News & Information       http://info.owt.com

Security

03/28/2017   Security Focus Vulnerabilities
[SECURITY] [DSA 3823-1] eject security update
03/28/2017   Security Focus Vulnerabilities
APPLE-SA-2017-03-27-7 macOS Server 5.3
03/28/2017   Security Focus Vulnerabilities
[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update
03/28/2017   Security Focus Vulnerabilities
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
03/28/2017   SecurityFocus News
Enterprise Intrusion Analysis, Part One
03/28/2017   SecurityFocus News
Responding to a Brute Force SSH Attack
03/28/2017   SecurityFocus News
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
03/28/2017   SecurityFocus News
WiMax: Just Another Security Challenge?
03/28/2017   SecurityFocus News
Time to Squish SQL Injection
03/28/2017   SecurityFocus News
Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
03/28/2017   SecurityFocus News
The Scale of Security
03/28/2017   SecurityFocus News
Hacker-Tool Law Still Does Little
03/28/2017   Forbes Security
Many locks that are used at health clubs and gyms are not secure and are an open invitation to thieves. If you use one of these, then you can be at risk.
03/28/2017   Forbes Security
When it comes to cybercrime in China, outside observers might focus on the hacking of websites or stored data in the U.S. and other Western countries. If a Chinese citizen (particularly an urbanite who grew up in the 1990s/2000s) is asked about cybercrime, the response is likely to be online fraud.
03/28/2017   Forbes Security
The body is set to vote Tuesday on a Senate-approved bill scrapping rules that prohibit the unauthorized use and sale of intimate data—a change which could be permanent.
03/28/2017   Forbes Security
Coupled with Bitcoin’s popularity among ransomware extortionists and all manner of other cybercriminals, we must now face a chilling realization: the underlying value of Bitcoin really has little if nothing to do with its artificial scarcity or popularity as a medium of speculation.
03/28/2017   Sophos Security
Your daily round-up of some of the other stories in the news
03/28/2017   Forbes Security
Thin clients don't get a whole lot of attention in the world of iPhones and PC detachables, but the latest improvements in VDI and thin clients like the Dell Wyse 3040 could make a big difference in that.
03/28/2017   InfoWorld Security

For the second time in two weeks developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.

Like the LastPass flaws patched last week, the new issue was discovered and reported to LastPass by Tavis Ormandy, a researcher with Google’s Project Zero team. The researcher revealed the vulnerability’s existence in a message on Twitter, but didn’t publish any technical details about it that could allow attackers to exploit it.

To read this article in full or to leave a comment, please click here

03/28/2017   Sophos Security
The lesson from this failed appeal is that threats on social media will be taken very seriously by the authorities - so be careful when blowing off steam
03/28/2017   Forbes Security
SimpliSafe, founded by Laurans Chad, was one of the first companies to introduce a DIY home security product back in 2006, years before the smart home category really took off. Since then its solutions were installed in more than 300,000 American homes. Chad and I met for a talk about home security:
03/28/2017   Sophos Security
If you've got a hardware fob for eBay verification, it will still work for now, but be prepared to switch to another method for 2FA
03/28/2017   Sophos Security
Four-year-old boy used his unconscious mother's thumb to unlock her iPhone and call the emergency services
03/28/2017   Sophos Security
'Voluntary' ID scheme soon to be mandatory for a huge range of everyday activities, from buying a train ticket online to getting a new Sim card
03/28/2017   Trend Micro Security
On Friday, March 24, we at Trend Micro were saddened to learn that our chief technology officer, Raimund Genes, died unexpectedly at his family home in Germany. It is an incredible loss for us all, and one that still has us wishing it were not true. For me personally, I’m losing a wonderful, close friend...
03/28/2017   Forbes Security
New York State has issued guidelines that could help get us closer to a reasonable standard, but we must do even more to stay one step ahead.
03/28/2017   InfoWorld Security

It’s bad enough when black hat hackers insert malicious backdoors into systems and software after vendors/makers have sold these into the marketplace. It is another matter when the vendors who create these devices and programs unwittingly or purposely leave backdoors inside their products.

To read this article in full or to leave a comment, please click here

(Insider Story)
03/28/2017   Sophos Security
After last week's attack in London, the home secretary called on television for cryptographic regression - but that won't deliver what she wants
03/28/2017   InfoWorld Security

Readers often ask me how I feel about the latest free, public certificate authorities (CAs). I always tell them the same thing: It's difficult for a free CA to actually provide any security assurance. There is no free lunch.

I was reminded of this maxim when I read a recent article from HashedOut revealing that the popular, free Let's Encrypt has issued more than 15,000 digital certificates with the word "PayPal" in the subject name. PayPal itself doesn't use Let's Encrypt, so it's likely that most of these digital certificates are related to phishing attacks (according to HashedOut's analysis, that would be a whopping 96.7 percent of them).

To read this article in full or to leave a comment, please click here

03/28/2017   InfoWorld Security

From development to deployment, one the most distinctive traits of using containers is speed. The development cycle is not only rapid, but divided into multiple, bite-sized components that are constantly updated. At runtime, frequent updates and sometimes ephemeral workloads make it a challenge to lock down any environment. This scenario perfectly exemplifies why speed has always been the enemy of security, but in container-based development environments, there is a way to nip this problem in the bud: automation, automation, and more automation.

To read this article in full or to leave a comment, please click here

03/28/2017   Security Focus Vulnerabilities
LibTIFF CVE-2016-9533 Heap Buffer Overflow Vulnerability
03/28/2017   Security Focus Vulnerabilities
Ruby on Rails Action Pack CVE-2016-0751 Denial of Service Vulnerability
03/28/2017   Security Focus Vulnerabilities
Apache And Microsoft IIS Range Denial of Service Vulnerability
03/28/2017   Security Focus Vulnerabilities
OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/28/2017   Sophos Latest Virus Alerts
03/27/2017   Department of Homeland Security
Release Date: 
March 28, 2017

210 House Capitol Visitor Center

Chairman Ratcliffe, Ranking Member Richmond, and members of the Committee, thank you for the opportunity to appear before you today. Cybersecurity remains one of the most significant strategic risks to the United States. The past several years have seen a steady drumbeat of cybersecurity compromises affecting the Federal Government, state and local governments, and the private sector. Working with Congress, we have focused on a range of actions to confront this evolving challenge. By bringing together all levels of government, the private sector, international partners, and the public, we are taking action to protect against cybersecurity risks, improve our whole-of-government incident response capabilities, enhance sharing of information on best practices and cyber threats, and strengthen resilience. The Department of Homeland Security (DHS), through the National Protection and Programs Directorate (NPPD), leads the federal government’s efforts to secure our Nation’s critical infrastructure and protect federal civilian networks from malicious cyber activity.

Over the past few years, the federal government has made significant progress in improving agency cybersecurity, establishing a common baseline of protection, and codifying roles and responsibilities to effectively manage cybersecurity risks and incidents. Through engagements with state, local, tribal, and territorial (SLLT) governments, and the private sector, we have provided technical assistance upon request and expanded information sharing capabilities to improve situational awareness of threats, vulnerabilities, incidents, mitigation, and recovery actions. Today, I will discuss the roles of NPPD in protecting the federal civilian executive branch networks.

Under the Federal Information Security Modernization Act of 2014 (FISMA), agencies have primary responsibility for their own cybersecurity, the Office of Management and Budget (OMB) generally develops and oversees agency implementation of information security policies and practices, and DHS administers the implementation of those policies and practices. As part of securing their own systems, agencies must comply with OMB policies, DHS directives, and National Institute of Standards and Technology (NIST) standards and guidelines. DHS, pursuant to its various authorities, provides a common set of security tools across the civilian executive branch and helps agencies manage their cyber risk. NPPD’s assistance to agencies includes (1) providing tools to safeguard civilian executive branch networks through the National Cybersecurity Protection System (NCPS), which includes EINSTEIN, and Continuous Diagnostics and Mitigation (CDM) programs, (2) measuring and motivating agencies to implement policies, directives, standards, and guidelines, (3) serving as a hub for information sharing and incident reporting, and (4) providing operational and technical assistance, including threat information dissemination and risk and vulnerability assessments, as well as incident response services. DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is the civilian government’s hub for cybersecurity information sharing, asset incident response, and coordination.

EINSTEIN

EINSTEIN refers to the suite of intrusion detection and prevention capabilities that protects agencies’ unclassified networks at the perimeter of each agency. EINSTEIN provides situational awareness of civilian executive branch network traffic, so threats detected at one agency are shared with all others providing agencies with information and capabilities to more effectively manage their cyber risk. The U.S. Government could not achieve such situational awareness through individual agency efforts alone.

The first two phases of EINSTEIN – EINSTEIN 1 and 2 – allow DHS to identify potentially malicious activity and to conduct critical analysis after an incident occurs, as well as to detect known malicious traffic. In 2015, DHS estimated these capabilities screened over 90 percent of all federal civilian Internet traffic. On a typical day, EINSTEIN 2 intrusion detection sensors generate approximately 30,000 alerts about potential malicious cyber activity. These alerts are evaluated by DHS cybersecurity analysts to determine whether the alert represents an active threat and potential compromise, and if further mitigation or remediation is needed.

EINSTEIN 3 Accelerated (EINSTEIN 3A) is the intrusion prevention capability, which blocks known malicious traffic. Intrusion prevention is provided as a service by Internet service providers (ISPs) serving the federal government. The initial implementation of EINSTEIN 3A involves two intrusion prevention security services by the ISPs: domain name server (DNS) sinkholing and email filtering. DHS is working with the ISPs to add further protections. EINSTEIN 1 and 2 use only unclassified cyber threat indicators, while EINSTEIN 3A uses unclassified and classified indicators. These signature-based capabilities use indicators of compromise to detect and block known malicious traffic.

In the Cybersecurity Act of 2015, Congress directed each executive branch civilian agency to apply available EINSTEIN protections to all information traveling to or from an agency information system by December 18, 2016. Agencies have made significant progress in implementing available EINSTEIN protections. Prior to passage of the Act, EINSTEIN 3A covered approximately 38 percent of federal civilian users. Today, EINSTEIN 3A is protecting a significant percentage of the executive branch civilian workforce at the 23 largest agencies and most agencies have at least one of its two intrusion prevention capabilities. DHS continues to work with all remaining federal civilian agencies to facilitate their full participation in EINSTEIN. At the same time, our NCPS program is also developing new capabilities and conducting a strategic review of the program architecture that will provide even more protections for federal agencies.

Today, EINSTEIN is a signature-based intrusion detection and prevention capability that takes action on known malicious activity. Leveraging existing investments in the ISP infrastructure, our non-signature based pilot efforts to move beyond current reliance on signatures are yielding positive results in the discovery of previously unidentified malicious activity. DHS is demonstrating the ability to capture data that can be rapidly analyzed for anomalous activity using technologies from commercial, government, and open sources. The pilot efforts are also defining the future operational needs for tactics, techniques, and procedures as well as the skill sets and personnel required to operationalize the non-signature based approach to cybersecurity.

