This joint DHS and FBI Assessment examines the possible reasons why anarchist extremist attacks in certain countries abroad and in the United States differ in the frequency of incidents and degree of lethality employed in order to determine ways US anarchist extremists actions might become more lethal in the future. This Assessment is intended to establish a baseline comparison of the US and foreign anarchist extremist movements and create new lines of research; follow-on assessments will update the findings identified in the paper, to include the breadth of data after the end of the reporting period (as warranted by new information), and identify new areas for DHS and FBI collaboration on the topic. This Assessment is also produced in anticipation of a heightened threat of anarchist extremist violence in 2016 related to the upcoming Democratic and Republican National Conventions—events historically associated with violence from the movement.
CI focuses on negating, mitigating, or degrading the foreign intelligence and security services (FISS) and international terrorist organizations (ITO) collection threat that targets Army interests through the conduct of investigations, operations, collection, analysis, production, and technical services and support.
This publication provides a guide for U.S. Army War College students to understand design, planning, and execution of cyberspace operations at combatant commands (CCMDs), joint task forces (JTFs), and joint functional component commands. It combines existing U.S. Government Unclassified and “Releasable to the Public” documents into a single guide.
The study addresses the challenges facing the United States from the increasing use by rivals and adversaries – state and non-state alike – of what have come to be called “Gray Zone” techniques. The term Gray Zone (“GZ”) denotes the use of techniques to achieve a nation’s goals and frustrate those of its rivals by employing instruments of power – often asymmetric and ambiguous in character – that are not direct use of acknowledged regular military forces.
(U//FOUO) DHS Intelligence Note: Germany Christmas Market Attack Underscores Threat to Mass Gatherings and Open-Access Venues
A 25-ton commercial truck transporting steel beams from Poland to Germany plowed into crowds at a Christmas market in Berlin at about 2000 local time on 19 December, killing at least 12 people and injuring 48 others, several critically, according to media reporting citing public security officials involved in the investigation. The truck was reportedly traveling at approximately 40 miles per hour when it rammed the Christmas market stands. Police estimate the vehicle traveled 80 yards into the Christmas market before coming to a halt.
We are living a paradox: The achievements of the industrial and information ages are shaping a world to come that is both more dangerous and richer with opportunity than ever before. Whether promise or peril prevails will turn on the choices of humankind. The progress of the past decades is historic—connecting people, empowering individuals, groups, and states, and lifting a billion people out of poverty in the process. But this same progress also spawned shocks like the Arab Spring, the 2008 Global Financial Crisis, and the global rise of populist, anti-establishment politics. These shocks reveal how fragile the achievements have been, underscoring deep shifts in the global landscape that portend a dark and difficult near future.
Inspections and incidents across the Department of Defense (DoD) reveal a need to reinforce basic cybersecurity requirements identified in policies, directives, and orders. In agreement with the Secretary of Defense, the Deputy Secretary of Defense, and the Joint Chiefs of Staff, the DoD Chief Information Officer (CIO) identified key tasks needed to ensure those requirements are achieved. The DoD Cybersecurity Campaign reinforces the need to ensure Commanders and Supervisors at all levels, including the operational level, are accountable for key tasks, including those identified in this Implementation Plan. The Campaign does not relieve a Commander’s and Supervisor’s responsibility for compliance with other cybersecurity tasks identified in policies, directives, and orders, but limits the risk assumed by one Commander or Supervisor in key areas in order to reduce the risk to all other DoD missions.
The Arab World is a vast area which is home to people from diverse cultures. The way in which people behave and interact with you will therefore vary greatly across the region. This guide discusses aspects of Arab culture that you might experience in Algeria, Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Mauritania, Morocco, Oman, the Palestinian Territories, Qatar, Saudi Arabia, Sudan, Syria, Tunisia, the United Arab Emirates (UAE) and Yemen. Further reading on individual countries is recommended before you deploy.
