DHS Says Aging Infrastructure Poses Significant Risk to U.S.

A recent version of the Department of Homeland Security’s National Risk Profile found that old and deteriorating infrastructure in the U.S. could pose significant risks to the nation and its economy. According to the report, insufficient funding of inspection and maintenance of critical infrastructure throughout the U.S. could create wide-ranging problems as the nation’s infrastructure continues to age. Along with pandemics and nuclear terrorism, a draft version of the DHS National Risk Profile for 2011 lists “aging infrastructure” as having a “potentially significant impact” on the nation’s critical infrastructure. The assessment states that “unusable, ineffectual, and deteriorating critical infrastructure, as well as the potential for exploitation of these vulnerabilities, increase risk . . . due to the inadvertent introduction of flaws, reduced inspection and maintenance workforce, and insufficient investment.” Moreover, this is not a limited threat, as the assessment states that the “entire United States is at risk from aging infrastructure that will eventually “affect all critical infrastructure sectors and ultimately reduce or erode their capacity and lifetimes in unexpected and unpredicted ways.”

(U//FOUO) DHS-FBI Bulletin: Increasing Exploitation of Mobile Device Vulnerabilities

State, local, tribal and territorial (SLTT) computer networks have been increasingly targeted by cyber adversaries. At the same time, the expansion of mobile devices integrated into SLTT networks provides new opportunities for cyber adversaries seeking to collect information or disrupt operations by compromising mobile technology and exploiting vulnerabilities in portable operating systems, application software, and hardware. Compromise of a mobile device can have an impact beyond the device itself; malware can propagate across interconnected networks.

Congressional Budget Office Report: Distribution of Expenditures in Individual Income Tax System

A number of exclusions, deductions, preferential rates, and credits in the federal tax system cause revenues to be much lower than they would be otherwise for any given structure of tax rates. Some of those provisions—in both the individual and corporate income tax systems—are termed “tax expenditures” because they resemble federal spending by providing financial assistance to specific activities, entities, or groups of people. Tax expenditures, like traditional forms of federal spending, contribute to the federal budget deficit; influence how people work, save, and invest; and affect the distribution of income. This report examines how 10 of the largest tax expenditures in the individual income tax system in 2013 are distributed among households with different amounts of income.

(U//FOUO) NSA Hardening Network Infrastructure: Security Recommendations for System Accreditors

Many networks run by public and private organizations have experienced intrusions in recent years, and this cyber exploitation has resulted in an unprecedented transfer of wealth due to lost intellectual property. The threats to our networks and systems exist across numerous components that include end-user-devices, servers, and infrastructure devices. To address threats to routers and other network infrastructure devices, the National Security Agency’s Information Assurance Directorate (IAD) is publishing this IAA to guide U.S. Government systems accreditors’ strategic plan for network hardening.

(U//FOUO) NSA Mitigations Guidance for Distributed Denial of Service Attacks

Adversary actors in cyberspace continue to demonstrate the interest in and ability to execute Distributed Denial of Service (DDoS) attacks against the United States. The need to offer Internet services in support of mission requirements inherently exposes these services to malicious traffic and the potential for DDoS attack. Proactive preparation to ensure network resilience in the event of a DDoS event is essential. Reactive measures are feasible, but are often too slow to respond to the dynamic nature of today’s threat.

(U//FOUO) DHS-FBI Bulletin: Diversion as a Terrorist Tactic

Terrorists and violent extremists have used—or considered using—diversionary tactics in terrorist attacks overseas. Diversionary tactics are often used to draw security forces and first responders away from the intended primary target of the attack and may be used as part of a complex or multi-pronged attack. Diverting first responders to a location other than the primary target of an attack delays the response and the provision of medical care to victims, and depletes first responder resources.

(U//FOUO) DHS-FBI Bulletin: Use of Unsuspecting Civilians in IED Attacks

Terrorists and violent extremists could use unsuspecting civilians to transport improvised explosive devices (IEDs) artfully concealed in seemingly harmless items for use in attacks in the Homeland. Overseas attacks demonstrate that violent extremists have successfully used unsuspecting individuals to carry items containing IEDs to specific targets where the devices are then detonated remotely. This tactic enables terrorists and violent extremists to place IEDs in secure areas, among large gatherings of people, or at high profile events and detonate them from a standoff distance.