SLTT governments are able to access intrusion detection and analysis services through the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC’s service, called Albert, closely resembles EINSTEIN 2. While the current version of Albert cannot actively block known cyber threats, it can alert cybersecurity officials to an issue for further investigation. DHS worked closely with MS-ISAC to develop the program and considers MS-ISAC to be the principal conduit for sharing cybersecurity information with state governments.

Continuous Diagnostics and Mitigation (CDM)

EINSTEIN, our tool to address perimeter security will not block every threat; therefore, it must be complemented with systems and tools working inside agency networks—as effective cybersecurity risk management requires a defense in depth strategy that cannot be achieved through only one type of tool. CDM provides cybersecurity tools and integration services to all participating agencies to enable them to improve their respective security postures by reducing the attack surface of their networks as well as providing DHS with enterprise-wide visibility through a common federal dashboard. CDM is divided into four phases:

  • CDM Phase 1 identifies all computers and software on agency networks and checks for known vulnerabilities.
  • CDM Phase 2 allows agencies to better manage identities, accounts, and privileges for the people and services using their networks.
  • CDM Phase 3 will assess activity happening on agencies’ networks to identify anomalies and alert security personnel.
  • CDM Phase 4 will protect sensitive and high value data within agency networks.

Significant progress has been made in the deployment of CDM. DHS has assessed the needs of the executive branch civilian agencies and has completed the purchasing of most CDM Phase 1 tools. Agencies are now installing the tools across their networks, including six agencies that have fully deployed all Phase 1 tools as well as the agency dashboards, which give network administrators visibility into the current state of their networks to better identify and prioritize areas of cyber risk. DHS has also awarded two CDM Phase 2 contracts, focusing on strong authentication for administrative users as well as general users, making the associated tools available to all participating agencies.

This summer, CDM will begin supplementing the existing CDM agency dashboards by introducing the federal CDM Dashboard, which will provide the National Cybersecurity and Communications Integration Center (NCCIC) with greater insight into the federal enterprise cybersecurity posture. The summary data available at the federal level presents a view of the relative risk and network health across the federal government to inform policy decisions and operational guidance, provide timely reporting for addressing critical issues affecting multiple agencies, and enable cost-effective and efficient FISMA reporting.

CDM will help us achieve two major advances for federal cybersecurity. First, agencies will have visibility, often for the first time, into the extent of cybersecurity risks across their entire network and gain the ability to prioritize identified issues based upon their relative importance. Second, the NCCIC will be able to identify systemic risks across the civilian executive branch. An example is illustrative. Currently, when a vendor announces a major vulnerability, the NCCIC tracks government-wide progress in implementing critical patches via agency self-reporting and manual data calls. CDM will allow the NCCIC to immediately view the prevalence of a given device or software type across the federal government so that the NCCIC can provide agencies with timely guidance on their risk exposure. Effective cybersecurity requires a robust measurement regime, and robust measurement requires valid and timely data. CDM will provide this baseline of cybersecurity risk data to drive improvement across the civilian executive branch.

CDM tools are currently available through blanket purchase agreement negotiated by the General Services Administration on DHS’s behalf. This agreement leverages the government-wide volume to provide the best value and cost savings to the Federal Government. For example, by grouping agency requirements in Phases 1 and 2, we have saved the federal government millions of dollars on product purchases. Many SLTT governments are also able to purchase tools from this purchase agreement. By purchasing commercial CDM tools, SLTT governments can take advantage of bulk purchasing cost savings and invest those savings in their own cybersecurity resilience.

Measuring and Motivating Agencies to Improve Cybersecurity

DHS conducts a number of activities to measure agencies’ cybersecurity practices and work with agencies to improve risk management practices.

The Cybersecurity Framework, is voluntary guidance, based on existing standards, guidelines, and practices to help organizations better manage and reduce cybersecurity risk and was developed by NIST through collaboration with diverse parts of industry, academia, and government, including DHS. TDHS promotes the use of NIST standards, guidelines, minimum information security requirements, including the Cybersecurity Framework.

FISMA provided the Secretary of Homeland Security with the authority to develop and oversee implementation of binding operational directives to agencies. In 2016, the Secretary issued a binding operational directive on securing high value assets (HVA), or those assets, federal information systems, information, and data for which unauthorized access, use, disclosure, disruption, modification, or destruction could cause a significant impact to the United States’ national security interests, foreign relations, economy, or to the public confidence, civil liberties, or public health and safety of the American people. DHS works with several interagency partners to prioritize HVAs for assessment and remediation activities across the federal government. For instance, DHS conducts security architecture reviews on these HVAs to help agencies assess their network architecture and configurations.

As part of the effort to secure HVAs, DHS conducts in-depth vulnerability assessments of prioritized agency HVAs to determine how an adversary could penetrate a system, move around an agency’s network to access sensitive data, and exfiltrate such data without being detected. These assessments include services such as penetration testing, wireless security analysis, and “phishing” evaluations in which DHS hackers send emails to agency personnel and test whether recipients click on potentially malicious links. DHS has focused these assessments on federal systems that may be of particular interest to adversaries or support uniquely significant data or services. These assessments provide system owners with recommendations to address identified vulnerabilities. DHS provides these same assessments, on a voluntary basis upon request, to private sector and SLTT partners. DHS also works with GSA to ensure our industry partners can provide assessments that align with our HVA initiative to agencies, if necessary.

Another binding operational directive issued by the Secretary directs civilian agencies to promptly patch known vulnerabilities on their Internet-facing devices. The NCCIC conducts Cyber Hygiene scans to identify vulnerabilities in agencies’ internet-accessible devices and provides mitigation recommendations. Agencies have responded quickly in implementing the Secretary’s binding operational directive and have sustained this progress. When the Secretary issued this directive, NPPD identified over 360 “stale” critical vulnerabilities across federal civilian agencies. By “stale” I mean the vulnerabilities had been known for at least 30 days and were still not patched. Since December 2015, DHS has identified an average of less than 40 critical vulnerabilities at any given time, and agencies have addressed those vulnerabilities rapidly once they were identified.

By conducting vulnerability assessments and security architecture reviews, DHS is helping agencies find and fix vulnerabilities, and secure their networks before an incident occurs.

Information Sharing

By sharing information quickly and widely, we help all partners block cyber threats before damaging incidents occur. Equally important, the information we receive from other partners helps us understand emerging risks and develop effective protective measures.

Congress authorized the NCCIC as the civilian hub for sharing cyber threat indicators and defensive measures with and among federal and non-federal entities, including the private sector. As required by the Cybersecurity Act of 2015, we established a capability, known as Automated Indicator Sharing (AIS), to automate our sharing of cyber threat indicators in real-time. AIS protects the privacy and civil liberties of individuals by narrowly tailoring the information shared to that which is necessary to characterize identified cyber threats, consistent with longstanding DHS policy and the requirements of the Act. AIS is a part of the Department’s effort to create an ecosystem in which as soon as a company or federal agency observes an attempted compromise, the indicator is shared in real time with all of our partners, enabling them to protect themselves from that particular threat. This real-time sharing limits the scalability of any attack techniques, which increases the costs for adversaries and should reduce the impact of malicious cyber activity. An ecosystem built around automated sharing and network defense should enable organizations to enhance their defenses against the most common cyber-attacks, freeing their cybersecurity staff to concentrate on the novel and sophisticated attacks. Over 129 agencies and private sector partners have connected to DHS’s AIS capability. Notably, partners such as information sharing and analysis organizations (ISAOs) and computer emergency response teams further share with or protect their customers and stakeholders, significantly expanding the impact of this capability. AIS is still a new capability and we expect the volume of threat indicators shared through this system to substantially increase as the technical standards, software, and hardware supporting the system continue to be refined and put into full production. As more indictors are shared from other federal agencies, SLTT governments, and the private sector, this information sharing environment will become more robust and effective.

Another part of the Department’s overall information sharing effort is to provide federal network defenders with the necessary context regarding cyber threats to prioritize their efforts and inform their decision making. DHS’s Office of Intelligence and Analysis (I&A) is continuously assessing the specific threats to federal networks using traditional all source methods and indicators of malicious activity observed by NCCIC sensors so that the NCCIC can share with federal network defenders in collaboration with I&A. I&A personnel sit on the NCCIC watch floor.

Incident Response

Cybersecurity is about risk management, and we cannot eliminate all risk. Partners that implement best practices and share information will increase the cost for malicious actors and stop many threats. But ultimately, persistent adversaries will find ways to infiltrate networks in both government and the private sector. In Fiscal Year 2016, the NCCIC received reports of 30,899 impactful incidents across the eight attack vectors at federal agencies, according to the FISMA Annual Report to Congress. When an incident does occur, the NCCIC offers assistance upon request to find the adversary, drive them out, and restore service.

Conclusion

At all levels, the federal government continues to be targeted by a wide range of malicious cyber actors attempting to gain access to sensitive systems. We have made significant progress over the past year: we have provided a baseline of CDM Phase 1 tools, we have expanded the coverage of EINSTEIN 3A, we have expanded risk and vulnerability assessments, we have operationalized the automated indicator sharing capability, and we have established a useful architecture for coordinating the Federal Government’s response to significant cyber incidents. But there is more to be done. This Administration will make significant investments in cybersecurity. In the recently-released budget blueprint, the President requested $1.5 billion for DHS to safeguard cyberspace by protecting federal networks and critical infrastructure from an attack. Through a suite of advanced cybersecurity tools and more assertive defense of government networks, NPPD would share more cybersecurity incident information with other Federal agencies and the private sector, leading to faster responses to cybersecurity attacks.

We must also ensure that DHS is appropriately organized to address today’s and tomorrow’s cybersecurity threats, and we appreciate the Chairman of the Committee’s leadership in working to reauthorize the Department. As the committee considers these issues, we are committed to working with Congress to ensure that this effort is done in a way that ensures a homeland that is more safe, secure, and resilient.

Thank you for the opportunity to testify, and I look forward to any questions you may have.

03/27/2017   Forbes Security
As part of a series exploring cybersecurity and its impact on consumers, marketers, and marketing. I talked with Holly Rollo, the CMO of RSA, a Dell Technologies business. The following focuses on marketing's role in cybersecurity.
03/27/2017   Sophos Security
Your daily round-up of some of the other stories in the news
03/27/2017   Sophos Security
The internet depends on encryption - and Amber Rudd is unwittingly calling for a hole to be kicked in security itself
03/27/2017   Forbes Security
Hack could own an iPhone by just having it connect to Wi-Fi, but Apple has fixed it.
03/27/2017   Sophos Security
Officials warn of a 'labor-intensive' extension will create logistical and administrative hurdles
03/27/2017   InfoWorld Security

If you use Microsoft’s Docs.com to store personal documents, stop reading this and make sure you aren’t inadvertently leaking your private information to the world.

Microsoft sets any documents uploaded to the document sharing site as public by default—though it appears that many users aren’t aware of it. That means anyone can search Docs.com for sensitive personal information that wasn’t manually set private. PCWorld found social security numbers, health insurance ID numbers, bank records, job applications, personal contact details, legal correspondence, and drivers license numbers with just a few minutes of searching.

