Tag Archive for Critical Infrastructure

(U//FOUO) FBI Awareness Message: Threats to Maritime Transportation

Maritime transportation infrastructure—to include watercraft, seaports, harbors, and waterways—is vital to the United States’ economy and national security. Maritime shipping accounts for ninety-nine percent of all US overseas trade. Additionally, passenger ships transport more than 140 million people to and from US ports each year. Countless vacationers enjoy maritime recreation on US lakes and beaches. All of these activities depend upon safe and open waterways, which the FBI defends from a variety of criminal and national security threats. A top concern is that past attacks on foreign passenger ferries and cargo liners could inspire similar action against US commercial vessels. Additional threats to maritime security include: contraband smuggling, human trafficking, piracy and crimes at sea, and cyber attacks against maritime information systems.

Unravelling TrapWire: The CIA-Connected Global Suspicious Activity Surveillance System

A number of hacked emails from the private intelligence firm Stratfor have shed light on a global suspicious activity surveillance system called TrapWire, that is reportedly in use in locations around the world from the London Stock Exchange to the White House. The emails, which were released yesterday by WikiLeaks, provide information on the extent and operations of a system designed to correlate suspicious activity reports and other evidence that may indicate surveillance connected with a potential terrorist attack.

(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Aviation Flyovers

Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.

DHS, FBI Warn Law Enforcement of Terrorists Asking Questions

The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”

National Level Exercise 2012 Will Focus on Cyber Attacks Against Critical Infrastructure

Rather than combating natural disasters or a nuclear detonation in a major U.S. city, this year’s National Level Exercise will focus on cyber threats to critical infrastructure and the “real world” implications for government and law enforcement of large-scale cyber attacks. National Level Exercise 2012 (NLE 2012) is scheduled to take place in June and will involve emergency response personnel from at least thirteen states, four countries, nearly every major governmental department as well as a number of private companies, non-governmental organizations, institutions of higher education and local fusion centers. The exercise will span four FEMA regions and will include scenarios affecting the National Capital Region.

(U//FOUO) DHS Infrastructure Protection Note: Evolving Threats to the Homeland

The Office of Infrastructure Protection (IP) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Infrastructure Protection Notes to address issues impacting the infrastructure protection community’s risk environment from terrorist threats and attacks, natural hazards, and other events. Based on the analysis within the DHS Office of Intelligence and Analysis product Evolution of the Terrorist Threat to the United States this IP Note outlines the evolution of terrorist threats and impacts to the Nation’s critical infrastructure.

(U//FOUO) Georgia Fusion Center: Suspicious Incident at Haralson County Water Treatment Facility

The Georgia Information Sharing and Analysis Center (GISAC) is releasing this informational bulletin to enhance the situational awareness of law enforcement and security personnel with regard to a highly suspicious break-in incident that occurred on 24 October 2011 at the Haralson County Water Treatment Facility. During this incident, a subject broke in to the facility and was recorded (via security camera) taking pictures of the facility’s chlorination system, including the chlorine tank. In light of this highly suspicious incident, GISAC is urging facilities to be vigilant in their security measures and report any suspicious activity regarding water treatment facilities, or other critical infrastructure as soon as possible.

(U//FOUO) DHS Rising Copper Thefts Disrupting Homeland Infrastructure

Reported copper thefts from critical infrastructure and key resource (CIKR) sectors in the United States rose at least 50 percent in 2010 compared to the previous year, largely driven by record-high prices for copper. Individuals and criminal organizations have engaged in copper thefts primarily for financial gain. We have seen no indication that terrorists are using copper thefts in the homeland as a tactic to damage or destroy CIKR facilities or to fund terrorist activity.

(U//FOUO) DHS Utility-Sector Employee Insider Threats Warning

Insiders often possess detailed operational and system-security knowledge, as well as authorized physical and systems access to utilities. Insiders can be employees, contractors, service providers, or anyone with legitimate access to utility systems. They often are self-motivated, know system security measures, and raise no alarms due to their authorized systems access. With knowledge of and access to a utility’s network, malicious actors could seize control of utility systems or corrupt information sent to plant operators, causing damage to plant systems and equipment. Systems and networks used by utilities are potential targets for a variety of malicious cyber actors. Threat actors who target these systems may be intent on damaging equipment and facilities, disrupting services, stealing proprietary information, or other malicious activities. The greater the individual’s knowledge and authorized systems access, the greater risk the individual poses. Furthermore, any individual with access to a plant’s systems could unwittingly or inadvertently introduce malware into a system through portable media or by falling victim to socially engineered e-mails.

(U//FOUO) Massachusetts Commonwealth Fusion Center Hotels/Lodging Industry Warning

As Al-Qa‘ida and other terrorist groups continue to seek innovative ways to conduct attacks and circumvent security procedures, there is concern that the holiday season provides attractive opportunities for terrorists to target the Homeland. This bulletin focuses on lodging facilities that serve large numbers of business and leisure travelers and provide venues for a variety of holiday events.

