This Intelligence In View provides federal, state, local, and private sector stakeholders an overview of Russian Government-affiliated cyber activity targeting the United States and Russian regional adversaries, including disruptive or destructive cyber activity, cyber espionage in support of intelligence collection, and malign foreign influence in service of Russian political agendas. This In View also provides examples of malware and tools used by Russian Government-affiliated cyber actors.
This Joint Intelligence Bulletin (JIB) is intended to assist federal, state, local, tribal, and territorial counterterrorism, cyber, and law enforcement officials, and private sector partners, to effectively deter, prevent, preempt, or respond to incidents, lethal operations, or terrorist attacks in the United States that could be conducted by or on behalf of the Government of Iran (GOI) if the GOI were to perceive actions of the United States Government (USG) as acts of war or existential threats to the Iranian regime.
From 2017 to 2019, the Committee held hearings, conducted interviews, and reviewed intelligence related to Russian attempts in 2016 to access election infrastructure. The Committee sought to determine the extent of Russian activities, identify the response of the U.S. Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future. The Committee received testimony from state election officials, Obama administration officials, and those in the Intelligence Community and elsewhere in the U.S. Government responsible for evaluating threats to elections.
China plans to defeat powerful adversaries by systematically targeting the linkages and nodes that hold an advanced network-centric force together as a cohesive whole. The PLA calls this theory of victory “systems attack and destruction warfare,” hereafter, “system attack. Authoritative PLA doctrine emphasizes importance of system attack as China’s “basic operational method” of warfare. System attack is perhaps best remembered as “the American way of war with Chinese characteristics,” since the PLA developed the concept based on observing U.S. military victories In the 1990s. Some of the PLA’s writings on systems attack are clearly aspirational, but this does not preclude the effectiveness of the approach, and the doctrine shows that the Pl.A is thinking seriously and realistically about how to defeat.an advanced adversary. The requirements of system attack are actively driving PLA reform, acquisitions, operations and training, and the doctrine telegraphs how Chine intends to fight.
From Multi-Domain Battle to Multi-Domain Operations. TRADOC Pamphlet 525-3-1, The U.S. Army in Multi-Domain Operations 2028 expands upon the ideas previously explained in Multi-Domain Battle: Evolution of Combined Arms for the 21st Century. It describes how the Army contributes to the Joint Force’s principal task as defined in the unclassified Summary of the National Defense Strategy: deter and defeat Chinese and Russian aggression in both competition and conflict. The U.S. Army in Multi-Domain Operations concept proposes detailed solutions to the specific problems posed by the militaries of post-industrial, information-based states like China and Russia. Although this concept focuses on China and Russia, the ideas also apply to other threats.
A presentation from October 2018 produced by the Dutch Ministry of Defense describing the Russian Main Intelligence Directorate’s cyber operations against the Organisation for the Prohibition of Chemical Weapons.
This reference aid draws on CTIIC’s experience promoting interagency situational awareness and information sharing during previous significant cyber events—including cyber threats to elections. It provides a guide to cyber threat terms and related terminology issues likely to arise when describing cyber activity. The document includes a range of cyber-specific terms that may be required to accurately convey intelligence on a cyber threat event and terms that have been established by relevant authorities regarding technical infrastructure for conducting elections.
Cyberspace operations (CO) is the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace. This publication focuses on military operations in and through cyberspace; explains the relationships and responsibilities of the Joint Staff (JS), combatant commands (CCMDs), United States Cyber Command (USCYBERCOM), the Service cyberspace component (SCC) commands, and combat support agencies; and establishes a framework for the employment of cyberspace forces and capabilities.
APT actors in the near future likely intend to target US Cleared Defense Contractors (CDC) via spear phishing campaigns or network infrastructure compromises, according to recent intelligence. Common spear phish targets may include individuals featured on internet-facing CDC Web sites and high-ranking CDC executives.
This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public’s interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.
APPROVED by Decree of the President of the Russian Federation No. 646 of December 5, 2016 Doctrine of Information Security of the Russian Federation I. General Provisions This Doctrine constitutes a system of official views on ensuring the national…
The Information Security Doctrine of the Russian Federation represents a totality of official views on the goals, objectives, principles and basic guidelines for ensuring information security in the Russian Federation.
The FBI assesses a group of malicious cyber actors—likely located in Iran—use Virtual Private Server infrastructure hosted in the United States to compromise government, corporate, and academic computer networks based in the Middle East, Europe and the United States. This infrastructure is used in conjunction with identified malicious domains to support a broad cyber campaign which likely includes the use of e-mail spear phishing, social engineering, and malicious Web sites (“watering hole attack”). These cyber actors almost certainly have been involved in this activity since at least early-2015.
The Mad Scientist 2050 Cyber Army project explored the visualization of the Army’s Cyber Force out to 2050 and its ability to address three major objectives of the Army’s Cyberspace Strategy for Unified Land Operations 2025: What does the cyber environment look like in 2040-2050 (how will cyber influence the environment and the population? What will connecting look like / what will they connect to? What are the drivers influencing this or not)? How do we build an Army Cyber Force that can dominate the cyber domain in the context of the multi-domain battle concept to gain a position of relative advantage? How can we build shared goals and expectations as well as develop an understanding of roles and responsibilities in order to build and maintain partnerships with U.S., and international academia, industry, defense departments/ministries and other agencies to enhance cyberspace operations? What new ideas should we be considering? Co-sponsored by the TRADOC G-2 and the Army Cyber Institute at the United States Military Academy, the 2050 Cyber Army project leveraged submitted papers, an on-line technology survey, and a 13-14 September Mad Scientist Conference that generated the insights synthesized in this report.