Office of the Director of National Intelligence Background Report: Assessing Russian Activities and Intentions in Recent US Elections
The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation—malicious or not—leaves a trail. US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source. In every case, they apply the same tradecraft standards described in the Analytic Process above.
The Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy, released concurrently with this National Electric Grid Security and Resilience Action Plan (Action Plan), details bilateral goals to address the vulnerabilities of the respective and shared electric grid infrastructure of the United States and Canada, not only as an energy security concern, but for reasons of national security. The implementation of the Strategy requires continued action of a nationwide network of governments, departments and agencies (agencies), and private sector partners. This Action Plan details the activities, deliverables, and timelines that will be undertaken primarily by U.S. Federal agencies for the United States to make progress toward the Strategy’s goals.
This Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy addresses the vulnerabilities of the two countries’ respective and shared electric grid infrastructure, not only as an energy security concern, but for reasons of national security. This joint Strategy relies on the existing strong bilateral collaboration between the United States and Canada, and reflects a joint commitment to enhance a shared approach to risk management for the electric grid. It also articulates a common vision of the future electric grid that depends on effective and expanded collaboration among those who own, operate, protect, and rely on the electric grid. Because the electric grid is complex, vital to the functioning of modern society, and dependent on other infrastructure for its function, the United States and Canada developed the Strategy under the shared principle that security and resilience require increasingly collaborative efforts and shared approaches to risk management.
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
The law enforcement community often refers to their challenge in this context as “going dark.” In essence, “going dark” refers to advancements in technology that leave law enforcement and the national security community unable to obtain certain forms of evidence. In recent years, it has become synonymous with the growing use of strong default encryption available to consumers that makes it increasingly difficult for law enforcement agencies to access both real-time communications and stored information. The FBI has been a leading critic of this trend, arguing that law enforcement may no longer be able “to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.” As a result, the law enforcement community has historically advocated for legislation to “ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to keep America safe.”
In June 2013, former National Security Agency (NSA) contractor Edward Snowden perpetrated the largest and most damaging public release of classified information in U.S. intelligence history. In August 2014, the Chairman and Ranking Member of the House Permanent Select Committee on Intelligence (HPSCI) directed Committee staff to carry out a comprehensive review of the unauthorized disclosures. The aim of the review was to allow the Committee to explain to other Members of Congress–and, where possible, the American people–how this breach occurred, what the U.S. Government knows about the man who committed it, and whether the security shortfalls it highlighted had been remedied.
Advances in emerging surveillance technologies like cell-site simulators – devices which transform a cell phone into a real-time tracking device – require careful evaluation to ensure their use is consistent with the protections afforded under the First and Fourth Amendments to the U.S. Constitution. The United States’ military and intelligence agencies have developed robust and sophisticated surveillance technologies for deployment in defense against threats from foreign actors. These technologies are essential to keeping America safe. Increasingly though, domestic law enforcement at the federal, state, and local levels are using surveillance technologies in their every-day crime-fighting activities. In the case of cell-site simulators, this technology is being used to investigate a wide range of criminal activity, from human trafficking to narcotics trafficking, as well as kidnapping, and to assist in the apprehension of dangerous and violent fugitives.
U.S. Army Special Operations Command Study: Legal Implications of the Status of Persons in Resistance
The purpose of this study is to provide a synthesis of the prevailing issues and analysis concerning the legal status of persons in resistance. This document refers broadly to resistance and those involved in it, meaning those individuals comprising the resistance element, US personnel supporting or countering the resistance, and the standing government. In alignment with this focus, the document explores the status of personnel particularly in foreign internal defense (FID), counterinsurgency (COIN), and unconventional warfare (UW) operations. When originally conceived, this manuscript was to be an updated volume of the 1961 American University Special Operations Research Office (SORO) study, The Legal Status of Participants in Unconventional Warfare. The National Security Analysis Department (NSAD) of the Johns Hopkins University Applied Physics Laboratory (JHU/APL) was asked by the US Army Special Operations Command (USASOC), G-3X Special Programs Division, to review and analyze the historical use of international law, the law of land warfare, and applicable international conventions and update the SORO study accordingly and also include unique legal considerations regarding the status of irregular forces. Because many aspects of both law and policy have changed since the 1961 publication, particularly within the context of US involvement in Afghanistan and Iraq, USASOC requested that this manuscript be a new document to account for these changes, highlight key legal questions, and position these questions within the context of hypothetical scenarios and historical examples.