(U//LES) DHS Chemical Storage Facility Terrorist Indicators Report

To consider terrorist threat indicators in relationship to chemical storage facilities, it is useful to understand the basic structure of the industry and what general types of facilities might be attractive targets for terrorist attack. Chemical storage facilities are attractive terrorist targets because they can contain toxic and hazardous materials, can create extensive casualties and property damage, and can be a source of materials for use in other attacks. Figure 1 shows some of the potential terrorist targeting objectives.

(U//LES) DHS Petroleum Pipeline Vulnerabilities and Terrorist Indicators Reports

The United States (U.S.) has two types of pipelines that transport petroleum: those that carry crude oil and those that carry refined petroleum products, such as gasoline, diesel fuel, jet fuel, and home heating oil. Pipelines transport more than two-thirds of all crude oil and refined products in the U.S. Other transportation modes are water, which includes ocean tankers and barges and accounts for 28% of petroleum transportation; tanker trucks, which account for 3% of petroleum transportation; and railroads, which account for 2% of petroleum transportation. The U.S. has more than 200,000 miles of petroleum pipelines.

(U//LES) DHS Highway Tunnel Terrorist Indicators Report

Highway tunnels are enclosed passageways for road vehicles to travel through or under an obstruction, such as a city, mountain, river, or harbor. Tunnels may have one or more “tubes,” and some are also equipped with rail lines for trains. Highway tunnels are generally classified with regard to their method of construction: bored, cut and cover, or submerged. Tunnels through hard rock formations are usually bored (i.e., drilled) and finished to facilitate vehicular traffic. Very large boring machines are often used to cut the tunnel tubes through the hard rock formation.

(U//LES) DHS Petroleum Refinery Characteristics and Common Vulnerabilities Report

A refinery comprises upstream components, process units, downstream components, and product storage. There are four basic processes used in refineries to produce products. Distillation is used to separate hydrocarbons of similar boiling range into intermediate and final products. Chemical processes are used to change the structure of the hydrocarbons to give them different properties breaking them into smaller pieces or combining them into larger ones. Treating processes are used to remove impurities such as sulfur, and blending systems are used to combine intermediate products and additives into final products for sale.

(U//LES) DHS Chemical Facility Vulnerabilities and Terrorist Indicators Reports

While hazardous and nonhazardous chemicals are stored and used in many industries, the focus of this report is specific to facilities that manufacture chemicals. A chemical manufacturing facility comprises upstream components, process units, downstream components, and product storage. The chemical manufacturing process can be further divided into the following five stages, each of which may contain one or more processing activities: (1) receipt of chemical ingredients, (2) temporarily staging or storing chemical ingredients awaiting use in production, (3) processing chemical ingredients into product, (4) temporarily staging or storing chemical products awaiting shipment, and (5) shipping chemical products.

(U//LES) DHS Fossil-Fuel Power Station Terrorist Indicators Report

Steam power plants burn fossil fuel in the furnace of a steam boiler. Steam from the boiler expands through a steam turbine, which is connected to a drive shaft of an electric generator. The exhaust vapor expelled from the turbine condenses, and the liquid is pumped back to the boiler to repeat the cycle. Steam power plants are designed to use coal, natural gas, or oil. Before combustion gases can be exhausted to the atmosphere, they typically must be cleaned to reduce particulates, NOx, and SO2 to levels required by federal and state regulations.

(U//LES) DHS Subway Vulnerabilities and Terrorist Indicators Reports

A subway system, as defined here, includes not only the portion of a rail rapid transit system that is underground, but also the other portions of the rail rapid transit system, even if they are not beneath the ground surface. Data for U.S. subways are typically collected under the heading of “heavy rail,” which is an electric railway with the capacity to transport a heavy volume of passenger traffic and characterized by exclusive rights-of-way, multi-car trains, high speed, rapid acceleration, sophisticated signaling, and high-platform loading. Heavy rail is also known as “subway,” “elevated (railway),” or “metropolitan railway (metro).” Subway systems are typically only one division of a transit agency. Bus, light rail, and commuter rail often operate as feeders to subway stations.

(U//LES) DHS Shopping Mall Characteristics and Common Vulnerabilities Report

Shopping malls are potential targets for terrorist attacks because of the ability to inflict casualties, cause economic damage, and instill fear. Furthermore, they are “soft targets” in that they are serve the general public, and the presence of a significant number of American citizens is assured at certain times of the day. Due to the nature of their functions, these facilities usually lack perimeter or access controls. Due to their accessibility, soft targets are more vulnerable, and virtually impossible to defend against terrorist attacks. Damage or destruction of a large mall could inflict mass casualties, primarily on site; shut down or degrade its operation, thus having a significant impact on the economic well-being of a large area; have widespread psychological impact; and cause the release of hazardous materials.