To read this article in full or to leave a comment, please click here

03/27/2017   Sophos Security
LastPass's response to being alerted to security flaws in its products is an example of the right attitude to fixing problems
03/27/2017   Forbes Security
Yvonne Wassenaar has gone from being a partner at Accenture, to IT executive positions at VMware to CIO of digital intelligence platform company, New Relic. Her combination of strong business and technical acumen has also allowed her to join the boards of multiple companies.
03/27/2017   Forbes Security
The government’s defense secretarysaid WhatsApp must not be a 'place for terroriststo hide,' putting renewed pressure on Facebook’s most popular messaging service.
03/27/2017   InfoWorld Security

A vulnerability in a JSON-based web encryption protocol could allow attackers to retrieve private keys. Cryptography experts have advised against developers using JSON Web Encryption (JWE) in their applications in the past, and this vulnerability illustrates those very dangers.

Software libraries implementing the JWE, or RFC 7516, specification suffer from a classic Invalid Curve Attack, wrote Antonio Sanso, a senior software engineer at Adobe Research Switzerland and part of the Adobe Experience Manager security team. The JSON Web Token (JWT) is a JSON-based open standard defined in the OAuth specification family used for creating access tokens, and JWE is a set of signing and encryption methods for JWT. Developers using JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) are affected.

To read this article in full or to leave a comment, please click here

03/26/2017   Forbes Security
This article starts a series on how to build a balanced cybersecurity portfolio. This piece includes the first two steps (Determine Needs, Allocate Spending According to Risk) companies should take when creating that portfolio. Subsequent articles will cover steps three through five.
03/26/2017   Forbes Security
Britain's home secretary, Amber Rudd, has demanded that companies such as WhatsApp should be forced to give the security services a backdoor, saying it's 'completely unacceptable' that terrorists should be able to communicate in secret.
03/25/2017   Forbes Security
As part of a series exploring cybersecurity and its impact on consumers, marketers, and marketing. I talked with Holly Rollo, the CMO of RSA, a Dell Technologies business. The following focuses on the “who” related to cybersecurity—who owns it and manages it.
03/25/2017   InfoWorld Security

NordVPN gives you a private and fast path through the public Internet. All of your data is protected every step of the way using revolutionary 2048-bit SSL encryption even a supercomputer can’t crack. Access Hulu, Netflix, BBC, ITV, Sky, RaiTV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN. Take advantage of the current 72% off deal that makes all of this available to you for just $3.29/month (access deal here). This is a special deal available for a limited time.

To read this article in full or to leave a comment, please click here

03/24/2017   InfoWorld Security
CSO Online's Steve Ragan and Joan Goodchild chat about the hot security news of the week, including their take on the recent WikiLeaks revelations around the CIA, and how Cisco, Samsung and Apple have responded to the information.
03/24/2017   Forbes Security
Hackers claim they have obtained iCloud and me.com email addresses and passwords and will wipe people's phones unless Apple pays a ransom by April 7. Here's how to protect your data.
03/24/2017   Trend Micro Security
Security startup Cybellum recently announced a new attack that they’re calling “DoubleAgent”. They’ve labelled this a zero day “attack for taking full control over major antiviruses and next-generation antiviruses”. There’s a lot to unpack here. When you’re assessing the risk any issue poses it’s always best to clearly define the issue. Let’s start there. The...
03/24/2017   InfoWorld Security

The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.

WikiLeaks released a new set of files Thursday that supposedly came from the CIA. They contain details about the agency’s alleged malware and attack capabilities against iPhones and Mac computers.

The documents, dated 2012 and earlier, describe several “implants” that the CIA can install in the low-level extensible firmware interface (EFI) of Mac laptop and desktop computers. These EFI rootkits allow the agency's MacOS spying malware to persist even after the OS is reinstalled.

To read this article in full or to leave a comment, please click here

03/24/2017   InfoWorld Security

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store -- where software is vetted – is perhaps the best advice.  

But that doesn’t mean Google Play is perfect.

Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it.

To read this article in full or to leave a comment, please click here

03/24/2017   Forbes Security
Innovative technologies like IBM Watson are indeed disruptive, but enterprise transformation doesn’t solely depend upon disruptive technology innovations at the expense of older, more established technologies.
03/24/2017   InfoWorld Security

Security teams, network administrators, and operations teams have busy days ahead. Google’s Chrome development team is fed up with Symantec as a certificate authority and has announced plans to no longer trust current Symantec certificates.

In the past 18 months, Google has tangled repeatedly with Symantec over the way it issues transport layer security (TLS) certificates, with Symantec promising to do better. The latest incident—an investigation into 127 mis-issued certificates—ballooned into “at least 30,000, issued over a period spanning several years,” Ravi Sleevi, a software engineer on the Google Chrome team, wrote on the Blink online forum. As a result, the Chrome developers “no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.”

To read this article in full or to leave a comment, please click here

03/24/2017   Forbes Security
These new home security cameras are simple to use. And they work well.
03/24/2017   InfoWorld Security

The price of a single bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media.

Victims are lured in with fake bitcoin wallets, fake bitcoin search services, fake surveys about bitcoins, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with bitcoins, according to a report released this week.

“The same characteristics that make bitcoin attractive to people who want to make money distributing ransomware make it attractive to scammers,” said Philip Tully, senior data scientist at security vendor ZeroFox, which published the report.

To read this article in full or to leave a comment, please click here

03/24/2017   Trend Micro Security
The 10th anniversary of Pwn2Own is now in the books! It was a crazy week at the CanSecWest Conference, full of drama with the biggest contest ever with teams from Asia, Europe and North America! It was a tight race with only three points separating first and second place. In the end, we saw a...
03/24/2017   Trend Micro Security
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for...
03/24/2017   Forbes Security
The company is looking for opportunities to use its vision technology for virtual fences in addition to 3-D imaging for self-driving cars.
03/24/2017   Forbes Security
The Senate voted to overturn rules that would have made your ISP ask nicely before taking your browsing history. Good thing you already give all your data
03/24/2017   Forbes Security
03/24/2017   InfoWorld Security

Anti-fraud measures by the Internal Revenue Service (IRS) and state agencies over the past two years have made tax refund scams harder for cyber criminals to pull off even as attacks targeting taxpayer information continue unabated.

So far this year, at least 124 organizations have disclosed incidents in which an office worker or payroll processor inadvertently leaked employee W-2 data after being conned by a phishing email purporting to be from the CEO or other senior company official.

The biggest so far is an incident at American Senior Communities in which W-2 data belonging to 17,000 employees was compromised after a payroll processor provided the information to an offshore scammer posing as a top company executive. ASC officials discovered the leak only after several employees complained of being unable to file their 2016 taxes because someone else had already filed it.

To read this article in full or to leave a comment, please click here

03/24/2017   InfoWorld Security

Just because it's on GitHub doesn't mean it's legitimate. A financially motivated espionage group is abusing a GitHub repository for C&C (command and control) communications, Trend Micro warned.

Researchers found malware used by Winnti, a group mainly known for targeting the online gaming industry, was connecting to a GitHub account to obtain the exact location of its C&C servers. The malware looked up an HTML page stored in the GitHub project to obtain the encrypted string containing the IP address and port number for the C&C server, wrote Trend Micro threat researcher Cedric Pernet on the TrendLabs Security Intelligence blog. It would then connect to that IP address and port to receive further instructions. As long as the group kept the HTML page updated with the latest location information, the malware would be able to find and connect to the C&C server.

To read this article in full or to leave a comment, please click here

03/24/2017   InfoWorld Security

Roughly 26 years after Linux pushed open source into mainstream enterprise adoption, we're still debating how big a role open source should play -- at least, some people are.

Developers aren't in that group: Open source has become part of the "furniture" for them, essential to data infrastructure (Hadoop, Spark, and so on), mobile (Android), operations (Docker, Kubernetes), machine learning (TensorFlow, Mahout), and more.

The PR world, however, didn't get the memo. Canonical, the company behind Ubuntu, sent out a note this past week arguing that companies that "don't jump on the open source bandwagon" risk being "left behind." SAS's PR team, by contrast, put out a report offering helpful guidelines: Make sure your software portfolio contains no more than 40 percent open source or face potential exposure to all sorts of security, cost, and other problems.

To read this article in full or to leave a comment, please click here

03/24/2017   InfoWorld Security

You want solid cloud security, so you work to find the best approach and technology. But that won’t get the job done.

The truth is that competent cloud security technology is available, and most IT organizations’ cloud teams are good at finding and using it. But cloud IT doesn’t exist in a vacuum, so having the right approach and technology alone won’t secure your cloud operations.

To achieve solid cloud security, departments across IT need to come together, both those that focus on legacy and those that focus on cloud computing.

To read this article in full or to leave a comment, please click here

03/23/2017   Wired Security
WikiLeaks Reveals How the CIA Can Hack a Mac’s Hidden Code
The leak shows how physical access hacks can plant undetectable spying code deep in a Macbook's firmware. The post WikiLeaks Reveals How the CIA Can Hack a Mac's Hidden Code appeared first on WIRED.
03/23/2017   Trend Micro Security
The 10th anniversary of Pwn2Own just successfully completed as the Zero Day Initiative spent $833,000 acquiring 51 different 0-day bugs. The event was filled with drama as vendors released their security patches the day before the contest, causing a number of entries to pull out immediately. Over the next three days, five additional entries would...
03/23/2017   Trend Micro Security
Hardware configuration could leave your IoT devices vulnerable to attacks.Ignoring the configurations of your IoT devices puts your business at risk, making it important to secure your systems appropriately.
03/23/2017   InfoWorld Security

Most technologies go through a stage when everything seems possible. Personal computers in the early 1980s, the internet in the late 1990s and mobile apps around the beginning of this decade were like that.

But so was the first unboxing of a Galaxy Note 7. In time, either suddenly or gradually, reality sets in.

The internet of things still looks promising, with vendors and analysts forecasting billions of connected devices that will solve all sorts of problems in homes and enterprises. But the seams are starting to show on this one, too. As promising as the technology is, it has some shortcomings. Here are a few.

To read this article in full or to leave a comment, please click here

03/23/2017   InfoWorld Security

Android suffers from a reality-based reputation problem, with reports of malicious apps stealing user data and critical security vulnerabilities that can take over user devices. Over the years, Google has been working to improve its mobile operating system with new security features, the release of monthly security updates, and better tools to detect and remove malicious apps both on devices and in the Google Play app store. As a result, Android is safer than you may believe, the company says in its annual Android Security Year in Review report.

To read this article in full or to leave a comment, please click here

03/23/2017   Trend Micro Security
In our 2016 security roundup report, A Record Year for Enterprise Threats, we talked about the vulnerability landscape during the year and what trends we saw. Let’s look at some of the key aspects of what we saw in 2016. 1. Trend Micro’s Zero Day Initiative (ZDI) with support of their 3,000+ independent vulnerability researchers,...
03/23/2017   Trend Micro Security
If you’ve ever bought anything online, checked your bank accounts through the app, or logged on to your favorite social media network, you’ve used a technology called SSL/TLS. The S in HTTPS. SSL/TLS (just to keep it simple, I’ll refer to as SSL) is the technology used to encrypt the communication between your browser and...
03/22/2017   Department of Homeland Security
Release Date: 
March 22, 2017

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

WASHINGTON— On Wednesday, March 22, Secretary Kelly met with Honduran President Juan Orlando Hernandez to discuss bilateral and regional security and economic issues of mutual interest.  During the meeting, President Hernandez outlined his administration’s recent successes in increasing citizen security, strengthening law enforcement institutions, and strengthening the Honduran economy.  President Hernandez specifically mentioned several achievements, to include falling rates of violent crime, job creation and growth, and the extradition of criminals to the United States, and thanked Secretary Kelly for his support in reaching these goals.

