Law enforcement and first responders may encounter chemical, biological, or radiological (CBR) related material or equipment at private residences, businesses, or other sites not normally associated with such activities. There are legitimate reasons for possessing such material or equipment, but in some cases their presence can indicate intent or capability to build CBR weapons, particularly when other suspicious circumstances exist.
Terrorists may attempt to steal or divert precursor materials, uniforms, identification, blueprints, documents, access cards, facility vehicles, or other items–possibly with the help of knowledgeable insiders–for use in pre-operational planning or attacks. Emilio Suarez Trashorras, a Spanish national convicted for his role in the 2004 Madrid train bombings, stole the explosives used in the attack and the vehicles used to transport the explosives from a mining company where he worked.
(U//FOUO) National Counterterrorism Center Special Report: IED Targeting of First Response Personnel
Although most terrorist IED attacks outside war zones target civilians or symbols of authority and usually involve a single device, some are designed specifically to target emergency response personnel. The most common tactics involve using secondary or tertiary devices in tiered or sequential attacks intended to kill or maim response personnel after they arrive on the scene of an initial IED incident.
Terrorists may attempt to gain skills and knowledge necessary to plan and execute by obtaining specialized training, soliciting or stealing technical and proprietary information, or reaching out to academics and experts. In 2007, German police arrested three terrorist suspects for allegedly planning and preparing car bomb attacks against US citizens and interests in Germany. The suspects traveled to Pakistan where they received weapons and explosives training from a Pakistan-based Uzbek jihadist group called the Islamic Jihad Union.
This report examines the UASI grant program, including a detailed review of 15 cities that have received funding through the program. It is intended to assess whether spending on DHS antiterrorism grants like UASI have made us safer, and whether the taxpayer dollars that have been spent on these programs have yielded an adequate return on investment in terms of improved security.
Terrorists often conduct physical surveillance to identify suitable targets, determine vulnerabilities, plan attack methods, or assess the target’s security posture. In March 2010, David Coleman Headley pled guilty for his role in the November 2008 terrorist attacks in Mumbai, India by conducting video and photographic surveillance of potential targets, as well as later surveilling Danish newspaper offices–the target of another attack plot.
Terrorists and criminals may use photos or videos of potential targets to gain insight into security operations and details of facility operations, including traffic flow through and around facilities, opening times, and access requirements. In late 2000 and early 2001, convicted al-Oa’ida operative Dhiren Barot took extensive video footage and numerous photographs of sites in downtown New York City and Washington, DC in preparation for planned attacks. Photographs and video useful in planning an attack may include facility security devices (surveillance cameras, security locks, metal detectors, jersey walls and planters); security personnel; facility entrances and exits; and other features such as lighting, access routes, gates, roads, walkways, and bridges.
Terrorists overseas and in domestic attack plots have used various methods to acquire and store materials necessary to construct explosives. Najibullah Zazi, who pled guilty in 2010 to plotting to attack the New York subway system, made multiple, large-quantity purchases of chemical components needed to assemble the homemade explosive Triacetone Triperoxide (TATP)—6 bottles on one day and 12 bottles on a separate day—at beauty supply stores throughout the summer of 2009. Law enforcement and first responders should be aware that the possession, storage, or attempt to acquire unusual quantities of laboratory equipment, personal protective equipment, chemicals, and flammable accelerants—although legal to purchase and own—could provide indicators of preoperational attack planning.
DHS and FBI Call for Increased Vigilance in Jewish Communities Following Israel’s Recent Military Actions
Last Friday, officials from the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) hosted a teleconference with the directors of fusion centers around the country as well as the Major City Intelligence Commanders across to discuss the “heightened tensions in the Middle East due to the on-going military actions between Israel and Hamas.” A bulletin from the New York State Intelligence Center (NYSIC) described the conference call, stating that the DHS and FBI representatives emphasized that there is “currently no credible or specific information suggesting any violent actions in the United States as a result of these tensions” but requested increased vigilance from “law enforcement in regions where Jewish consulates or large Jewish populations exist was encouraged, and law enforcement officials on the teleconference from those areas discussed measures being taken to ensure the safety and security of their local communities, which included increased law enforcement presence, community outreach and encouraging reporting of suspicious activities.”
(U//FOUO) DHS-FBI Bulletin: No Specific Threats to American Jewish Community, Despite Recent World Events
This Joint Intelligence Bulletin (JIB) provides law enforcement and private sector safety officials with an evaluation of potential terrorist threats to Jewish organizations, facilities, and personnel in the United states. The information is provided to support the activities of DHS and FBI and to assist federal. state, local, tribal, and territorial government counterterrorism and first responder officials to deter, prevent, preempt, or respond to terrorist attacks in the United States.
The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), has statutory responsibility to (1) provide situational awareness and establish a common operating picture for the federal government, and for state, local, and tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other man-made disaster, and (2) ensure that critical terrorism and disaster-related information reaches government decisionmakers. Traditional media sources and, more recently, social media sources such as Twitter, Facebook, and a vast number of blogs provide public reports on breaking events with a potential nexus to homeland security. By examining open source traditional and social media information, comparing it with many other sources of information, and including it where appropriate into reports, the NOC can provide a more comprehensive picture of breaking or evolving events.
Terrorist groups, including al-Qa‘ida, and violent extremists have considered using or have possessed cyanide compounds. Cyanides probably appeal to terrorists because of their toxicity, availability, and ease of dissemination. Some of the cyanide tactics that have been considered by terrorists include mixing it with oils and lotions for use as a contact poison, contaminating food or water supplies, or by using it in an improvised chemical dispersal device.
