U.S. Army TRADOC Report: Syria Threat Tactics

Syria and its ongoing civil war represent an operational environment (OE) that includes many of the characteristics illustrative of the complexities of modern warfare. Now in its fourth year, the civil war in Syria has lured a variety of threat actors from the Middle East and beyond. What began as a protest for improved opportunities and human rights has devolved into a full-scale civil war. As the Syrian military and security forces fought to subdue the civil unrest across the country, these protest groups responded with increasing violence aided by internal and external forces with a long history of terrorist activity. Ill-suited for the scale of combat that was unfolding across the country, Syrian forces turned to their allies for help, including Hezbollah and Iran. The inclusion of these forces has in many ways transformed the military of President Bashar al Assad from a conventional defensive force to a counterinsurgency force.

U.S. Army TRADOC Report: The Battle for Sinjar, Iraq

This Tactical Action Report (TAR) provides information on the capture and subsequent recapture of Sinjar, a town at the foot of the Sinjar Mountains. The Nineveh Offensive, of which Sinjar was a key target, led to the capture of a large part of northern Iraq and included the occupation of Mosul. ISIL pushed Peshmerga forces from the area and threatened Erbil, the government seat of the KRG in 2014. A growing humanitarian crisis developed as ISIL began purging villages in the Sinjar area of the minority group known as Yazidis. Thousands were killed, kidnapped, or forced to flee their homes. Many Yazidis retreated to the Sinjar Mountains where they were besieged by ISIL fighters. These circumstances led to President Barack Obama ordering air strikes to protect Erbil, where US military advisors were headquartered, and to relieve the displaced Yazidi civilians. Over a year later Peshmerga fighters, with the help of other Kurdish factions, pushed ISIL forces out of Sinjar and other surrounding areas and severed a key supply route connecting ISIL-held Raqqa, Syria, with Mosul, Iraq.

(U//FOUO) DHS-FBI-NCTC Bulletin: Tactics, Techniques, and Procedures Used in March 2016 Brussels Attacks

This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 22 March 2016 attacks in Brussels, Belgium. The analysis in this JIB is based on statements by European government and law enforcement officials cited in media reporting and is subject to change with the release of official details from post-incident investigations. This JIB is provided by DHS, FBI, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, first responders and private sector partners in deterring, preventing, preempting, or disrupting terrorist attacks against the United States.

FBI Cyber Bulletin: Smart Farming May Increase Cyber Targeting Against US Food and Agriculture Sector

The FBI and the US Department of Agriculture (USDA) assess the Food and Agriculture (FA) Sector is increasingly vulnerable to cyber attacks as farmers become more reliant on digitized data. While precision agriculture technology (a.k.a. smart farming)a reduces farming costs and increases crop yields, farmers need to be aware of and understand the associated cyber risks to their data and ensure that companies entrusted to manage their data, including digital management tool and application developers and cloud service providers, develop adequate cybersecurity and breach response plans.

(U//FOUO) MS-ISAC Intel Paper: Common Cyber Threats to Universities

The Multi-­State Information Sharing and Analysis Center (MS-­ISAC) assesses with high confidence that cyber threat actors routinely target universities, for the purposes of financial gain, notoriety, or entertainment, and often to gain access to personally identifiable information (PII) and/or sensitive research. MS-­ISAC believes universities are inherently more vulnerable to cyber targeting than other state, local, tribal, and territorial (SLTT) government entities, due to the non-­restrictive research environment with less compartmentalization and less access restriction, which results in more opportunity for infection, and when infection occurs, easier transmission through a network.

U.S. Army North Commander Testimony: The Role of the Army in the Homeland

Our history is replete with examples where both Guard and Active forces were employed to respond to our Nation’s disasters. In the recent era, the defining disaster was Hurricane Katrina, a Category 3 hurricane that forced the breach of levies and the subsequent massive flooding of New Orleans. It rapidly overwhelmed the capabilities of Louisiana that saw the C, NGB send upwards of 50,000 Guardsmen from other States and the President send in the 82nd Airborne Division. There have been other similar incidents in our lifetime: Hurricane Andrew (1992) where President Bush sent 2,000 to 5,000 Troops from Ft Bragg, Hurricane Hugo (1989) where over 3,000 Service members were sent in support, and the 1988 Yellowstone Fires where approximately 1,000 active duty Soldiers and Marines provided direct fire line support as part of JTF Yellowstone. These show that there are those potential catastrophic disasters (New Madrid Seismic Zone, Cascadia Subduction Zone, Cyber Attack, or even an Improvised Nuclear Detonation) that can hit the United States where the President will not hesitate to call upon Federal Forces.

Nation-State Cyber Actors Focused on “Maintaining Persistent Access” to U.S. Energy Infrastructure

There is currently a low threat of damaging cyber attacks against the U.S. energy infrastructure according an intelligence assessment released by the Department of Homeland Security and Industrial Control Systems Computer Emergency Response Team (ICS-CERT) in January. While “advanced persistent threat (APT) nation-state cyber actors are targeting US energy sector enterprise networks,” these activities are conducted primarily in support of cyber espionage focused primarily on “acquiring and maintaining persistent access to facilitate the introduction of malware” in the event of “hostilities with the United States.”