Secretary Kelly highlighted the importance of joint collaboration to combat transnational crime, reduce narcotics trafficking, share information, and promote economic opportunity in the region.  Both leaders emphasized the close relationship between DHS and the Government of Honduras and expressed enthusiasm for their shared partnership going forward.  The Honduran delegation included the Secretary General Coordinator General of the Government, Special Envoy to the United States, and Minister of Economic Development.  Key DHS officials, to include U.S. Customs and Border Protection Acting Commissioner Kevin McAleenan, U.S. Immigration and Customs Enforcement Acting Director Thomas Homan, and U.S. Coast Guard Commandant Paul Zukunft, were also present.

At the end of the meeting, President Hernandez and Secretary Kelly signed an agreement to share aviation information that will augment the Honduran Government’s ability to identify criminals and potential terrorists entering or transiting Honduras.

Secretary Kelly meets with President of Honduras Juan Orlando Hernandez to discuss bilateral and regional security and economic issues of mutual interest.

Secretary Kelly meets with President of Honduras Juan Orlando Hernandez to discuss bilateral and regional security and economic issues of mutual interest. (DHS Photo/Barry Bahler)

# # #

03/22/2017   InfoWorld Security

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.

The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service's users for Google Chrome, Mozilla Firefox and Microsoft Edge.

According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user's secure vault.

To read this article in full or to leave a comment, please click here

03/22/2017   InfoWorld Security

Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks.

"This group is known for getting accounts and credentials, they have gotten credentials in the past," said Lamar Bailey, director of security research and development at Tripwire, of the purported hackers. "But whether they have that many ... who knows?"

There's another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.

To read this article in full or to leave a comment, please click here

03/22/2017   Trend Micro Security
Paying for ransomware could end up costing you more than you anticipated.Paying for ransomware could end up costing you more than you anticipated, leaving you to handle the fallout.
03/22/2017   Department of Homeland Security
Release Date: 
March 22, 2017

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

WASHINGTON - The Department of Homeland Security stands in solidarity alongside our friends in the United Kingdom in condemning the terrible attack at Parliament today.  With our partners in federal law enforcement, we are in close contact with our British counterparts to monitor the tragic events and to support the ongoing investigation.  At this time our domestic security posture remains unchanged.  However, our frontline officers and agents continue to stay vigilant in safeguarding the American people and our homeland.

 

###

Topics: 
03/22/2017   Trend Micro Security
As I entered CeBIT 2017 on Monday, a nostalgic wave hit me. I was reminded of my first trip to this conference 27 years ago, shortly after we founded Trend Micro. Walking in that day, floppy disks and computer in hand, I was eager to learn and ready to grow in this industry. My excitement...
03/22/2017   Wired Security
Good News: Android’s Huge Security Problem Is Getting Less Huge
According to Google's own stats, only half of Android devices received a security update any time in 2016. The post Good News: Android’s Huge Security Problem Is Getting Less Huge appeared first on WIRED.
03/21/2017   Department of Homeland Security
Release Date: 
March 22, 2017

253 Russell Senate Office Building

Good afternoon Mr. Chairman and distinguished members of the Subcommittee. I appreciate the opportunity to testify today and thank you for your enduring support of the United States Coast Guard.

As the world’s premier, multi-mission, maritime service, the Coast Guard offers a unique and enduring value to the Nation. The only branch of the U.S. Armed Forces within the Department of Homeland Security (DHS), a federal law enforcement agency, a regulatory body, a first responder, and a member of the U.S. Intelligence Community – the Coast Guard is uniquely positioned to help secure the border, combat transnational criminal organizations (TCO), and safeguard America’s economic prosperity.

Indeed, the Coast Guard’s combination of broad authorities and complementary capabilities squarely align with the Administration’s priorities, and I am proud of the return on investment your Coast Guard delivers on an annual basis.

I appreciate the unwavering support of this Subcommittee to address our most pressing needs. I will continue working with Secretary Kelly, the Administration, and this Congress to preserve momentum for our existing acquisition programs and employ risk-based decisions to balance readiness, modernization, and force structure with the evolving demands of the 21st century.

Appropriately positioned in DHS, the Coast Guard is a military Service and a branch of the Armed Forces of the United States at all times.1 We are also an important part of the modern Joint Force,2 and a force multiplier for the Department of Defense (DoD). I am proud of our enduring defense contributions to Combatant Commanders around the globe.

In addition to the six cutters operating as part of Patrol Forces Southwest Asia (PATFORSWA) since 2003, other defense operations include:

  • Port Security Units (PSUs) support Combatant Commanders with 24-hour protection of vessels, waterways, and port facilities. These specialized teams have deployed almost continuously to strategic ports in Kuwait and in Guantanamo Bay, Cuba, since 2002.
  • Deployable Specialized Forces Advanced Interdiction Teams support U. S. Central Command (CENTCOM) vessel board, search, and seizure operations.
  • Aircrews perform rotary-wing air intercept operations in support of the North American Aerospace Defense Command (NORAD). Specially trained aviators intercept aircraft that enter restricted airspace in the National Capital Region and during National Security Special Events around the country.
  • Assets and personnel deploy worldwide in support of defense operations and fully participate in major international exercises. As the Coast Guard is similar in size, composition, and missions to most of the world’s navies, we are a frequent engagement partner of choice to support Combatant Commander goals.

Like the other military Services, the Coast Guard supports all efforts to rebuild the Armed Forces.

Secretary Kelly leads the Department’s efforts to secure our borders, and the Administration’s strategy “to deploy all lawful means to secure the Nation’s southern border…”3 relies on the Coast Guard supporting a comprehensive security strategy. The Coast Guard protects the maritime border – not just here at home, but also off the coast of South and Central America. As Secretary Kelly has stated, “…the defense of the southwest border really starts about 1,500 miles south…”4

We continue to face a significant threat from TCOs, and the Coast Guard is positioned to attack these criminal networks where they are most vulnerable, at sea. We leverage over 40 international maritime law enforcement bilateral agreements to enable partner nation interdictions and prosecutions, and employ a robust interdiction package to seize multi-ton loads of drugs at sea before they can be broken down into small quantities ashore.

In close collaboration with partner Nations and agencies, the Coast Guard works to engage threats as far from U.S. shores as possible. In 2016, Coast Guard and partner agencies interdicted more cocaine at sea than was removed at the land border and across the entire nation by all federal, state and local law enforcement agencies – combined. A service record 201.3 metric tons of cocaine (7.1% of estimated flow)5 was removed from the western transit zone, 585 smugglers were detained, and 156 cases were referred for prosecution.

Coast Guard readiness relies on the ability to simultaneously execute our full suite of missions and sustain support to Combatant Commanders, while also being ready to respond to contingencies. Your Coast Guard prides itself on being Semper Paratus – Always Ready, and predictable and sufficient funding is necessary to maintain this readiness in the future. Prudence also demands we continue investing in a modernized Coast Guard. Indeed, recapitalization remains my highest priority, and today’s activities will shape our Coast Guard and impact national security for decades. Your support has helped us make tremendous progress, and it is critical we build upon our successes to field assets that meet cost, performance, and schedule milestones. I am encouraged by our progress to date.

In 2016, we awarded a contract to complete build out of our fleet of 58 Fast Response Cutters – at an affordable price – and the last four ships (numbers 19 through 22) were delivered by Bollinger Shipyards with zero discrepancies. In September, we achieved a monumental goal with the award of a contract for Detail Design and Construction of the Offshore Patrol Cutter (OPC). These cutters will eventually comprise 70 percent of Coast Guard surface presence in the offshore zone. OPCs will provide the tools to more effectively enforce federal laws, secure our maritime borders by interdicting threats before they arrive on our shores, disrupt TCOs, and respond to 21st century threats. With the continued support of the Administration and Congress, we anticipate ordering long lead time material for the first OPC later this year, and plan for its delivery in 2021.

We also generated momentum to build new polar icebreakers. In July of last year, we made a commitment to partner with the Navy to establish an Integrated Program Office to acquire new heavy icebreakers. This approach leverages the expertise of both organizations and is delivering results. The recent award of multiple Industry Studies contracts – a concept the Navy has utilized in previous shipbuilding acquisitions to drive affordability and reduce schedule and technical risk – is an example of the positive results of this partnership. We will continue refining the system specification and prepare to release a request for proposal for Detail Design and Construction in FY 2018.

We are also making progress with unmanned aerial systems. A recent small Unmanned Aerial System (sUAS) proof of concept aboard a National Security Cutter (NSC) validated this capability and will enhance the effectiveness of these cutters. In its inaugural month underway, STRATTON's sUAS flew 191 flight hours, providing real-time surveillance and detection imagery for the cutter, and assisting the embarked helicopter and law enforcement teams with the interdiction or disruption of four go-fast vessels carrying more than 5,000 pounds of contraband. In addition, we are exploring options to build a land-based UAS program that will improve domain awareness and increase the cued intelligence our surface assets rely upon to close illicit pathways in the maritime transit zone. While long-term requirements are being finalized, I can fully employ a squadron of six platforms outfitted with marine-capable sensors now and am moving out to field this much-needed capability.

In addition to the focus on recapitalizing our surface and aviation fleets, we are also mindful of the condition of our shore infrastructure. Investments in shore infrastructure are also critical to modernizing the Coast Guard and equipping our workforce with the facilities they require to meet mission.

America’s economic prosperity is reliant on the safe, secure, and efficient flow of cargo through the Maritime Transportation System (MTS), which sees $4.5 trillion of economic activity annually. The Nation’s maritime industry and the MTS face many challenges, including growing demands, a global industry-driven need to reduce shipping’s environmental footprint, and the ever-increasing complexity of systems and technology.

Coast Guard marine safety programs employ our unique capabilities to ensure a safe, secure, and environmentally sound MTS. We do this by developing risk-based standards, training and employing a specialized workforce, and conducting investigations into accidents and violations of laws so standards can be improved. We are mindful of the need to facilitate commerce, not impede it, and remain committed to our prevention missions.

While readiness and modernization investments will improve current mission performance, the right force is central to success. I am incredibly proud of our 88,000 active duty, reserve, civil service, and auxiliary members. I am working aggressively to validate a transparent and repeatable model to identify the appropriate force structure required for the Coast Guard to simultaneously respond to global, national, and regional events.

Funding 21st century Coast Guard platforms and people is a smart investment, even in this challenging fiscal environment. Modern assets bring exceptional capability, but our greatest strength will always be our people. Coast Guard operations require a capable, proficient, and resilient workforce that draws upon the broad range of skills, talents, and experiences found in the American population. Together, modern platforms and a strong, resilient workforce will maximize the Coast Guard’s capacity to meet future challenges.

History has proven that a responsive, capable, and agile Coast Guard is an indispensable instrument of national security. With the continued support of the Administration and Congress, the Coast Guard will continue to live up to our motto. We will be Semper Paratus – Always Ready. Thank you for the opportunity to testify before you today and for all you do for the men and women of the Coast Guard. I look forward to your questions.