While passenger vessels and terminals will likely remain potentially attractive targets for terrorist attacks, trends in overseas terrorist attacks and the lack of any reporting on maritime terrorist plots against the U.S.-Canada MTS suggests the threat to the majority of the system is low; violent extremists could attack U.S. and Canadian ferries and similar soft maritime targets with little or no warning.
Terrorists might use disguises, fraudulent or stolen credentials, and cloned or repurposed vehicles to gain access to restricted areas, to blend in with their surroundings when conducting surveillance, or to conceal other activities while planning or executing an attack. Anders Breivik, the gunman who was sentenced to 21 years in prison for the July 2011 attack on the Workers’ Youth League summer camp in Norway, wore a police uniform and displayed false identification to gain unauthorized access to the camp. Depending on the target, disguises might be aimed at impersonating law enforcement, emergency services, or officials of an institution who have legitimate access to secured/restricted sites.
Known or possible terrorists have displayed suspicious behaviors while staying at hotels overseas—including avoiding questions typically asked of hotel registrants; showing unusual interest in hotel security; attempting access to restricted areas; and evading hotel staff. These behaviors also could be observed in U.S. hotels, and security and law enforcement personnel should be aware of the potential indicators of terrorist activity.
The Department of Homeland Security’s production of domestic intelligence has increased substantially over the last few years according to a brochure of “intelligence products” published last month by Cryptome. The 2012 DHS Intelligence Enterprise Product Line Brochure is “a standardized catalogue of intelligence reports and products that represent the full breadth” of the agency’s analytical capabilities. It provides descriptions of each type of product created by the DHS Intelligence Enterprise as well as the classification level and instructions on how DHS “customers” can obtain the products.
The Subcommittee investigation found that DHS-assigned detailees to the fusion centers forwarded “intelligence” of uneven quality – oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism. Congress directed the Department of Homeland Security (DHS) to lead this initiative. A bipartisan investigation by the Permanent Subcommittee on Investigations has found, however, that DHS’ work with those state and local fusion centers has not produced useful intelligence to support federal counterterrorism efforts.
This Instruction applies throughout DHS regarding the access to and collection, use, maintenance, retention, disclosure, deletion, and destruction of Personally Identifiable Information (PII) in relation to operational use of social media, with the exception of operational use of social media for: (a) communications and outreach with the public authorized by the Office of Public Affairs; (b) situational awareness by the National Operations Center; (c) situational awareness by Components other than the National Operations Center, upon approval by the Chief Privacy Officer following completion of a Social Media Operational Use Template; and (d) the conduct of authorized intelligence activities carried out by the Office of Intelligence and Analysis, the intelligence and counterintelligence elements of the United States Coast Guard, or any other Component performing authorized foreign intelligence or counterintelligence functions, in accordance with the provisions of Executive Order 12333, as amended.
The Robotic Aircraft for Public Safety (RAPS) project will invite SUAS vendors to a chosen location and evaluate each system using key performance parameters under a wide variety of simulated but realistic and relevant real-world operational scenarios, such as law enforcement operations, search and rescue, and fire and hazardous material spill response. The SUAS vendors will provide technically mature, flight proven vehicles and their fully-integrated sensors for evaluation. Safety concerns will also be assessed such as the aircraft’s capability for safe flight in the event of a loss of communications between the aircraft and the ground controller.
A map of Department of Homeland Security protective security advisors (PSA) around the country from March 2012.
DHS National Operations Center Operations Counterterrorism Desk (NCOD) Database Privacy Impact Assessment
The National Operations Center (NOC), within the Office of Operations Coordination and Planning (OPS), operates the NOC Counterterrorism Operations Desk (NCOD) and serves as the primary DHS point of contact to streamline counterterrorism Requests for Information (RFIs). The NCOD Database is a tracking tool used by NCOD Officers to track all counterterrorism related incoming and outgoing inquiries. OPS has conducted this Privacy Impact Assessment (PIA) because the NCOD Database contains personally identifiable information (PII).
DHS National Protection and Programs Directorate Protective Security Advisors and Special Event Domestic Incident Tracker Overview presented at the FEMA National Preparedness Symposium on August 8, 2012.
Security guards at large facilities, such as airports, monitor multiple screens that display images from individual surveillance cameras dispersed throughout the facility. If a guard zooms with a particular camera, he may lose image resolution, along with perspective on the surrounding area. Embodiments of the inventive Imaging System for Immersive Surveillance (ISIS) solve these problems by combining multiple cameras in one device. When properly mounted, example ISIS systems offer up to 360-degree, 240-megapixel views on a single screen. (Other fields of view and resolutions are also possible.) Image-stitching software merges multiple video feeds into one scene. The system also allows operators to tag and follow targets, and can monitor restricted areas and sound an alert when intruders breach them.
Terrorists may attempt to breach secured perimeters or gain unauthorized access to facilities, sensitive locations, or restricted areas for preoperational activity or to conduct an attack. Timothy McVeigh breached a locked storage shed at a Kansas rock quarry with a battery-operated drill and stole explosives that were later used in the 1995 Oklahoma City bombing. Attempts at intrusion could take the form of trespassing, forced entry, or impersonation of authorized personnel and could possibly involve the assistance of knowledgeable ‘insiders.”
Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.