An October 2016 presentation from the Department of Homeland Security on cyber threats to the nation’s infrastructure.
Department of Homeland Security
(U//FOUO) DHS Cyber Threats to the Homeland Presentation
Tag Archive for For Official Use Only
Department of Homeland Security, Intelligence Fusion Centers
(U//FOUO) DHS, Fusion Centers Reference Aid: Malicious Terrorism Hoaxes Likely to Endure, Strain State and Local First Responder Resources
This Reference Aid is intended to provide information on malicious terrorism hoaxes that will continue to challenge first responder resources throughout the Homeland and territories. This Reference Aid is provided by I&A, DIAC, NCRIC, NVRIC, and NJ-ROIC to support their respective activities, to provide situational awareness, and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and first responders with recognizing the indicators and implications of malicious terrorism hoaxes. The use of hoax calls may also be used as a technique to lure authorities to a particular location for the purpose of conducting a potential attack, but is not discussed in this article, as luring is viewed as its own distinct tactic.
California
(U//FOUO) California Fusion Center: California Leads in Unauthorized UAS Encounters, Risk to Public Safety
California has had more disclosed unauthorized Unmanned Aircraft Systems (UAS) encounters than any other state between October 2015 and September 2016—accounting for 21 percent of the reported encounters nationwide—according to the Federal Aviation Administration (FAA). These encounters continue to pose a direct risk to public safety air assets.
Department of Homeland Security
(U//FOUO) DHS Assessment: Cyber Threats and Vulnerabilities to US Election Infrastructure
DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.
U.S. Army
(U//FOUO) U.S. Army Commanders Guide to Human Intelligence (HUMINT)
Army commanders rely upon timely, relevant, and accurate combat information and intelligence in order to successfully plan, prepare, and execute operations. Human intelligence (HUMINT) and counterintelligence (CI) are two critical assets commanders have, either organic to their unit’s table of organization and equipment (TOE) or through attachment from a supporting command, which can provide input to both combat information and intelligence. While there are similarities between the methodology and tactics, techniques, and procedures (TTP) used by HUMINT and CI, their training and missions are separate and distinct.
Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center
(U//FOUO) DHS-FBI-NCTC Bulletin: Homegrown Violent Extremists Focusing More on Civilian Targets
This Joint Intelligence Bulletin (JIB) is intended to provide new insight into the targeting preferences of some homegrown violent extremists (HVEs) and to examine detection challenges and opportunities. This JIB is provided by FBI, DHS, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks within the United States.
New Jersey
(U//FOUO) New Jersey Regional Operations Intelligence Center Bulletin: Improvised Explosive Device Awareness
A situational awareness bulletin released by the New Jersey Regional Operations Intelligence Center following recent bombings utilizing improvised explosive devices (IEDs) in the New York/New Jersey area.
Federal Bureau of Investigation
(U//FOUO) FBI Report: ATM Skimmers Target Standalone ATMs with Wiretap Devices
The purpose of this LIR is to inform DSAC and other relevant private sector partners about new methods ATM skimming crews use to target standalone or kiosk-style ATM terminals such as those found at casinos, hotels, airports, shopping malls, gas stations, restaurants, and supermarkets. The skimming crews intercept customers’ account data through the ATMs’ external cables. The activity observed to date in the United States was discovered at convenience store locations in California, Delaware, and Pennsylvania. This LIR provides details on the methods used in these skimming attempts as well as previously reported use of internal wiretap skimming devices.
Department of Homeland Security, Intelligence Fusion Centers
(U//FOUO) DHS Field Analysis Report: Growing Trend of Ransomware Attacks Targeting Hospitals
The healthcare sector has been a desirable target for hackers due to the sensitive nature of patient information contained in their systems. The stakes are very high in the healthcare industry because any disruption in operations and care can have significant repercussions for patients. As such, this industry offers an ideal victim for ransomware, and these attacks are likely to continue—disrupting employee access to important documents and patient data and hampering the ability to provide critical services—creating a public safety concern.
Intelligence Fusion Centers, Wisconsin
(U//FOUO) Wisconsin Fusion Centers Bulletin: Threats Against Law Enforcement and Public Sector Personnel
Recent reporting at the local, state, and national level indicates both violence and threats of violence against law enforcement. Recently, the activity has expanded beyond law enforcement, affecting non-sworn first responders as well as public partners (such as transportation employees).
China, Federal Bureau of Investigation
(U//FOUO) FBI Counterintelligence Note: Chinese Talent Programs
Chinese Talent Programs are a vital part of Chinese industry. Talent programs recruit experts to fill technical jobs that drive innovation and growth in China’s economy. National, provincial, and municipal talent recruitment programs provide opportunities for experts to work in industry and academic organizations supporting key areas deemed critical to China’s development. The talent programs recruit experts globally from businesses, industry, and universities with multiple incentives to work in China. Associating with these talent programs is legal and breaks no laws; however, individuals who agree to the Chinese terms must understand what is and is not legal under US law when sharing information. A simple download of intellectual property (IP) or proprietary information has the potential to become criminal activity.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Bulletin: Law Enforcement Vigilance and Caution Urged at Public and Political Events
This Joint Intelligence Bulletin (JIB) is intended to provide situational awareness concerning the domestic extremist threat to national public and political events. This JIB is provided by the FBI and DHS to support law enforcement in their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks against the United States.
Federal Bureau of Investigation, Louisiana
(U//FOUO) FBI New Orleans Alert: Violence Against Law Enforcement and Riots Planned for July 8-10 2016
The purpose of this Situational Information Report (SIR) is to alert first responders of threats to law enforcement and potential threats to the safety of the general public. The threats stem from an officer involved shooting in Baton Rouge, Louisiana on 5 July 2016.