1 14 USC § 1.
2 In addition to the Coast Guard’s status as an Armed Force (10 U.S.C. § 101), see also Memorandum of Agreement Between the Department of Defense and the Department of Homeland Security on the Use of Coast Guard Capabilities and Resources in Support of the National Military Strategy, 02 May 2008, as amended 18 May 2010.
3 Executive Order on Border Security and Immigration Enforcement Improvements, 25 January 2017.
4 Secretary Kelly Hearing Testimony, “Ending the Crisis: America’s Borders and the Path to Security” before the House Homeland Security Full Committee and Subcommittee on Border and Maritime Security Joint Hearing on America’s Borders, Panel 1, 07 February 2017.
5 [US Department of Homeland Security, Office of Inspector General, Review of U.S. Coast Guard’s Fiscal Year 2016 Drug Control Performance Summary, OIG Report, OIG-17-33, February 1, 2017. ]

 

03/21/2017   Department of Homeland Security
Release Date: 
March 21, 2017

UPDATED: March 24, 2017 5:00 p.m. EST
Office of the Press Secretary
Contact: 202-282-8010

Q1: Why is the U.S. Government taking these steps now? Are these new policies in response to a specific terrorist threat or plot?

A1: The U.S. Government is concerned about terrorists' ongoing interest in targeting commercial aviation, including transportation hubs over the past two years, as evidenced by the 2015 airliner downing in Egypt, the 2016 attempted airliner downing in Somalia, and the 2016 armed attacks against airports in Brussels and Istanbul. Evaluated intelligence indicates that terrorist groups continue to target commercial aviation, to include smuggling explosive devices in various consumer items.

Based on this trend, the Transportation Security Administration (TSA), in consultation with relevant Departments and Agencies, has determined it is prudent to enhance security, to include airport security procedures for passengers at certain last point of departure airports to the United States. These enhancements include more stringent measures applied to 10 specific airports.

The enhancement in security will require that all personal electronic devices (PEDs) larger than a cell phone or smart phone be placed in checked baggage. These items will no longer be allowed to be carried onto aircraft at 10 select airports where flights are departing for the United States. Approved medical devices may be brought into the cabin after additional screening.

This security enhancement will be implemented through a Security Directive (SD)/Emergency Amendment (EA) process, which includes industry notification, to affected air carriers that will implement the requirements.

Q2: Why is DHS/TSA doing this now?

A2: The Department of Homeland Security, in close cooperation with our intelligence community partners, continuously assesses and evaluates the threat environment. While a number of existing security measures remain in place, others will be modified, as deemed necessary to protect travelers. DHS will continue to adjust its security measures to ensure the highest levels of aviation security without unnecessary disruption to travelers.

Q3: Is there a specific or credible threat to aviation?

A3: We have reason to be concerned about attempts by terrorist groups to circumvent aviation security and terrorist groups continue to target aviation interests. Implementing additional security measures enhances our ability to mitigate further attempts against the overseas aviation industry.

Q4: Did new intelligence drive a decision to modify security procedures?

A4: Yes, intelligence is one aspect of every security-related decision. The record of terrorist attempts to destroy aircraft in flight is longstanding and well-known. We continually re-assess old intelligence and collect new intelligence.

Q5: How did you select these airports and which ones are affected?

A5: DHS, in close cooperation with our intelligence community partners, selected these airports based on the current threat picture. The affected overseas airports are: Queen Alia International Airport (AMM), Cairo International Airport (CAI), Ataturk International Airport (IST), King Abdul-Aziz International Airport (JED), King Khalid International Airport (RUH), Kuwait International Airport (KWI), Mohammed V Airport (CMN), Hamad International Airport (DOH), Dubai International Airport (DXB), and Abu Dhabi International Airport (AUH).

Q6: Could more airports be added in the future, and might some of those be in the U.S.?

A6: As threats change, so too will TSA’s security requirements.

Q7: How long will these new procedures remain in place?

A7: The new procedures remain in place until the threat changes. These are risk-based decisions and TSA continuously assesses security risks and seeks to balance necessary security requirements with their operational impact on the industry.

Q8: Why won’t these procedures continue indefinitely, like the prohibition on bringing liquids through security screening?

A8: See above.

Q9: How are you defining, “larger than a smart phone?”

A9: The size and shape of smart phones varies by brand. Smartphones are commonly available around the world and their size is well understood by most passengers who fly internationally. Please check with your airline if you are not sure whether your smartphone is impacted.

Q10: Why does this only apply to large electronic devices? Why doesn’t this apply to mobile phones?

A10: TSA seeks to balance risk with impacts to the traveling public and has determined that cell phones and smart phones will be allowed in accessible property at this time.

Q11: Is air travel safe?

A11: Yes. Today, all air travelers are subject to a robust security system that employs multiple layers of security, both seen and unseen, including:

  • Intelligence gathering and analysis
  • Cross-checking passenger manifests against watchlists
  • Thorough screening at checkpoints
  • Random canine team screening at airports
  • Reinforced cockpit doors
  • Federal air marshals
  • Armed pilots
  • A vigilant public

In combination, these layers provide enhanced security creating a much stronger and protected transportation system for the traveling public. TSA continually assesses and evaluates the current threat environment and adjusts security measures as necessary to ensure the highest levels of aviation security without unnecessary disruption to travelers.

Q12: How will TSA ensure foreign airports and air carriers are complying with the new procedures?

A12: TSA conducts assessments of foreign airports and inspections of airlines to ensure all U.S. regulations and International security standards are being met at last point of departures to the United States. TSA directly assesses the security posture of last points of departure airports under the Foreign Airport Assessment Program (FAAP) and evaluates the implementation of the internationally recognized International Civil Aviation Organization (ICAO) standards. TSA also utilizes its regulatory authorities over the air carriers which serve the United States to implement enhanced security measures at foreign locations. As an element of each air carrier’s legally binding approval to operate to and from the United States, the airline agrees to meet all security requirements stipulated by TSA.

Q13: How does this affect the American public, either those traveling to/from these selected airports and those flying within the U.S.?

A13: All passengers flying through and from these locations will have to place electronic devices that are larger than a cell phone/smart phone in their checked bags regardless of the passenger’s citizenship.

Q14: Will the security procedures continue to apply to both international and domestic passengers?

A14: This applies to all passengers traveling from 10 specific airports overseas.

Q15: Why are you only implementing these measures overseas, could the same tactics be used domestically?

A15: Electronic devices will still be allowed on all flights originating in the United States. Security procedures, both seen and unseen, are in place to mitigate the risk to flights in the United States.

Q16: Does TSA have to hire additional officers, or transfer some to the affected airports, to ensure the new screening procedures are followed?

A16: No additional TSA personnel are needed because TSA does not conduct screening at airports outside the United Sates.

Q17: Are the security measures introduced on July 2, 2014 still in place?

A17: A number of those implemented security measures remain in place while others may be modified as deemed necessary to protect travelers. Since July 2, 2014, a number of foreign governments have themselves enhanced aviation security, buttressing and replacing our own measures at these airports when it became routine at overseas airports for security officials to ask some passengers to turn on their electronic devices, including cell phones, before boarding flights to the United States.

Q18: How many flights does this affect?

A18: This will only impact flights from 10 of the more than 250 airports that serve as last points of departure to the United States. This will only impact a small percentage of flights to the United States. The exact number of flights will vary on a day to day basis.

Q19: How many passengers will be affected?

A19: These measures will apply to all passengers on flights from the 10 last points of departure airports, a small fraction of passengers traveling to the United States by air each day.

Q20: Will this affect passengers enrolled in trusted traveler programs?

A20: These measures will apply to all passengers on flights from certain locations regardless of trusted traveler status.

Q21: What do you recommend passengers do if they are flying out of one of the last point of departure airports?

A21: Passengers should pack large personal electronic devices in checked bags and contact their air carrier with additional questions.

Q22: How will this affect the screening process at the airport?

A22: Generally, passengers will be instructed to place large electronic devices in their checked bags when traveling from one of the last point of departure airports. We provided guidance to the airlines who will determine how to implement and inform their passengers.

Q23: How will this affect passengers with connections?

A23: TSA recommends passengers transferring at one of the 10 affected airports place any large personal electronic devices in their checked bags upon check-in at their originating airport.

Q24: Can you provide any examples of recent terrorist plotting against the aviation sector? Please highlight the trend you’re concerned about.

A24: Although the U.S. has instituted robust aviation security measures since 9/11, our information indicates that terrorist groups’ efforts to execute an attack against the aviation sector are intensifying given that aviation attacks provide an opportunity to cause mass casualties and inflict significant economic damage, as well as generate overwhelming media coverage.

We note that disseminated propaganda from various terrorist groups is encouraging attacks on aviation, to include tactics to circumvent aviation security. Terrorist propaganda has highlighted the attacks against aircraft in Egypt with a soda can packed with explosives in October 2015, and in Somalia using an explosives-laden laptop in February 2016.

Terrorists have historically tried to hide explosives in shoes in 2001, use liquid explosives in 2006, and conceal explosives in printers in 2010 and suicide devices in underwear in 2009 and 2012. Within the last year, we have also seen attacks conducted at airports to include in Brussels and Istanbul.

Q25: How were these countries informed?

A25: USG officials coordinated with their foreign counterparts to inform them of the changing threat. TSA has a formal process for notifying airlines through the EA/SD process. This process was used to notify affected airlines of the needed changes.

Q26: How will this be implemented?

A26: The Airlines will have 96 hours to implement. The manner of an EA/SD is to tell an airline the end result required (no electronic devices larger than a cell phone allowed in the cabin) and allow them the flexibility to implement within their business model.

Q27: Will U.S. direct hires/diplomats posted in these countries be told to take other routes/airlines?

A27: No. U.S. government employees in the affected countries have the option, but are not required, to modify their travel routes. The new routes must comply with all U.S. government travel regulations.

Q28: Will this apply to flights departure to affected countries?

A28: No. At this time, evaluated intelligence says that the threat exists at the 10 last point of departure airports.

Q29: Does this start tomorrow?

A29: Airlines were notified on March 21st at 3:00 a.m. EDT. They have 96 hours within which to comply.

Q30: How long will these enhanced security measures be in effect?

A30: These measures will be in effect indefinitely. However, DHS and TSA continue to evaluate our aviation security processes and policies based on the most recent intelligence.

Q31: What will happen to my checked bag with my electronic devices once I land in the United States?

A31: TSA will increase explosives detection screening of passenger luggage on select international inbound flights upon domestic arrival. The screening will occur prior to releasing the luggage back to passengers. It is possible that this process may result in delays for connecting luggage.

Q32: Once I arrive in the U.S. and retrieve my bag, what if I miss my connecting flight to my final U.S. destination?

A32: Contact your connecting airline on how best to rebook to your final U.S. destination. Additionally, consider contacting your airline prior to your flight to inquire about your connection time.

Q33:  What U.S. domestic airports will be impacted?

