National Intelligence Bulletin For 05 October 2018

The National Intelligence Bulletin is a weekly look at national security, domestic systems disruption, the risk of failing critical infrastructure, and threats to social, political, economic, and financial stability in the United States. This report is available each week for Intelligence subscribers.


In this National Intelligence Bulletin… (2,100 words)

  • DHS unprepared to counter threat of drones
  • Cyberattacks designed to suppress voter turnout
  • When Facebook gets hacked, everyone gets hacked
  • Vulnerabilities in U.S. voting systems
  • Law enforcement agencies see decrease in applicants
  • Kavanugh expected to be confirmed as newest Supreme Court Justice
  • DHS Secretary: No sign China’s trying to undermine midterms
  • US Department of Energy invests $28m in cybersecurity
  • The new national cyber strategy
  • Twitter Beefs Up Its Election Security Measures
  • China Slams Brakes on U.S. Crude Oil Imports
  • Lowest U.S. unemployment rate in 50 years
  • And more…

Priority Intelligence Requirements

PIR1: What are the new significant indicators of systems disruption and threats to critical infrastructure?

PIR2: What are the new significant indicators of potentially disruptive social, cultural or political conditions or events?

PIR3: How are state and federal agencies preparing for domestic conflict, emergencies, or other instability?

PIR4: What are the new significant indicators of systems disruption and threats to the economic or financial industry?


PIR1: What are the new indicators of systems disruption and threats to critical infrastructure?

Major Trends

  • Nation-state and criminal hacking groups pose persistent threat to critical infrastructure
  • Natural disasters pose sporadic but enduring threat to critical infrastructure

DHS unprepared to counter threat of drones

Due to increasing concerns about the use of drones by terrorists and drug cartels, the Department of Homeland Security is requesting that Congress grant them the power to “redirect, disable, disrupt control of, seize, or confiscate” drones that pose a threat without prior consent. (Analyst comment: currently no US law enforcement agencies can legally take down drones.)

In a speech given by DHS Secretary Kirstjen Nielsen, Nielsen warned that drones have become “a major national security concern in our homeland,” and stated that law enforcement agencies are prevented from setting up the defenses necessary to “protect big events, federal facilities, and other potential targets from an airborne menace.”

In response to a Senate committee approving legislation that would grant law enforcement the ability to take down drones, the legislative council for the American Civil Liberties Union stated that the new legislation is a problem because “it means that DHS can shoot a drone out of the air or seize it and they can do so without ever having a judge look at their actions and determine if they were right.” [source]

 

Cyberattacks designed to suppress voter turnout

According to security experts, cyberattacks are being designed to cripple critical infrastructure in order to suppress voter turnout. “Essential services” such as nuclear reactors, water treatment facilities, manufacturing centers, and emergency response services are becoming increasingly vulnerable to these kinds of attacks and could potentially disrupt an election by “preventing voters in key districts from getting to the polls or accessing election information.”

Former senior technical lead at the Joint Warfare Analysis Center,  Andrea Limbago, believes that attacks such as botnets aimed at shutting down internet services to prevent access to information are particularly concerning to election security.

Former White House chief information officer, Theresa Payton, also expressed her concerns about about attacks designed to effect elections. Payton believes that emergency systems are “incredibly vulnerable to attacks” and that in order for these kinds of attacks to truly effect the outcome of an election, “a sophisticated attacker would only target individual districts in tight races.” [source]

 

When Facebook gets hacked, everyone gets hacked

The vice president of identity management and security for the open source technology provider WS02, Prabath Siriwardena, recently stated that the recent hack on Facebook is “the most severe security breach in the history of Facebook, affecting not just the company but the entire ecosystem around Facebook.” 