Department of Homeland Security
DHS Critical Infrastructure 2025 Strategic Risk Assessment
This strategic risk assessment provides an overview of six distinguishable trends emerging in U.S. critical infrastructure. These trends, when combined or examined singularly, are likely to significantly influence critical infrastructure and its resiliency during the next 10 years.
National Counterterrorism Center
(U//FOUO) NCTC Counterterrorism Weekly Open Source Digests April 2016
Examples of the National Counterterrorism Center’s Counterterrorism Weekly for America’s Protectors from April 2016, a “compilation of open source publicly available press and relevant commentary on issues related to terrorism and counterterrorism over the past seven days.”
National Counterterrorism Center
(U//FOUO) NCTC Counterterrorism Weekly Open Source Digests March 2016
Examples of the National Counterterrorism Center’s Counterterrorism Weekly for America’s Protectors from March 2016, a “compilation of open source publicly available press and relevant commentary on issues related to terrorism and counterterrorism over the past seven days.”
Intelligence Fusion Centers, New Jersey
(U//FOUO) New Jersey Fusion Center: Potential Concerns for Transportation Security
The NJ ROIC currently has no specific indication of any credible specific threats to transportation facilities. However, with the rise in “self-radicalized” actor(s), and homegrown violent extremists (HVEs) influenced by ISIL and other terror groups, targeted violent attacks to any of these sectors could occur with little or no notice by an individual(s) who has not yet garnered law enforcement attention. This advisory highlights recent transportation concerns in the wake of the recent attacks in Belgium.
Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center
(U//FOUO) DHS-FBI-NCTC Bulletin: Tactics, Techniques, and Procedures Used in March 2016 Brussels Attacks
This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 22 March 2016 attacks in Brussels, Belgium. The analysis in this JIB is based on statements by European government and law enforcement officials cited in media reporting and is subject to change with the release of official details from post-incident investigations. This JIB is provided by DHS, FBI, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, first responders and private sector partners in deterring, preventing, preempting, or disrupting terrorist attacks against the United States.
United States
(U//FOUO) MS-ISAC Intel Paper: Common Cyber Threats to Universities
The Multi-State Information Sharing and Analysis Center (MS-ISAC) assesses with high confidence that cyber threat actors routinely target universities, for the purposes of financial gain, notoriety, or entertainment, and often to gain access to personally identifiable information (PII) and/or sensitive research. MS-ISAC believes universities are inherently more vulnerable to cyber targeting than other state, local, tribal, and territorial (SLTT) government entities, due to the non-restrictive research environment with less compartmentalization and less access restriction, which results in more opportunity for infection, and when infection occurs, easier transmission through a network.
Department of Homeland Security
(U//FOUO) DHS Intelligence Assessment: Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector
This Assessment establishes a baseline analysis of cyber threats to the US energy sector based on comprehensive FY 2014 incident reporting data compiled by ICS-CERT, as well as reporting by the Intelligence Community (IC), private sector cybersecurity industry, and open source media between early 2011 and January 2016. This Assessment is designed to help close gaps between the private sector’s and the IC’s understanding of current cyber threats facing the US energy sector. Critical infrastructure owners and operators can use this analysis to better understand cyber threats facing the US energy sector and help focus defensive strategies and operations to mitigate these threats. The Assessment does not include an in-depth analysis of foreign cyber doctrines or nation-state red lines for conducting cyber attacks against the United States. The information cutoff date for this Assessment is January 2016.
California, Intelligence Fusion Centers
(U//FOUO) California Fusion Center: Drone Threats to Public Safety Personnel, Assets and Response
Encounters in 2015 of unauthorized unmanned aircraft systems (UAS), also known as drones, with public safety aircraft during emergency events underscore the potential threats UAS pose to response efforts—notably search-and-rescue, firefighting and police air assets—as well as the lives, property and natural resources already at risk.
Intelligence Fusion Centers, Massachusetts
(U//FOUO) Boston Regional Intelligence Center Suspicious Activity Behavior & Indicators For Public Sector Partners
This document is intended to highlight several suspicious activity behaviors and indicators that may be indicative of preoperational terrorist activity for business owners and private sector security personnel. This product focuses on behaviors and indicators that would be of interest prior to any major event. This proactive public safety strategy is an ongoing attempt to provide our private sector partners with some information on suspicious activity.
Department of Homeland Security
(U//FOUO) US-CERT Armada Collective DDoS Amplification and Mitigation Recommendations
A December 2015 presentation from the U.S. Computer Emergency Readiness Team Cyber Threat Information Sharing Branch on distributed denial-of-service attacks launched by the Armada Collective.
Department of Homeland Security
(U//FOUO) US-CERT Botnet Operations Presentation
A January 2016 presentation from the U.S. Computer Emergency Readiness Team Cyber Threat Information Sharing Branch regarding their operations investigating and countering botnets.
Department of Homeland Security
(U//FOUO) DHS Assessment: Cyber Targeting of the US Emergency Services Sector Limited, But Persistent
Cyber targeting of the ESS will likely increase as ESS systems and networks become more interconnected and the ESS becomes more dependent on information technology for the conduct of daily operations—creating a wider array of attack vectors for cyber targeting. Independent researchers have already reported on the widespread availability of vulnerabilities and attack vectors for critical hardware and software that is used in this sector extensively. Such vulnerable systems include call-center communications-management software, closed-circuit TV camera systems, interactive voice response systems, and emergency alert systems—particularly wireless emergency alert systems.