A33: Atlanta (ATL), Boston (BOS), Chicago O’Hare (ORD), Dallas-Ft. Worth (DFW), Ft. Lauderdale (FLL), Houston Intercontinental (IAH), Los Angeles (LAX), Miami (MIA), Orlando (MCO), New York Kennedy (JFK), Philadelphia (PHL), San Francisco (SFO), Seattle-Tacoma (SEA), and Washington Dulles (IAD).

Q34: What do I do if my electronics are damaged or missing from my baggage when I arrive at my destination?

A34: Regardless of where you are flying to/from or what airline you are flying on, you should always contact your airline if there is an issue with your checked baggage.

Q35:  Are U.S. government employees who are assigned U.S. government laptops also restricted from carrying their laptops in carry-on bags on these flights?

A35: The limits on the size of electronics in carry-on bags apply to all passengers, including U.S. government employees with U.S. government-issued laptops.

Q36: What is the procedure if something screens positive for explosives?

A36: TSA partners with local law enforcement officials at each airport and has protocols in place for proper response when a bag triggers an alarm during screening.

# # #

Topics: 
Air
03/21/2017   Department of Homeland Security
Release Date: 
March 21, 2017

Office of Public Affairs
Contact: 202-282-8010

Overview: Change to international travel carry-on items

Evaluated intelligence indicates that terrorist groups continue to target commercial aviation and are aggressively pursuing innovative methods to undertake their attacks, to include smuggling explosive devices in various consumer items. Based on this information, Secretary of Homeland Security John Kelly and Transportation Security Administration Acting Administrator Huban Gowadia have determined it is necessary to enhance security procedures for passengers at certain last point of departure airports to the United States.

These enhancements apply to 10 specific airports. The affected overseas airports are: Queen Alia International Airport (AMM), Cairo International Airport (CAI), Ataturk International Airport (IST), King Abdul-Aziz International Airport (JED), King Khalid International Airport (RUH), Kuwait International Airport (KWI), Mohammed V Airport (CMN), Hamad International Airport (DOH), Dubai International Airport (DXB), and Abu Dhabi International Airport (AUH).

The aviation security enhancements will include requiring that all personal electronic devices larger than a cell phone or smart phone be placed in checked baggage at 10 airports where flights are departing for the United States.

Impacted International Flights Bound for the United States

These enhanced security measures will only affect flights from 10 of the more than 250 airports that serve as last points of departure to the United States. A small percentage of flights to the United States will be affected, and the exact number of flights will vary on a day to day basis. Airlines will know in advance which flights are affected by these measures

Large Electronic Devices

Electronic devices larger than a cell phone/smart phone will not be allowed to be carried onboard the aircraft in carry-on luggage or other accessible property. Electronic devices that exceed this size limit must be secured in checked luggage. Necessary medical devices will be allowed to remain in a passenger’s possession after they are screened.

The approximate size of a commonly available smartphone is considered to be a guideline for passengers. Examples of large electronic devices that will not be allowed in the cabin on affected flights include, but are not limited to:

  • Laptops
  • Tablets
  • E-Readers
  • Cameras
  • Portable DVD players
  • Electronic game units larger than a smartphone
  • Travel printers/scanners

There is no impact on domestic flights in the United States or flights departing the United States. Electronic devices will continue to be allowed on all flights originating in the United States.

For more information and travel tips, please visit www.TSA.gov.

# # #

Topics: 
Air
03/20/2017   Department of Homeland Security
Release Date: 
March 21, 2017

2123 Rayburn House Office Building

Chairman Murphy, Ranking Member DeGette, and distinguished members:

Thank you for the opportunity to appear before you today to discuss the heroin and fentanyl crisis in the United States and the efforts of U.S. Immigration and Customs Enforcement (ICE) to target, investigate, disrupt, dismantle and bring to justice the criminal elements responsible for the manufacturing, smuggling, and distribution of dangerous opioids.

As the largest investigative agency within the U.S. Department of Homeland Security (DHS), ICE Homeland Security Investigations (HSI) investigates and enforces more than 400 federal criminal statutes to include the Immigration and Nationality Act (Title 8), U.S. customs laws (Title 19), general federal crimes (Title 18), and the Controlled Substances Act (Title 21). HSI special agents use this authority to investigate all types of cross-border criminal activity and work in close coordination with U.S. Customs and Border Protection (CBP) and the Drug Enforcement Administration (DEA) in a unified effort with both domestic and international law enforcement partners, to target Transnational Criminal Organizations (TCOs) that are supplying heroin and fentanyl to the United States.

Today, I would like to highlight our efforts to reduce the supply of heroin and fentanyl to the United States and the operational challenges we encounter.

Introduction to Fentanyl

Before we can discuss illicit fentanyl targeting and supply reduction, we need to understand what fentanyl is and how it is produced.

The United States is in the midst of an illicit fentanyl crisis that is multi-faceted and deadly. Fentanyl is a Schedule II synthetic opioid, used medically for severe pain relief in patients that are already opioid tolerant, and it is 50-100 times more potent than morphine. For reference, as little as two milligrams of pure fentanyl can be fatal. Based on investigations, United States law enforcement has identified two primary sources of the US illicit fentanyl threat: China and Mexico.

China is a global supplier of illicit fentanyl and the precursor chemicals used to manufacture the drug. Additionally, Chinese laboratories openly sell fentanyl, to include fentanyl analogues, and other fentanyl-related substances. In China, criminal chemists work around their government’s control efforts by modifying chemical structures ever so slightly to create substances not recognized as illicit in China but having the same deadly effects. Although there is ongoing collaboration with China, the lack of current Chinese laws that prohibit analogue manufacturing or export is one of the challenges we face in stemming the flow of illicit fentanyl from China.

China-sourced illicit fentanyl is primarily used by counterfeit tableting organizations in Mexico and the United States that focus on supplying people who misuse prescription pain pills. Counterfeit tablet suppliers often purchase powdered fentanyl through the anonymity of the internet and can access open source and dark web marketplaces for the tools needed for manufacturing. Fentanyl, pill presses and binding agents are then shipped into the United States primarily via international mail services and express consignment couriers. Illicit fentanyl products attributed to China are generally unadulterated.

Mexican drug cartels also obtain illicit fentanyl and precursor materials required to manufacture fentanyl-related substances from China and primarily use fentanyl as an adulterant in heroin that is produced in Mexico. The cartels have discovered that manufacturing fentanyl is much more cost effective, efficient, and draws less law enforcement attention than cultivating opium poppies to produce heroin. Because of the potency of fentanyl, only microgram quantities are needed to produce an effect. Fentanyl can be diluted and adulterated with other agents to produce dozens of kilograms of heroin-like substitute and can be added to heroin to create a synergistic effect. The adulterated heroin can sell at the traditional heroin street price or much higher if it is advertised as having a stronger effect. When smuggled adulterated heroin is discovered and seized by law enforcement, it has a much lower cost of replacement to the organization. Fentanyl seized at our Southwest Border Region is typically 5-10 percent in purity with the balance being diluents, such as dipyrone, mannitol or lactose.

Once illicit fentanyl is distributed in local American drug markets, many people who use drugs (whether heroin or prescription pain pills) are unaware of the presence of the more potent fentanyl in their narcotic. As fentanyl used in suspected heroin or counterfeit pills is more potent than the drugs they resemble, it readily leads to overdosing. Alternatively, the improper mixing of fentanyl can easily lead to batches of pills with a higher concentration of fentanyl, what is known as “hot spots”, leading to overdose and death. These batches may then be distributed within a specific geographic area and result in an increased number of overdose occurrences and deaths in that area. This is often how law enforcement learns that fentanyl or an analogue has been introduced into a local drug market.

The addictive nature and demand for opioids paired with the low cost/high potency of fentanyl used in counterfeit opioid production has led TCOs to compete for a portion of the U.S. illicit drug market.

ICE’s Efforts to Reduce the Supply of Fentanyl

In accordance with the President’s February 9, 2017, Executive Order on Enforcing Federal Law with Respect to Transnational Criminal Organizations and Preventing International Trafficking, HSI will be working to reduce the supply of Fentanyl.

Heroin Availability Reduction Plan

In response to the dramatic increase in the availability of opioids, the Office of National Drug Control Policy (ONDCP), in close coordination with Federal departments and agencies, developed the Heroin Availability Reduction Plan (HARP) to reduce the supply of heroin and illicit fentanyl in the United States market through supply chain disruption and in detection and intelligence collection as outlined in the plan’s strategy. ICE has been involved in supporting the HARP since its inception.

Pursuant to the HARP, ICE is targeting supply chain networks, coordinating with domestic and international partners, and providing field training to highlight officer safety, trends, and collaboration benefits.

In support of the detection and analysis effort, ICE is fully engaged with the DEA Special Operations Division (SOD) and the CBP National Targeting Center, to identify shipment routes; targeting parcels that may contain heroin, illicit fentanyl, fentanyl- related substances and manufacturing materials; and fully exploiting financial and investigative analyses.

ICE Lines of Effort

Network Identification

The DEA's Special Operations Division (SOD) Heroin and Fentanyl Task Force (HFTF) is supported by ICE, CBP, DEA, and several other federal agencies. The SOD-led, interagency task force exploits electronic communications to proactively identify, disrupt, and dismantle the production, transportation, and financial networks behind the heroin and illicit fentanyl distribution organizations that impact the United States.

The HFTF focuses on the collaborative authorities and efforts of each invested agency’s resources, in order to better share and deconflict information. The HFTF works together to target international and domestic organizations by proactively working with field office. The taskforce also assists in coordinating and linking investigations from the street level dealer to the international source of supply.

ICE supports field investigations related to heroin and illicit fentanyl and the overdoses that occur as a result of use. ICE and the HFTF are currently coordinating with the Department of Justice’s Organized Crime Drug Enforcement Task Force (OCDETF) Program, its Fusion Center and ONDCP’s High Intensity Drug Trafficking Area (HIDTA) taskforces to exploit communication data and social media information that are associated with reports of overdoses within a geographical area. This is in direct support of the OCDETF National Heroin Strategy. Coordination with OCDETF and HIDTA has proven helpful in multi-jurisdictional investigations and in their successful prosecutions.

HSI special agents actively pursue the financial networks used to sustain the heroin and illicit fentanyl trade. As with sources of supply, the financial methods used by smugglers and traffickers have also adapted with current trends. The wholesalers and end users utilize Money Service Businesses (MSBs), Bank to Bank wire transfers, PayPal, and virtual currencies (such as Bitcoin), to name a few, to successfully finance the supply chain and remit illicit proceeds. ICE continues to engage financial industry partners, specifically MSBs, to better identify the movement of illicit proceeds tied to fentanyl.

ICE recognizes that the private sector represents America’s first line of defense against money laundering. Through our Illicit Finance and Proceeds of Crime Unit (IFPCU), ICE partners with the U.S. financial industry, along with state and federal agencies, to combat financial and trade crimes associated with heroin and fentanyl smuggling and distribution.

In targeting virtual currency transactions of heroin and illicit fentanyl, ICE uses blockchain analysis to track transactions between criminal parties. Blockchain is a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publically. ICE has seen a substantial increase in cases in which private parties are acting as money service businesses to exchange digital currencies into fiat currency to enjoy the illicit proceeds of narcotics smuggling. The IFPCU also utilizes resources provided by the Treasury Executive Office for Asset Forfeiture’s Third-Party Money Laundering Initiative to support complex financial investigations. ICE’s Bulk Cash Smuggling Center also supports investigations through counter money laundering efforts that target TCOs that supply heroin and fentanyl.