Senate Permanent Subcommittee on Investigations Apple Offshore Profit Shifting Exhibits

On May 21, 2013, the Permanent Subcommittee on Investigations (PSI) of the U.S. Senate Homeland Security and Government Affairs Committee will hold a hearing that is a continuation of a series of reviews conducted by the Subcommittee on how individual and corporate taxpayers are shifting billions of dollars offshore to avoid U.S. taxes. The hearing will examine how Apple Inc., a U.S. multinational corporation, has used a variety of offshore structures, arrangements, and transactions to shift billions of dollars in profits away from the United States and into Ireland, where Apple has negotiated a special corporate tax rate of less than two percent. One of Apple’s more unusual tactics has been to establish and direct substantial funds to offshore entities in Ireland, while claiming they are not tax residents of any jurisdiction. For example, Apple Inc. established an offshore subsidiary, Apple Operations International, which from 2009 to 2012 reported net income of $30 billion, but declined to declare any tax residence, filed no corporate income tax return, and paid no corporate income taxes to any national government for five years. A second Irish affiliate, Apple Sales International, received $74 billion in sales income over four years, but due in part to its alleged status as a non-tax resident, paid taxes on only a tiny fraction of that income.

U.S. Department of Justice Statistics Report: Firearm Violence 1993-2011

In 2011, a total of 478,400 fatal and nonfatal violent crimes were committed with a firearm. Homicides made up about 2% of all firearm-related crimes. There were 11,101 firearm homicides in 2011, down by 39% from a high of 18,253 in 1993. The majority of the decline in firearm-related homicides occurred between 1993 and 1998. Since 1999, the number of firearm homicides increased from 10,828 to 12,791 in 2006 before declining to 11,101 in 2011. Nonfatal firearm-related violent victimizations against persons age 12 or older declined 70%, from 1.5 million in 1993 to 456,500 in 2004. The number then fluctuated between about 400,000 to 600,000 through 2011. While the number of firearm crimes declined over time, the percentage of all violence that involved a firearm did not change substantively, fluctuating between 6% and 9% over the same period. In 1993, 9% of all violence was committed with a firearm, compared to 8% in 2011.

(U//FOUO) U.S. Army Operation Iraqi Freedom Information Operations Tactical Commander’s Handbook

This handbook provides the tactical operator, commander, and battle staff with information on planning, executing, assessing, and sustaining information operations (IO). The handbook is based on observations collected in Iraq during July and August 2004 by an IO collection and analysis team (CAAT). The application of this tool is both for training and real-world events the Soldier may encounter in the Iraqi area of operations.

Joint and Coalition Operational Analysis (JCOA) Reducing and Mitigating Civilian Casualties: Enduring Lessons

The United States has long been committed to upholding the Law of Armed Conflict (LOAC) and minimizing collateral damage, which includes civilian casualties (CIVCAS) and unintended damage to civilian objects (facilities, equipment, or other property that is not a military objective). In support of these goals, the U.S. military developed capabilities for precision engagements and accurately identifying targets, such as the development of refined targeting processes and predictive tools to better estimate and minimize collateral damage. These capabilities permitted the conduct of combat operations with lower relative numbers of civilian casualties compared to past operations. However, despite these efforts, and while maintaining compliance with the laws of war, the U.S. military found over the past decade that these measures were not always sufficient for meeting the goal of minimizing civilian casualties when possible. Resulting civilian casualties ran counter to U.S. desires and public statements that the United States did “everything possible” to avoid civilian casualties, and therefore caused negative second-order effects that impacted U.S. national, strategic, and operational interests.

DHS and FBI Bulletins on OpUSA Tools and Tactics

Multiple groups, and individual hacker handles have claimed their intent to attack U.S. websites as part of OpUSA. As seen in many hacktivist operations (Ops), willing participants have posted free tools to assist other like minded individuals in their attack efforts. Often, more coordinated attacks will name a specific tool, target, day and time for the attack. That has not been the case for OpUSA thus far. Individual hacker groups seem to be conducting attacks independently, each claiming responsibility for individual defacements and data breaches that have supposedly recently taken place. Below you will find some of the tools being posted in conversations about OpUSA and links to US-CERT sites which provide background on the vulnerabilities exploited by these tools as well as mitigation advice for computer network defense actions.

UNODC Afghanistan Opium Survey 2012

Afghanistan cultivates, produces and process narcotics that are a threat to the region and worldwide. However, the international community also needs to understand that Afghanistan itself is a victim of this phenomenon. The existence of hundreds of thousands of problem drug users, as well as decades of civil war, terrorism and instability are all related to the existence of narcotics in the country. According to the findings of this survey, the total area under cultivation was estimated at 154,000 hectares, an 18 per cent increase from the previous year. Comparisons of the gross and net values with Afghan’s licit GDP for 2012 also serve to highlight the opium economy’s impact on the country. In 2012, net opium exports were worth some 10 per cent of licit GDP, while the farmgate value of the opium needed to produce those exports alone was equivalent to 4 per cent of licit GDP. On the basis of shared responsibility and the special session of the United Nation’s General assembly in 1998, the international community needs to take a balanced approach by addressing both the supply and the demand side equally. In addition, more attention needs to be paid to reduce demand and the smuggling of precursors as well as provide further support to the Government of Afghanistan.

(U//FOUO) U.S. Air Force Notice on Use of Social Networking Sites for Computer Network Exploitation

Nation-state adversaries regularly use accounts on popular social networking sites to facilitate social engineering against DoD members. Information disclosed or discovered on social networking sites creates a significant operations security (OPSEC) concern and in the context of a wide spread collection effort could be by adversaries to form a classified picture.

DHS-Connecticut Intelligence Center (CTIC) Active Shooter Individual Response Guidelines

An “Active Shooter” is an individual actively engaging in killing or attempting to kill people in a confined and populated area; in most cases, active shooters use firearm(s) and there is no pattern or method to their selection of victims. Active Shooter situations are unpredictable and evolve quickly. Typically, the immediate deployment of Law Enforcement is required to stop the shooting and mitigate harm to victims. Because Active Shooter incidents are often over within 5-15 minutes, before Law Enforcement arrives on the scene, individuals must be prepared both mentally and physically to deal with an active shooter situation.

(U//FOUO) National Counterterrorism Center Report: Common Misconceptions About Homeland Plotting

A facilitated brainstorming session was convened to identify and examine the most common misconceptions about conventional Homeland plotting. These misconceptions stemmed from inquiries received from Federal, state, local, tribal, and private-sector consumers and from articles published by outside experts and in the media. Analysts identified the following six misconceptions as the most common and compared them with current analytic lines.

DoD Report to Congress on North Korea Military and Security Developments 2012

The Democratic People’s Republic of Korea (DPRK) remains one of the United States’ most critical security challenges in Northeast Asia. North Korea remains a security threat because of its willingness to undertake provocative and destabilizing behavior, including attacks on the Republic of Korea (ROK), its pursuit of nuclear weapons and long-range ballistic missiles, and its willingness to proliferate weapons in contravention of its international agreements and United Nations Security Council Resolutions. North Korean aspiration for reunification – attainable in its mind in part by expelling U.S. forces from the Peninsula – and its commitment to perpetuating the Kim family regime are largely unchanged since the nation’s founding in 1948, but its strategies to achieve these goals have evolved significantly. Under Kim Jong Il, DPRK strategy had been focused on internal security; coercive diplomacy to compel acceptance of its diplomatic, economic and security interests; development of strategic military capabilities to deter external attack; and challenging the ROK and the U.S.-ROK Alliance. We anticipate these strategic goals will be consistent under North Korea’s new leader, Kim Jong Un.

DHS-FBI Bulletins Identifying IP Addresses, Hostnames Associated With Malicious Cyber Activity Against the U.S. Government

Various cyber actors have engaged in malicious activity against Government and Private Sector entities. The apparent objective of this activity has been the theft of intellectual property, trade secrets, and other sensitive business information. To this end, the malicious actors have employed a variety of techniques in order to infiltrate targeted organizations, establish a foothold, move laterally through the targets’ networks, and exfiltrate confidential or proprietary data. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation and other partners, has created this Joint Indicator Bulletin, containing cyber indicators related to this activity. Organizations are advised to examine current and historical security logs for evidence of malicious activity related to the indicators in this bulletin and deploy additional protections as appropriate.

IMF Fiscal Affairs Department Cyprus Options for Short-Term Expenditure Rationalization

Increasing public spending had contributed to a substantial deterioration of public finances in Cyprus over recent years. To address fiscal imbalances, the government introduced an initial set of fiscal reform’s in late 2012. However, additional measures are needed to ensure the sustainability of public finances. The size of the necessary adjustment will depend, among other things, on the magnitude of spillovers from financial sector restructuring.