(U//FOUO) DHS Intelligence Assessment: Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector

This Assessment establishes a baseline analysis of cyber threats to the US energy sector based on comprehensive FY 2014 incident reporting data compiled by ICS-CERT, as well as reporting by the Intelligence Community (IC), private sector cybersecurity industry, and open source media between early 2011 and January 2016. This Assessment is designed to help close gaps between the private sector’s and the IC’s understanding of current cyber threats facing the US energy sector. Critical infrastructure owners and operators can use this analysis to better understand cyber threats facing the US energy sector and help focus defensive strategies and operations to mitigate these threats. The Assessment does not include an in-depth analysis of foreign cyber doctrines or nation-state red lines for conducting cyber attacks against the United States. The information cutoff date for this Assessment is January 2016.

Boston Fusion Center Bulletin: Terror Attacks on Entertainment Venues

Several recent incidents underline the possibility that soft targets, including entertainment venues such as bars and restaurants, are increasingly chosen over hard targets that may hold more significance to the victims and the attacking person or group. Using analysis of recent events and data from the START Global Terrorism Database, the BRIC completed the following study to raise awareness regarding the targeting of entertainment venues by violent extremist groups.

FBI Cyber Bulletin: Global Extremists Conducting Cyber Activity in Support of ISIL

Over the past 18-24 months, an unknown number of online extremists have conducted “hacktivist” cyber operations – primarily Web site defacements, denial-of-service attacks, and release of personally identifiable information (PII) in an effort to spread pro-Islamic State of Iraq and the Levant (ISIL) propaganda and to incite violence against the United States and the West. Recent open source reporting from the Daily Mail India, indicates ISIL is recruiting Indian hackers and offering upwards of $10,000 USD per job to hack government Web sites, steal data, and to build social media databases for recruiting purposes. Indian officials believe as many as 30,000 hackers in India may have been contacted. The FBI cannot confirm the validity of the media reports, and beyond this single article on Indian hackers and ISIL, does not have information indicating any such relationship exists to date. The FBI assesses this activity is most likely independent of ISIL’s leaders located in Syria and Iraq.

Europol Cooperation with Non-Law Enforcement Partners in Combating Cybercrime

The prevention, investigation and prosecution of cybercrime calls for a close cooperation between partners from various sectors. The European Cybercrime Centre (EC3) at Europol has gained practical experience in such forms of multi-disciplinary cooperation and aims to share some of this experience through this note as input for discussions at the Conference on Jurisdictions in Cyberspace on 7-8 March 2016, organised by the Dutch Presidency of the Council of European Union.

DHS Infrastructure Report: Consequences of Malicious Cyber Activity Against Seaports

Unless cyber vulnerabilities are addressed, they will pose a significant risk to port facilities and aboard vessels within the Maritime Subsector. These potential vulnerabilities include limited cybersecurity training and preparedness, errors in software, inadequately protected commercial off-the-shelf technologies and legacy systems, network connectivity and interdependencies, software similarities, foreign dependencies, global positioning system jamming-spoofing, and insider threats.

House Homeland Security Committee Report: Combating Terrorist and Foreign Fighter Travel

Today we are witnessing the largest global convergence of jihadists in history, as individuals from more than 100 countries have migrated to the conflict zone in Syria and Iraq since 2011. Some initially flew to the region to join opposition groups seeking to oust Syrian dictator Bashar al-Assad, but most are now joining the Islamic State of Iraq and Syria (ISIS), inspired to become a part of the group’s “caliphate” and to expand its repressive society. Over 25,000 foreign fighters have traveled to the battlefield to enlist with Islamist terrorist groups, including at least 4,500 Westerners. More than 250 individuals from the United States have also joined or attempted to fight with extremists in the conflict zone.

(U//FOUO) California Fusion Center: Drone Threats to Public Safety Personnel, Assets and Response

Encounters in 2015 of unauthorized unmanned aircraft systems (UAS), also known as drones, with public safety aircraft during emergency events underscore the potential threats UAS pose to response efforts—notably search-and-rescue, firefighting and police air assets—as well as the lives, property and natural resources already at risk.

(U//FOUO) Boston Regional Intelligence Center Suspicious Activity Behavior & Indicators For Public Sector Partners

This document is intended to highlight several suspicious activity behaviors and indicators that may be indicative of preoperational terrorist activity for business owners and private sector security personnel. This product focuses on behaviors and indicators that would be of interest prior to any major event. This proactive public safety strategy is an ongoing attempt to provide our private sector partners with some information on suspicious activity.

NCTC Counterterrorism Digest January 26-February 2, 2016

Counterterrorism Digest is a compilation of UNCLASSIFIED open source publicly available press material, to include relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Digest is produced by the National Counterterrorism Center and contains situational awareness items detailing on-going terrorism-related developments which may be of interest to security personnel.

NCTC Counterterrorism Digest January 20-26, 2016

Counterterrorism Digest is a compilation of UNCLASSIFIED open source publicly available press material, to include relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Digest is produced by the National Counterterrorism Center and contains situational awareness items detailing on-going terrorism-related developments which may be of interest to security personnel.

DHS Report Details “Persistent” Cyber Targeting of Police, Emergency Services

Cyber attacks against law enforcement, fire departments and other emergency services have become increasingly common and are likely to increase according to a recent intelligence assessment prepared by the Department of Homeland Security and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The assessment, which was distributed to law enforcement in September 2015 and was obtained by Public Intelligence, reviewed a number of “cyber attacks against the [emergency services sector or ESS] between February 2012 and May 2015,” finding that “targeting of the ESS will likely increase as ESS systems and networks become more interconnected and the ESS becomes more dependent on information technology for the conduct of daily operations—creating a wider array of attack vectors for cyber targeting.”