The sources, brokers, and U.S. distributors of heroin and illicit fentanyl often communicate via dark web marketplaces, internet chat rooms, Peer to Peer applications, emails, skype, or other means of electronic communication. ICE’s Cyber Division further exploits these methods of communication in furtherance of field initiated criminal investigations. Moving forward, ICE’s Cyber Division will focus on exploiting the digital footprints left by the criminal parties. These exploitations will provide additional investigative avenues and exponentially increase targetable data points.

ICE has seen heroin and illicit fentanyl supply chains that are not only engaged in the importation of raw powder from foreign sources and counterfeit pills but also in the importation of the precursor chemicals used to produce finished product in the United States. The flow continues to transit through postal systems, express consignment couriers, and land borders. The finished product appearance can vary based on demand and the target market. In addition to the chemicals and/or binding agents, regional distributors often procure pill making implements (pill presses, fillers, cleaners and dyes) to effectively produce finished product clandestinely. ICE currently works with DEA, CBP, and United States Postal Inspection Service (USPIS) to target and investigate these precursor and manufacturing imports.

Support to CBP Targeting and Interdiction

Every day, CBP’s National Targeting Center (NTC) works quickly and quietly to identify people and products that pose potential threats to our nation’s security, and to stop them from entering the United States. The NTC employs highly skilled targeting specialists using state-of-the-art technologies to identify high-risk people and cargo in the air, land, and sea environments that enter and leave the United States. The NTC carefully targets and coordinates examination of shipments and travelers who may be associated to transnational criminal organizations and/or the smuggling of heroin and fentanyl.

ICE participates at CBP’s NTC through the National Targeting Center – Investigations (NTC-I) program, which leverages intelligence gathered during ICE investigations and exploits it using CBP holdings to target the flow of drugs into the United States. The NTC-I works to share information between CBP and ICE entities world-wide.

NTC-I conducts post seizure analysis based on ICE seizures in the field and CBP seizures at the ports of entry. The analysis is critical to identifying networks that transport heroin and illicit fentanyl-related substances into and throughout the United States. A key component of the post seizure analysis is the financial investigation. The NTC-I focuses on the financial element of the smuggling organization by exploiting information gathered from multiple financial databases.

The NTC-I works closely with CBP to target illicit shipments imported into the United States from abroad for interdiction at international mail facilities. CBP works to target parcels based on numerous characteristics and provides investigative information on past seizures and active smuggling networks to aid in the targeting effort. Partnering with express consignment couriers has proven valuable in identifying additional data sets for targeting and exploitation.

The recent partnership and consistent collaboration between ICE, CBP, USPIS, and DEA has greatly contributed to the success in combatting illicit shipments of heroin and fentanyl-related substances. Sources in China frequently utilize the international mail services to ship fentanyl in small parcels to avoid detection by CBP. The NTC-I leverages the working relationship with USPIS target these shipments for interdiction at U.S. airport hubs and local post offices. The NTC-I has been instrumental in coordinating interdiction and extended border searches on illicit fentanyl-related shipments leading to multiple seizures in the United States and abroad.

International Partners and Cooperation

ICE works closely with our domestic and international law enforcement partners to disrupt and dismantle transnational criminal organizations.

ICE, in support of DEA and the Department of State, has met with law enforcement counterparts from China, Mexico, and South American countries for the purposes of sharing targeting information regarding known sources of heroin, illicit fentanyl, and precursor supply, for interdiction and effective organization dismantlement.

We have traveled with DEA and CBP to China in pursuit of the successful identification and nomination of fentanyl Consolidated Priority Organization Targets (CPOTs) on several occasions, have hosted China counterparts in the United States at the Special Operations Division, and will return to China for continued coordination in April.

CPOT is the command and control element of a major transnational criminal organization and/or money laundering enterprise that significantly impacts the United States illicit drug supply and is designated by the Attorney General and Organized Crime Drug Enforcement Task Force (OCDETF) member agencies. CPOTs represent the “most wanted” transnational criminal and money laundering organizations.

The successful identification and nominations of heroin and illicit fentanyl CPOT targets provide a first step into the designation of fentanyl “kingpins” under the Foreign Narcotics Kingpin Designation Act, and the ultimate imposition of economic sanctions against CPOTs and their business networks through the Department of Treasury’s Office of Foreign Assets Control (OFAC).

ICE has also met with Canadian officials to share trends and targeting strategy in fentanyl-related investigations. Like the United States, our Canadian counterparts have expressed that a fentanyl crisis is also occurring within Canada. ICE has traveled with DEA to Canada on at least three (3) occasions to compare heroin and fentanyl trends, case models, and known targetable data sources. Further, command and control structures, communications, distribution routes, and the logistical movement of fentanyl-related shipments have been shared.

Officer Safety

Illicit fentanyl is not only dangerous for people who use drugs, but for law enforcement, public health workers and first responders who could unknowingly come into contact with it in its different forms. Working dogs are also at risk of exposure.

Law enforcement is presented with several challenges when dealing with fentanyl. Accidentally inhaling the substance during law enforcement activity or during field testing of the substance is one of the biggest dangers with fentanyl. A secondary safety threat, the absorption through the skin, may also produce a response; however, severity of skin absorption for most forms of illicit fentanyl is debated in the scientific and medical communities. In either exposure case adverse health effects can include disorientation, coughing, sedation, respiratory distress or cardiac arrest

Field testing proves to be difficult, because fentanyl is not one of the classic drugs that are familiar to law enforcement. Undercover activities and controlled purchases are also risky, as many regional distributors themselves are unaware of the presence of fentanyl in their heroin product. This leads narcotics officers to believe they are conducting a controlled purchase of heroin or cocaine, when in fact, they may be purchasing illicit fentanyl. Additionally, delays in laboratory testing due to drug seizure volumes are also problematic in quickly identifying fentanyl.

Naloxone is an antidote for opioid overdoses, including those caused by fentanyl. When quickly and properly administered, it can restore normal breathing and consciousness to individuals experiencing an opioid overdose/accidental exposure.

ICE is currently in the process of obtaining and distributing naloxone kits and other Personal Protective Equipment (PPE) to trained special agents in order to prevent fentanyl overdose exposure to law enforcement and is working to develop interim guidance and policy on the handling and transporting of fentanyl evidence.

Conclusion

Thank you again for the opportunity to appear before you today and for your continued support of ICE and its law enforcement mission. ICE is committed to battling the U.S. heroin and illicit fentanyl crisis through the various efforts I have discussed today. I would like to reiterate that this problem set is an epidemic that demands urgent and immediate action across law enforcement interagency lines in conjunction with experts in the scientific, medical, and public health communities. I appreciate your interest in this important issue and look forward to your questions.

03/20/2017   Wired Security
The FBI Has Been Investigating Trump’s Russia Ties Since July
Breaking with DOJ tradition, Comey makes official the Russia investigation Trump has long decried as "fake news." The post The FBI Has Been Investigating Trump's Russia Ties Since July appeared first on WIRED.
03/20/2017   Department of Homeland Security
Release Date: 
March 20, 2017

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

WASHINGTON – The Department of Homeland Security today issued the U.S. Immigration and Customs Enforcement (ICE) Declined Detainer Outcome Report required by President Donald J. Trump’s Executive Order, Enhancing Public Safety in the Interior of the United States, signed on January 25.  This report will be issued weekly to highlight jurisdictions that choose not to cooperate with ICE detainers or requests for notification, therefore potentially endangering Americans. ICE places detainers on aliens who have been arrested on local criminal charges or who are in local custody and for whom ICE possesses probable cause to believe that they are removable from the United States, so that ICE can take custody of the alien when he or she is released from local custody.

“When law enforcement agencies fail to honor immigration detainers and release serious criminal offenders, it undermines ICE’s ability to protect the public safety and carry out its mission,” said Acting ICE Director Thomas Homan. “Our goal is to build cooperative, respectful relationships with our law enforcement partners. We will continue collaborating with them to help ensure that illegal aliens who may pose a threat to our communities are not released onto the streets to potentially harm individuals living within our communities.”

The Declined Detainer Outcome Report is a weekly report that lists the jurisdictions that have declined to honor ICE detainers or requests for notification and includes examples of criminal charges associated with those released aliens. The report provides information on declined detainers and requests for notification for that reporting period. A jurisdiction’s appearance on this report is not an exclusive factor in determining a jurisdiction’s level of cooperation with ICE. This report is intended to provide the public with information regarding criminal actions committed by aliens and any jurisdiction that ignores or otherwise failed to honor any detainers or requests for notification with respect to such aliens.

Related Materials:

# # #
 

 

03/20/2017   Department of Homeland Security
Release Date: 
March 20, 2017

Q: What is a detainer?

A: U.S. Immigration and Customs Enforcement (ICE) issues detainers to federal, state, and local law enforcement agencies to provide notice of its intent to assume custody of a removable alien detained in federal, state, or local custody.  A detainer requests that the law enforcement agency notify ICE as early as practicable—ideally at least 48 hours—before a removable alien is released from criminal custody and briefly maintain custody of the alien for up to 48 hours to allow DHS to assume custody for removal purposes.

Q: What is a declined detainer?

A: When law enforcement agencies fail to honor immigration detainers and release a criminal alien onto the streets, they have declined an ICE detainer. This undermines ICE’s ability to protect public safety and carry out its mission. Federal immigration laws authorize DHS to issue detainers and provide ICE broad authority to detain removable aliens.

Q: How is an individual placed under a detainer?

A: When an individual is booked into custody by a law enforcement agency, his or her biometric data is automatically routed through federal databases to the FBI.  The FBI shares this information with ICE. If ICE has probable cause to suspect the individual is a removable alien, ICE sends a detainer to the law enforcement agency.

Q: Why is ICE providing these reports now?

A: The president’s Executive Order 13768, Enhancing Public Safety in the Interior of the United States, and DHS Secretary Kelly’s memorandum on the implementation of the same, instructs the ICE Director to make this report public.

Q: Why do some jurisdictions ignore detainers?

A: In some cases, state or local laws, ordinances, or policies restrict or prohibit cooperation with ICE.  In other cases, jurisdictions choose to willfully decline ICE detainers and release criminals back into the community.  The results in both cases are the same: aliens released onto the streets to potentially reoffend or harm individuals living within our communities.

Q: Why should the public care if jurisdictions don’t observe ICE detainers?

A: If jurisdictions do not honor ICE detainers, criminals are released into communities, where they can commit more crimes and are subject to at-large arrests which may be disruptive to communities. Three examples of criminal aliens who are subject to removal but were released despite the issuance of an active detainer within the last few months follow; all have been re-arrested and are currently in custody:

  • Milton Berrera-Lopez was released from local custody when a detainer lodged with Philadelphia authorities was not honored. The Guatemalan national has a previous conviction for two counts of indecent exposure involving minors.
  • Estivan Rafael Marques Velasquez, a self-admitted MS-13 gang member, was released from New York City custody with an active ICE detainer in place. The Salvadoran national has a criminal history in the United States which includes reckless endangerment in the second degree, criminal possession of a weapon in the fourth degree, and disorderly conduct.
  • Ramon Aguirre Ochoa was deported in May 2009. In 2015, he was arrested on domestic aggravated assault charges in Philadelphia. The charges were dismissed, despite ICE filing a detainer to take custody and remove him from the country again. Philadelphia ignored that detainer and released Aguirre Ochoa back into the community. He was arrested again in Philadelphia on July 26, 2016, and charged with involuntary sexual intercourse, unlawful contact with a minor, unlawful restraint, false imprisonment, indecent assault on person less than 13, indecent exposure, and simple assault.