The Joint Operating Environment 2035 (JOE 2035) is designed to encourage the purposeful preparation of the Joint Force to effectively protect the United States, its interests, and its allies in 2035. For the Joint Force, thinking through the most important conditions in a changing world can mean the difference between victory and defeat, success and failure, and the needless expenditure of human lives and national treasure versus the judicious and prudent application of both to defend our vital interests.
Joint Staff Strategic Multi-Layer Assessment on Bio-Psycho-Social Applications to Cognitive Engagement
The underlying concept of this paper is how bio-psycho-social approaches to cognitive engagement, described in greater depth by DeGennaro, may be put to use to collect, analyze, and/or apply information to meet a tactical, operational, or strategic end. This White Paper will focus on the proverbial “rubber meets the road” approaches of behavioral operations in the human domain where the former is “the study of attributes of human behavior and cognition that impact the design, management, and improvement of operating systems, and the study of the interaction between such attributes and operating systems and processes” and the latter is “the presence, activities (including transactions both physical and virtual), culture, social structure/organization, networks and relationships, motivation, intent, vulnerabilities, and capabilities of humans (single or groups) across all domains of the operational environment (Space, Air, Maritime, Ground, and Cyber).” Information Operations (IO) doctrine defines the cognitive domain as the component of the information environment (IE) that encompasses the gray matter of those who transmit, receive, and act upon information. Cognitive operations such as information processing, perception, judgment, and decision-making are the most vital aspect of the IE. Cognition is influenced by individual and cultural beliefs, norms, vulnerabilities, motivations, emotions, experiences, morals, education, mental health, identities, and ideologies and thus requires research and analysis methods from the bio-psycho-social sciences to understand and manipulate. When, how, and most importantly why to apply that understanding to US advantage at the tactical, operational, and strategic level is the focus of this effort.
FBI Cyber Bulletin: APT Targeting U.S. Private Sector, Government Networks Using Presidential Election Lures
Likely Advanced Persistent Threat (APT) cyber actors have targeted US private sector and government networks since August 2016 with spear phishing campaigns, using newly identified exploits contained within lures related to foreign affairs and the recent US presidential election. The FBI analyzed malicious Microsoft Office documents, a zip archive, a first-stage downloader, a second-stage in-memory-only PNG wrapped malware, and a BAT-initiated PowerShell script associated with the campaigns. This FLASH provides rules and signatures to assist in network defense efforts.
(U//FOUO) DHS, Fusion Centers Reference Aid: Malicious Terrorism Hoaxes Likely to Endure, Strain State and Local First Responder Resources
This Reference Aid is intended to provide information on malicious terrorism hoaxes that will continue to challenge first responder resources throughout the Homeland and territories. This Reference Aid is provided by I&A, DIAC, NCRIC, NVRIC, and NJ-ROIC to support their respective activities, to provide situational awareness, and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and first responders with recognizing the indicators and implications of malicious terrorism hoaxes. The use of hoax calls may also be used as a technique to lure authorities to a particular location for the purpose of conducting a potential attack, but is not discussed in this article, as luring is viewed as its own distinct tactic.
This report serves to present information and analysis associated with fire, arson, and bombing incidents at houses of worship (HOWs) occurring within the United States for the past 5 years, between January 2011 through December 2015, and reported to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). In total, there were 733 fire and explosion related incidents, per ATF reporting, for all 50 States. The information contained herein does not represent all fire, arson and bombing incidents for the United States. This report only represents those incidents that have been reported to and investigated by ATF.