now reach out in new ways to global audiences because of the revolution in Information Technology (IT), particularly using cell phones and smart phones. The revival of hybrid warfare manifested in recent developments in the international security environment – such as the Arab Spring, the Ukrainian crisis, the rise of Jihadist-Salafist terrorism, and the European migrant crisis – demonstrates the power of communication, broadly based on IT advantages: messages and perceptions become predominant of physical engagements and strongly impact the behaviour of people. Orchestrated activities carry messages and have a crucial effect on 55 public opinions, decision-making processes, and domestic support.
Recent calls over the past year for attacks on hospitals in the West by media outlets sympathetic to the Islamic State of Iraq and ash-Sham (ISIS) highlight terrorists’ perception of hospitals as viable targets for attack. Targeting hospitals and healthcare facilities is consistent with ISIS’s tactics in Iraq and Syria, its previous calls for attacks on hospitals in the West, and the group’s calls for attacks in the West using “all available means.” While we have not seen any specific, credible threat against hospitals and healthcare facilities in the United States, we remain concerned that calls for such attacks may resonate with some violent extremists and lone offenders in the Homeland because of their likely perceived vulnerabilities and value as targets.
U.S. Army Foreign Military Studies Office: Russia’s Military Strategy Impacting 21st Century Reform and Geopolitics
Today’s military innovators are the modern-day scientists and engineers who assist in the creation of contemporary and new concept weaponry; and the military theorists who study changes in the character of war. Digital specialists understand how to develop and employ the capabilities of electronic warfare equipment, satellite technology, and fiber optic cables. While Kalashnikov’s fame is imbedded in Russia’s culture, it may be harder to find a current digital entrepreneur whose legacy will endure as long as his: there are simply too many of them, and their time in the spotlight appears to be quite short, since even now we are about to pass from the age of cyber to that of quantum. It is difficult to predict whose discoveries will be the most coveted by tomorrow’s military-industrial complex, not to mention the decision-making apparatus of the Kremlin and General Staff. Military theorists are playing an important role as well. They are studying how new weaponry has changed the correlation of forces in the world, the nature of war, and the impact of weaponry on both forecasting and the initial period of war.
(U//FOUO) DHS-FBI Intelligence Assessment: Baseline Comparison of US and Foreign Anarchist Extremist Movements
This joint DHS and FBI Assessment examines the possible reasons why anarchist extremist attacks in certain countries abroad and in the United States differ in the frequency of incidents and degree of lethality employed in order to determine ways US anarchist extremists actions might become more lethal in the future. This Assessment is intended to establish a baseline comparison of the US and foreign anarchist extremist movements and create new lines of research; follow-on assessments will update the findings identified in the paper, to include the breadth of data after the end of the reporting period (as warranted by new information), and identify new areas for DHS and FBI collaboration on the topic. This Assessment is also produced in anticipation of a heightened threat of anarchist extremist violence in 2016 related to the upcoming Democratic and Republican National Conventions—events historically associated with violence from the movement.
CI focuses on negating, mitigating, or degrading the foreign intelligence and security services (FISS) and international terrorist organizations (ITO) collection threat that targets Army interests through the conduct of investigations, operations, collection, analysis, production, and technical services and support.
This publication provides a guide for U.S. Army War College students to understand design, planning, and execution of cyberspace operations at combatant commands (CCMDs), joint task forces (JTFs), and joint functional component commands. It combines existing U.S. Government Unclassified and “Releasable to the Public” documents into a single guide.
The study addresses the challenges facing the United States from the increasing use by rivals and adversaries – state and non-state alike – of what have come to be called “Gray Zone” techniques. The term Gray Zone (“GZ”) denotes the use of techniques to achieve a nation’s goals and frustrate those of its rivals by employing instruments of power – often asymmetric and ambiguous in character – that are not direct use of acknowledged regular military forces.
(U//FOUO) DHS Intelligence Note: Germany Christmas Market Attack Underscores Threat to Mass Gatherings and Open-Access Venues
A 25-ton commercial truck transporting steel beams from Poland to Germany plowed into crowds at a Christmas market in Berlin at about 2000 local time on 19 December, killing at least 12 people and injuring 48 others, several critically, according to media reporting citing public security officials involved in the investigation. The truck was reportedly traveling at approximately 40 miles per hour when it rammed the Christmas market stands. Police estimate the vehicle traveled 80 yards into the Christmas market before coming to a halt.
We are living a paradox: The achievements of the industrial and information ages are shaping a world to come that is both more dangerous and richer with opportunity than ever before. Whether promise or peril prevails will turn on the choices of humankind. The progress of the past decades is historic—connecting people, empowering individuals, groups, and states, and lifting a billion people out of poverty in the process. But this same progress also spawned shocks like the Arab Spring, the 2008 Global Financial Crisis, and the global rise of populist, anti-establishment politics. These shocks reveal how fragile the achievements have been, underscoring deep shifts in the global landscape that portend a dark and difficult near future.
Inspections and incidents across the Department of Defense (DoD) reveal a need to reinforce basic cybersecurity requirements identified in policies, directives, and orders. In agreement with the Secretary of Defense, the Deputy Secretary of Defense, and the Joint Chiefs of Staff, the DoD Chief Information Officer (CIO) identified key tasks needed to ensure those requirements are achieved. The DoD Cybersecurity Campaign reinforces the need to ensure Commanders and Supervisors at all levels, including the operational level, are accountable for key tasks, including those identified in this Implementation Plan. The Campaign does not relieve a Commander’s and Supervisor’s responsibility for compliance with other cybersecurity tasks identified in policies, directives, and orders, but limits the risk assumed by one Commander or Supervisor in key areas in order to reduce the risk to all other DoD missions.