(U//LES) DHS Hotel Vulnerabilities and Terrorist Indicators Reports

Terrorists are most likely to choose vehicle bombs if their goal is to cause maximum casualties. This method has been used to attack hotels in the United States (U.S.) and around the world. Hotels that are likely to be most vulnerable are those located in downtown areas of large cities, those hosting a controversial group or special event, those where U.S. or foreign dignitaries are guests, and those with a worldwide reputation and connections to a culture that is seen by some groups as corrupt (e.g., casino hotels).

(U//LES) DHS Hydroelectric Dam Vulnerabilities and Terrorist Indicators Reports

Hydropower, including pumped storage, constitutes about 14% of the electrical generating capacity of the United States (U.S.). Hydropower is the primary source of renewable energy in the U.S. Total U.S. hydroelectric capacity is 103.8 gigawatts (GW), including pumped storage projects. The federal government owns 38.2 GW at 165 sites (excluding pumped storage). Another 40 GW of non-federal, licensed conventional hydroelectric capacity (excluding pumped storage) exists at 2,162 sites in the U.S. (National Hydropower Association). The distribution of hydropower generating capacity by ownership is illustrated in Figure 1. The 10 largest hydroelectric facilities in the country are listed in Table 1 (U.S. Society on Dams).

(U//LES) DHS Underwater Cable Landing Station Vulnerabilities and Terrorist Indicators Reports

Underwater cables carry telecommunications traffic (voice and data) under bodies of water (e.g., lakes and seas). These cables carry about 95% of all intercontinental telecommunications traffic. International banking and finance transactions are highly dependent on underwater (also known as submarine) communications cables. Some military communications traffic is carried via underwater cables. Most underwater communications cables in service are fiber-optic cables. New systems are almost always equipped with fiber-optic cables (rather than older technology coaxial cables). Underwater cable systems have expanded in recent years due to increased demand, changes in technology, and reduction in costs. This paper focuses on the gateway point to underwater cable systems, the cable landing station, including the fiber run from the station to shore where the fiber enters the water. Additional detail on the underwater portion of fiber cabling can be found in Characteristics and Common Vulnerabilities, Infrastructure Category: Underwater Cables (Draft, December 15, 2003).

(U//LES) DHS Milk Processing Facility Vulnerabilities and Terrorist Indicators Reports

Successful contamination of fluid milk can have serious public health consequences, since the product moves through the distribution and consumption stages very quickly. The shelf life of fluid milk is short compared to the shelf life of other food products; fluid milk is bought and used by consumers in short time periods. This leads to the potential for a rapid spread of any contaminated product. Fluid milk is consumed by all segments of the population from infants to the elderly. Health impacts from contamination could reach a wide range of people, including those with limited ability to recover from an induced illness. Some milk products such as cheese and ice cream have longer shelf lives and more limited consumption patterns than does fluid milk. Health impacts from the contamination of these products would be confined to a smaller group. Moreover, the longer times between production and consumption allow for response actions (e.g., product recall) to be implemented more effectively.

(U//LES) DHS Electric Power Substations Terrorist Indicators Report

To consider terrorist threat indicators in relationship to electric power substations, it is useful to understand the basic structure of the industry and what general types of facilities might be attractive targets for terrorist attack. Electric power substations are attractive terrorist targets because the loss of electric power has both direct and indirect impacts. Direct impacts include, for example, interruption of home and commercial building heating or cooling, damage to electronic data and equipment, the inability to operate life-support systems in hospitals and homes, and damage to the electric grid. Without electric power, other critical infrastructures, such as transportation, water supply systems, telecommunications, and banking and finance, cannot function. Indirect impacts may also include fatalities, injuries, and expenses related to failures in these interdependent infrastructures.

(U//LES) DHS Agricultural Storage Facility Vulnerabilities and Terrorist Indicators Reports

Traditionally, food in America is produced through a series of processes commonly referred to as the “farm to table” continuum. This process is comprised of multiple components, including production, distribution, processing, transportation, wholesaling, exporting/importing, retail sales, and consumption. Each component of the “farm to table” continuum is achieved in a variety of ways specific to the particular end product being produced. At multiple stages of these processes, raw agricultural products, farm input supplies, and consumer-ready foods are stored in large facilities. These agricultural storage facilities include facilities storing raw agricultural products (wheat, corn, apples, etc.) prior to processing; farm input supplies (fertilizers, chemicals, etc.), live animals (cattle, swine, chickens, etc.), or processed products ready for distribution and consumption (cheese, cereals, packaged products, etc.). In this regard, there is not a “typical” agricultural storage facility. Rather, a variety of facilities specific to the storage requirements of a given product or component serve the “farm to table” continuum.