According to cybersecurity news websiteDark Reading, the breach affected nearly 50 million users and was achieved by “exploiting a series of bugs in the platform’s “View As” privacy feature, which lets people view their own profiles as though they were someone else.”Siriwardena provided security advice to businesses hoping to decrease their venerability to these kinds of attacks:

“You have to prioritize application security and recognize all the code you use is a big part of your attack surface…. No matter how strong your engineering team is, a clearly defined process for pushing code changes into production is needed…. Security reviews must be included throughout the process, from design to development to deployment, and the process must be refined frequently…. One small detail that gets overlooked could result in global effects.”
Following the hack on Facebook, Jeff Pollard, who is the principle analyst at the market research company Forrester, has recommended that the hack be viewed as a warning; “Any company has to look at Facebook and realize if someone is determined to get in, they often can.” [source]

 

Vulnerabilities in U.S. voting systems
NextGov reported in an article this week that according to computer security researchers at the DEFCON cybersecurity convention, there is a “staggering” amount of severe vulnerabilities to hacking in U.S. voting machines. A report published by the researchers states that a voting tabulator vulnerable to remote hacking is currently in use by 23 states. The report states that,
“Because the device in question is a high-speed unit designed to process a high volume of ballots for an entire county, hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.”
NextGov also reported in the article that despite the allocation of $380 million by Congress for the improvement of election security nationwide, officials from the Department of Homeland Security have stated that the funding is likely to be “insufficient for all the necessary upgrades and many upgrades will not be complete before the 2018 midterms.” [source]

PIR2: What are the new indicators of potentially disruptive social, cultural or political conditions or events?

Major Trends

  • Ongoing political instability due to the Russia collusion investigation
  • Simmering social grievances based on race, class, and political ideology
  • Sporadic political violence
  • Ongoing culture war featuring information operations and expanding to economic warfare

Law enforcement agencies see decrease in applicants

Law enforcement agencies across the country have seen a decrease in applications in recent years. The decline is being attributed to various causes, however, potential candidates going into the private sector and the increased scrutiny of law enforcement officers are thought to be the primary causes.

“I think when scrutiny of law enforcement began to increase, the number of applicants started to decrease,” said Bemedji, Minnesota Police Chief Mike Mastin in an interview. Mastin stated further in the interview that,

“Initially, the decrease may have been a good thing… I think people entering this position should realize there’s a certain amount of scrutiny and expectations that are associated with professional behavior in this profession. But I think, as this has relentlessly continued, I think we’re now to the point where we’re deterring the people who really should be police officers.”
(Analyst comment: the shootings of unarmed black men by police officers has led to hundreds of peaceful protests and violent riots across the nation by activist groups such as Black Lives Matter. Over the last few years these kinds of protests have increased not only in frequency, but also in their size as well.) [source]

 

Kavanugh expected to be confirmed as newest Supreme Court Justice

Brett Kavanugh is expected to be confirmed as the newest Justice to the United States Supreme Court after Republican Senators Susan Collins and Jeff Flake and Democratic Senator Joe Manchin announced that they would be voting to confirm Kavanaugh. If the Senators vote yes, Kavanaugh would receive the 51 votes necessary to be confirmed.(Analyst comment: West Virginia Senator Joe Manchin is the only Democrat that has voted to confirm Kavanaugh.)

According to CNN, moments after the Senate voted to advance Kavanaugh’s nomination, President Trump tweeted, “Very proud of the U.S. Senate for voting ‘YES’ to advance the nomination of Judge Brett Kavanaugh!” [source]


PIR3: How are state and federal agencies preparing for domestic conflict, emergencies, or other instability?

Major Trends

  • Large scale efforts to increase election security
  • Large scale efforts to increase national cyber security
DHS Secretary: No sign China’s trying to undermine midterms
Homeland Security Secretary Kirstjen Nielsen recently stated that there is “currently no indication that a foreign adversary intends to disrupt our election infrastructure.” Nielsen’s statement pulled back a recent statement made by President Trump at the United Nations that China is trying to influence the midterms elections. Nielsen then stated that “In the case of China, it’s part of a more holistic approach to influence the American public in favor of China.” [source]

 

US Department of Energy invests $28m in cybersecurity

The Department of Energy will be investing a further $28 million into measures to protect the cybersecurity of critical infrastructure. The investments will be used for 11 different projects by energy providers, universities and various other organizations that will “promote the industry’s advancement of technologies.”

