This reference aid draws on CTIIC’s experience promoting interagency situational awareness and information sharing during previous significant cyber events—including cyber threats to elections. It provides a guide to cyber threat terms and related terminology issues likely to arise when describing cyber activity. The document includes a range of cyber-specific terms that may be required to accurately convey intelligence on a cyber threat event and terms that have been established by relevant authorities regarding technical infrastructure for conducting elections.
In the 2011 report to Congress on Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, the Office of the National Counterintelligence Executive provided a baseline assessment of the many dangers facing the U.S. research, development, and manufacturing sectors when operating in cyberspace, the pervasive threats posed by foreign intelligence services and other threat actors, and the industries and technologies most likely at risk of espionage. The 2018 report provides additional insight into the most pervasive nation-state threats, and it includes a detailed breakout of the industrial sectors and technologies judged to be of highest interest to threat actors. It also discusses several potentially disruptive threat trends that warrant close attention.
Office of the Director of National Intelligence Countering Foreign Intelligence Threats Implementation and Best Practices Guide
The National Counterintelligence and Security Center (NCSC) is charged with leading and supporting the counterintelligence (CI) and security activities of the U.S. government, the U.S. Intelligence Community, and U.S. private sector entities that are at risk of intelligence collection, penetration, or attack by foreign adversaries and malicious insiders. The capabilities and activities described in this Guide are exemplars of program components delineated as requirements in numerous strategies, policies, and guidelines.
We are living a paradox: The achievements of the industrial and information ages are shaping a world to come that is both more dangerous and richer with opportunity than ever before. Whether promise or peril prevails will turn on the choices of humankind. The progress of the past decades is historic—connecting people, empowering individuals, groups, and states, and lifting a billion people out of poverty in the process. But this same progress also spawned shocks like the Arab Spring, the 2008 Global Financial Crisis, and the global rise of populist, anti-establishment politics. These shocks reveal how fragile the achievements have been, underscoring deep shifts in the global landscape that portend a dark and difficult near future.
Office of the Director of National Intelligence Background Report: Assessing Russian Activities and Intentions in Recent US Elections
The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation—malicious or not—leaves a trail. US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source. In every case, they apply the same tradecraft standards described in the Analytic Process above.
Office of the Director of National Intelligence Summary of U.S. Counterterrorism Strikes Outside Areas of Active Hostilities
In accordance with the President’s direction and consistent with the President’s commitment to providing as much information as possible to the American people about U.S. counterterrorism activities, the Director of National Intelligence (DNI) is releasing today a summary of information provided to the DNI about both the number of strikes taken by the U.S. Government against terrorist targets outside areas of active hostilities and the assessed number of combatant and non-combatant deaths resulting from those strikes. “Areas of active hostilities” currently include Afghanistan, Iraq, and Syria.
Department of Defense, Department of Homeland Security, Department of Justice, Office of the Director of National Intelligence
DoD, DoJ, DHS, ODNI Sharing Cyber Threat Indicators and Defensive Measures by the Federal Government
Central Intelligence Agency, Department of Defense, Department of Justice, National Security Agency, Office of the Director of National Intelligence
Department of Commerce, Department of Defense, Department of Energy, Department of Health and Human Services, Department of Homeland Security, Department of Justice, Department of the Treasury, Office of the Director of National Intelligence
Section 5 of Executive Order 13636 (Executive Order) requires the DHS Chief Privacy Officer and Officer for Civil Rights and Civil Liberties to assess the privacy and civil liberties impacts of the activities the Department of Homeland Security (DHS, or Department) undertakes pursuant to the Executive Order and to provide those assessments, together with recommendations for mitigating identified privacy risks, in an annual public report. In addition, the DHS Privacy Office and the Office for Civil Rights and Civil Liberties (CRCL) are charged with coordinating and compiling the Privacy and Civil Liberties assessments conducted by Privacy and Civil Liberties officials from other Executive Branch departments and agencies with reporting responsibilities under the Executive Order.
The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.
In 2011, the U.S. Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (I&A), in coordination with federal and SLTT partners, began conducting an annual assessment of fusion centers to evaluate their progress in achieving the COCs and ECs and to collect additional data to better understand the characteristics of individual fusion centers and the National Network as a whole. DHS/I&A initiated the 2012 Fusion Center Assessment (2012 Assessment) in August 2012 as the second iteration of the annual assessment process and the first assessment to provide data on year-over-year progress in implementing the COCs and ECs. The 2012 Assessment was also the first assessment to collect National Network performance data based on an initial set of five performance measures adopted in 2011. This 2012 National Network of Fusion Centers Final Report (2012 Final Report) summarizes and characterizes the overall capabilities and performance of the National Network based on the results of the 2012 Assessment. This report does not include fusion center-specific capability or performance data. Instead, it uses aggregated data from the 2012 Assessment to describe the capability and performance achievements of the National Network.
A 2009 document from the Office of the Director of National Intelligence and the Department of Defense creating performance standards for “successful” and “outstanding” employee performance within the U.S. intelligence community.
National Counterintelligence Executive Specifications for Constructing Sensitive Compartmented Information Facilities
This Intelligence Community (IC) Technical Specification sets forth the physical and technical security specifications and best practices for meeting standards of Intelligence Community Standard (ICS) 705-1 (Physical and Technical Standards for Sensitive Compartmented Information Facilities). When the technical specifications herein are applied to new construction and renovations of Sensitive Compartmented Information Facilities (SCIFs), they shall satisfy the standards outlined in ICS 705-1 to enable uniform and reciprocal use across all IC elements and to assure information sharing to the greatest extent possible. This document is the implementing specification for Intelligence Community Directive (ICD) 705, Physical and Technical Security Standards for Sensitive Compartmented Information Facilities (ICS-705-1) and Standards for Accreditation and Reciprocal Use of Sensitive Compartmented Information Facilities (ICS-705-2) and supersedes Director of Central Intelligence Directive (DCID) 6/9.
This report is intended to stimulate thinking about the rapid and vast geopolitical changes characterizing the world today and possible global trajectories during the next 15-20 years. As with the NIC’s previous Global Trends reports, we do not seek to predict the future—which would be an impossible feat—but instead provide a framework for thinking about possible futures and their implications.
The Office of the Director of National Intelligence (ODNI) is building a computer system capable of automatically analyzing the massive quantities of data gathered across the entire intelligence community and extracting information on specific entities and their relationships to one another. The system which is called Catalyst is part of a larger effort by ODNI to create software and computer systems capable of knowledge management, entity extraction and semantic integration, enabling greater analysis and understanding of complex, multi-source intelligence throughout the government.
Director of National Intelligence Knowledge Assertions and Knowledge Organization Systems Presentation
Presentation on Knowledge Assertions and Knowledge Organization Systems from the Office of the Director of National Intelligence, Chief Information Officer dated July 16, 2009.
Three presentations on the DNI’s Blackbook semantic data management framework are from 2008-2009 and reflect information on versions 2 and 3
The Implementation Manual is a companion document developed to provide amplifying and explanatory guidance on the syntax and use of the markings contained in the CAPCO Register. While not the policy basis for individual agencies’ use of any particular marking, the Implementation Manual cites the applicable authority and sponsor for each marking. Some of the Dissemination Controls and Non-Intelligence Community Dissemination Control Markings are restricted to use by certain agencies. They are included to provide guidance on handling documents that bear them. Their inclusion in the manual does not authorize other Agencies to use these markings. Non-US Classification and Joint Classification Markings are restricted to the respective countries or international organizations.
The 2008 version of the Director of National Intelligence’s Classification and Control Markings Register was released via a FOIA request and is available in a redacted form via the Federation of American Scientists. We have obtained an unredacted version and are presenting selected pages alongside the previously released version to highlight the information that was redacted, including several NSA dissemination control markings such as FRONTO, KEYRUT, SEABOOT and SETTEE.
Office of the Director of National Intelligence Annual Report on Security Clearance Determinations for Fiscal Year 2010 discussing 4.2 active security clearances as of 2010.
Throughout this week and the next, we will be publishing a large number of reports from the Director of National Intelligence Open Source Center on a variety of topics. Rather than present all of the documents at once, we have decided to publish approximately five to ten reports a day in separate entries on the site. It is our belief that this will enable better scrutiny of the documents, as opposed to overwhelming readers with a large mass of information. Though the majority of these reports are marked For Official Use Only, all products of the Open Source Center, including Unclassified documents, are inaccessible to the general public. One of the only sources to release these reports in the past has been Steven Aftergood of the Federation of American Scientists. Due to the limited number currently available, we estimate that our publication of this material will more than triple the amount of Open Source Center products available to the public.
Elements of the U. S. government hosted an interdisciplinary, unclassified workshop to better understand the potential threat from independently acting terrorists with biological expertise. Such lone-actor terrorists have the potential to carry out high-impact biological attacks while generating few signatures, making detection or disruption of their efforts challenging. The one-day workshop explored the possible motivations, intents, and objectives of lone-actor terrorists who might consider conducting biological attacks; examined scientific infrastructure vulnerabilities that these individuals could exploit; and identified strategies to mitigate this potential threat.
Title III of the Foreign Intelligence Surveillance Act Amendments Act of 2008 required the Inspectors General (IGs) of the elements of the Intelligence Community that participated in the President’s Surveillance Program (PSP) to conduct a comprehensive review of the program. The IGs of the Department of Justice, the Department of Defense, the Central Intelligence Agency, the National Security Agency, and the Office of the Director of National Intelligence participated in the review required under the Act. The Act required the IGs to submit a comprehensive report on the review to the Senate Select Committee on Intelligence, the Senate Committee on the Judiciary, the House Permanent Select Committee on Intelligence, and the House Committee on the Judiciary.