Q: Does ICE still work with jurisdictions that do not observe detainers on other law enforcement actions?

A: Yes. ICE is committed to maintaining and strengthening its relationships with local law enforcement. ICE continues to collaborate with all law enforcement agencies to help ensure that individuals who may pose a threat to our communities are not released onto the streets to potentially reoffend and harm individuals living within our communities.

Q: Where does the list come from?

A: ICE maintains records for each detainer or request for notification that is issued and updates those records when a detainer or request for notification is declined. The list is generated from this data.

Q: Why is the public safer when jurisdictions honor ICE detainers?

A: When criminal aliens are released from local or state custody, they have the opportunity to reoffend. There are also many risks and uncertainties involved when apprehending dangerous criminal aliens at-large in the community. It takes careful planning and extensive resources to mitigate those risks and make a safe apprehension in a community setting. It is much safer for everyone—the community, law enforcement, and even the criminal alien—if ICE officers take custody of the alien in the controlled environment of another law enforcement agency as opposed to visiting a reported alien’s residence, place of work, or other public area.

Q: What is ICE’s overall mission? Why do they want the detainers enforced?

A: ICE is committed to using its unique enforcement authorities and available resources and tools to promote national security, uphold public safety, and preserve the integrity of our immigration system. The use of detainers is an efficient, effective and safe means to carry out ICE’s mission.

Q: Are detainers placed on random criminal aliens?

A: ICE places detainers on individuals whom ICE has probable cause to suspect are removable aliens in state and local law enforcement agency custody on criminal charges.

Q: Are the jurisdictions or agencies on this list considered sanctuary locations?

A: The Declined Detainer Outcome Report (DDOR) is intended to provide the public with information regarding criminal actions committed by aliens and any jurisdiction that ignores or otherwise failed to honor any detainers or requests for information with respect to such aliens.  As set forth in Executive Order 13768, Enhancing Public Safety in the Interior of the United States, the Secretary has the authority to designate, in his discretion and to the extent consistent with law, a jurisdiction as a sanctuary jurisdiction.  The Department of Homeland Security (DHS) continues to evaluate the appropriate criteria for such designation. 

Q: How does the report inform the decision on whether a location is a sanctuary jurisdiction?

A: The president’s Executive Order, Enhancing Public Safety in the Interior of the United States, requires publication of this report. The report lists locations that have ignored or otherwise failed to honor an immigration detainer or request for notification. As set forth in the Executive Order, the Secretary has the authority to designate, in his discretion and to the extent consistent with law, a jurisdiction as a sanctuary jurisdiction.  DHS continues to evaluate the appropriate criteria for such designation. 

Q: My jurisdiction is on the Declined Detainer Outcome Report.  Will we lose our federal funding? What federal funding might my jurisdiction lose? For example, if a natural disaster occurs, will we receive federal assistance?

A: The DDOR is intended to provide the public with information regarding criminal actions committed by aliens and any jurisdiction that ignores or otherwise failed to honor any detainers or requests for notification with respect to such aliens. ICE does not administer grants, and inclusion on the DDOR will not automatically result in ineligibility for grants.  Section 9(a) of the Executive Order recognizes the authority of the Attorney General and the Secretary of Homeland Security, in their discretion and consistent with law, to ensure that jurisdictions that willfully refuse to comply with 8 USC § 1373 are not eligible to receive federal grants, except as deemed necessary for law enforcement purposes by the Attorney General or the Secretary.  DHS is currently working to develop a process, in coordination with the Department of Justice and other interagency partners, to address this requirement of the EO.

Q: Does this report include Requests for Notification (I-247N)? If so, why?

A: Yes. The Request for Voluntary Notification (Form I-247N) is one of the tools ICE has used to notify law enforcement agencies of its interest in taking custody of an alien in state or local custody. The declination of Requests for Voluntary Notification also result in the release of criminal aliens, which provides an unnecessary risk to public and officer safety as ICE personnel are forced to arrest such aliens in an at-large setting.  Although this report includes information relating to Form I-247N, DHS will be replacing Forms I-247D, I-247N, and I-247X in the near future.  Information related to the superseding detainer form and its predecessors will be documented and reported by ICE going forward. Until fully vetted, reviewed, and approved, ICE will utilize the existing detainer and notification forms as an interim measure.

Q: This report notes that it may reflect instances in which a law enforcement agency may have provided notification to ICE in advance of an alien’s release, but where the LEA did not provide “sufficient advance notification” for ICE to arrange the transfer of custody prior to release due to geographic limitations, response times, or other logistical reasons.  What is sufficient advance notification?

A: Lack of sufficient advance notification is based on the judgment of immigration officers, taking into consideration geographic limitations, response times, and other local logistical details. Advance notification is sufficient when ICE is given enough time to mobilize its resources to effectuate a safe transfer into ICE custody.  Sufficient advance notice is a commonly understood standard for law enforcement jurisdictions working closely together.

Q: How many of these instances were included in this report for my jurisdictions?  Please provide the details of these instances and why ICE thought they did not have sufficient advance notification.

A: Detainers and Requests for Notification are not honored for a variety of reasons, as noted in the Declined Detainer Outcomes Report. ICE documents non-honored Detainers and Requests for Notification once discovered by ICE personnel during their enforcement activities.  In instances of insufficient notification to ICE, these are generally cases in which the law enforcement agency did not provide ICE with enough time to mobilize its resources to effectuate a safe custody transfer.

Q: Is DHS changing its legal position that ICE detainers are voluntary?

A: DHS has not retreated from its position that detainers serve as a legally-authorized request, upon which a law enforcement agency may rely, to continue to maintain custody of the alien for up to 48 hours so that ICE may assume custody for removal purposes.

Q: The February 21 DHS implementing memorandum on the Executive Orders stated that DHS will eliminate the existing forms (I-247D, I-247N, and I-247X) and replace them with a new form to more effectively communicate with recipient law enforcement agencies.  Why are old forms still being used?  When will they be replaced?

A: DHS is in the process of creating a new detainer form to more effectively communicate with recipient law enforcement agencies. Although this report includes information relating to Form I-247N, DHS will be replacing Forms I-247D, I-247N, and I-247X in the near future.  Information related to the superseding detainer form and its predecessors will be documented and reported by ICE going forward.  Until fully vetted, reviewed, and approved, ICE will utilize the existing detainer and notification forms as an interim measure.

Q: Why are jurisdictions listed here when they are prohibited from honoring detainers based on state laws, binding judicial opinions, or consent decrees limiting detainer compliance?

A: Regardless of the reason for which a jurisdiction does not honor ICE detainers or requests for notification, such action by the jurisdiction nonetheless adversely impacts public safety.  When a jurisdiction declines to honor an ICE detainer or request for notification, a criminal alien is released into the community, where he or she has the opportunity to commit additional crimes, rather than being safely detained and processed for removal by ICE. 

Q: What does “notable criminal activity” mean?  Why aren’t all criminal charges and convictions listed in this report?

A: “Notable criminal activity” documents egregious charges and convictions of the alien for whom a detainer was not honored.  This report includes criminal charges contained in local, state, and federal indexes and recorded in ICE's database.

Q: I have information that contradicts what is on this report.  What is the process for correcting the information on this report?

A: Concerns from the community can be relayed to a local community relations officer who may be contacted via a local ICE field office, which can be found at: https://www.ice.gov/contact/field-offices

Q: Is this report inclusive of all declined detainers?

A: This report is inclusive of declined detainers that were not honored by a law enforcement agency, discovered by ICE personnel during their enforcement activities as not being honored, and documented in ICE systems during the reporting period specified.

Q: Can I get more information about a specific case?

A:   Members of the public may submit requests for information to ICE’s Freedom of Information Act (FOIA) Office.  Each request will be evaluated under the disclosure provisions of FOIA.

# # #

03/20/2017   Department of Homeland Security
Release Date: 
March 20, 2017

Office of Public Affairs
Contact: 202-282-8010

U.S. Immigration and Customs Enforcement (ICE) issues detainers and requests for notification to law enforcement agencies (LEAs) to provide notice of its intent to assume custody of an individual detained in federal, state, or local custody. Detainers are placed on aliens arrested on criminal charges for whom ICE possesses probable cause to believe that they are removable from the United States.

A detainer requests that a LEA notify ICE as early as practicable—ideally at least 48 hours—before a removable alien is released from criminal custody and then briefly maintain custody of the alien for up to 48 hours to allow DHS to assume custody for removal purposes.  A request for notification requests that a LEA notify ICE as early as practicable – ideally at least 48 hours –before a removable alien is released from criminal custody.

These requests are intended to allow a reasonable amount of time for ICE to respond and take custody of the alien. When LEAs fail to honor immigration detainers or requests for notification and release serious criminal offenders, it undermines ICE’s ability to protect public safety and carry out its mission. The Declined Detainer Outcome Report (DDOR), which meets the requirement outlined in the president’s Executive Order, Enhancing Public Safety in the Interior of the United States, is a weekly report that lists the LEAs that declined ICE detainers or requests for notification and includes criminal charges associated with those released aliens.

The DDOR may reflect instances in which the LEA may have technically provided notification to ICE in advance of an alien’s release, but where the LEA did not provide sufficient advance notification for ICE to arrange the transfer of custody prior to release due to geographic limitations, response times, or other logistical reasons. In these instances, ICE records the detainer or request for notification as declined by the LEA.

This report only reflects the data related to the release of criminal aliens that is available to ICE. In uncooperative jurisdictions like Cook County, Illinois, and the City of Philadelphia, ICE is barred from interviewing arrestees in local custody. Therefore, in these communities a large number of criminals who have yet to be encountered by ICE are arrested by local authorities and released in these communities without any notification to ICE.

ICE continues to collaborate with all law enforcement agencies to help ensure that aliens who may pose a threat to our communities are not released onto the streets to potentially reoffend and harm individuals living within our communities. However, in some cases, state or local laws, ordinances or policies restrict or prohibit cooperation with ICE. In other cases, jurisdictions choose to willfully decline ICE detainers or requests for notification and release criminals back into the community.

When criminal aliens are released from local or state custody, they have the opportunity to reoffend. There are also many risks and uncertainties involved when apprehending dangerous criminal aliens at-large in the community. It takes careful planning and extensive resources to mitigate those risks and make a safe apprehension in a community setting. It is much safer for all involved—the community, law enforcement, and even the criminal alien—if ICE officers take custody in the controlled environment of another law enforcement agency.

# # #

03/15/2017   Wired Security
WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser
Web-based vulnerabilities in end-to-end messengers demonstrate why it may be safest to stick with the mobile versions of messaging apps. The post WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser appeared first on WIRED.