In addition to the DOE’s investment, the Department of Homeland Security Industrial Control Systems Capabilities Enhancement Act has been approved by the department. This new act, as reported by The Daily Swig, includes “measures to reduce the risk of an attack on US systems, and requires the National Cybersecurity and Communications Integration Center (NCCIC) to ‘identify threats to industrial control systems’ and address vulnerabilities in automated technology used in infrastructure.” [source]

 

The new national cyber strategy
During a White House press release, it was pronounced that the “First fully articulated cyber strategy for the United States since 2003,” has been released by the Trump administration. The new strategy, titled the “National Cyber Strategy of the United States of America”, includes four main pillars of priority:
  • Pillar I: Protect the American People, the Homeland, and the American Way of Life by securing federal networks and information, securing critical infrastructure, combating cybercrime and improving incident reporting.
  • Pillar II: Promote American Prosperity by fostering a vibrant and resilient digital economy, fostering and protecting U.S. ingenuity and developing a superior U.S. workforce.
  • Pillar III: Preserve Peace through Strength by enhancing cyber stability through norms of responsible state behavior and attributing and deterring unacceptable behaviors in cyberspace.
  • Pillar IV: Advance American Influence by promoting an open, interoperable, reliable and secure Internet and building international cyber capacity. [source]

 

Twitter Beefs Up Its Election Security Measures

Twitter has announced that they will be deleting all accounts that are thought to be fake or spreading disinformation in order to increase election security. According to NextGov, Twitter has updated it’s rules to clarify what it believes to be indicators of fake accounts,
“Intentionally misleading profile information such as an incorrect location, a stock or stolen avatar as well as a copied or stolen bio, are all cause for account removal. In general, deliberately mimicking another account, especially one that was previously suspended, is considered suspicious.  Distribution of hacked material will also be targeted by Twitter moderators, especially if it contains trade secrets or private information.”

These new security measures taken by Twitter follow the removal of over 700 accounts from Iran that were “engaging in coordinated behavior” and 50 accounts which were “misrepresenting themselves as members of a variety of state Republican parties.”

Twitter officials stated during the announcement that will “We continue to partner closely with the RNC, DNC, and state election institutions to improve how we handle these issues.” [source]


PIR4: What are the new indicators of systems disruption and threats to the economic or financial industry?

Major Trends

    • Trade war with China poses risk to U.S. farmers and manufacturers, emerging markets
    • Unsustainable national debt to increase due to trillion dollar budget deficits in 2019+
    • High potential for an economic recession around 2019-2020 that causes significant financial disruption
China Slams Brakes on U.S. Crude Oil Imports
According to data from the U.S. Census Bureau released on Friday, October 5th 2018, China has halted the purchase of United States crude oil for the first time since September 2016. The stoppage comes in the midst of an escalating trade war between the two nations and follows China’s June 2018 threat to induce a 25% tariff on crude oil imports. [source]
Lowest U.S. unemployment rate in 50 years
In September the US unemployment rate dropped down to 3.7 percent, which is the lowest percentage since 1969. In addition to the decrease in unemployment, average hourly earnings have risen by 2.8% since last year. According to NPR, the US gained 134,000 jobs in the following sectors:
  • Professional and business services: +54,000
  • Transportation and warehousing: +24,000
  • Construction: +23,000
  • Manufacturing: +18,000
  • Health Care: +30,000
  • Retail: -20,000
 [source]

// END REPORT

Samuel Culper is a former Intelligence NCO and contractor. Iraq(x1)/Afghanistan(x2). He now studies intelligence and warfare.

Join nearly 9,000 people already receiving the Forward Observer Dispatch

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *