Category Archives: Cyber War

Apple vs. FBI, Try the iCloud or iTunes

Posted on by

In all fairness, General Michael Hayden, former head of the NSA actually disagrees with FBI Director James Comey and sides with Apple. The reason is fascinating.

Apple’s formal statement is here.

Zetter – Wired:

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.

Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one?

But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of the court’s decision say this is no different than the controversial backdoor the FBI has been trying to force Apple and other companies to build into their software—except in this case, it’s an after-market backdoor to be used selectively on phones the government is investigating.

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically introduced security features in 2014 to ensure that it would not be able to unlock customer phones and decrypt the data on them; but it turns out it overlooked a loophole in those security features that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apply to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

What Kind of Phone Are We Talking About?

The phone in question is an iPhone 5c running the iOS9 version of Apple’s software. The phone is owned by the San Bernardino Department of Public Health, which gave it to Syed Rizwan Farook, the shooter suspect, to use for work.

What Is the Issue?

Farook created a password to lock his phone, and due to security features built into the software on his device, the FBI can’t unlock the phone and access the data on it using the method it wants to use—a bruteforce password-guessing technique wherein they enter different passcodes repeatedly until they guess the right one—without running the risk that the device will lock them out permanently.

How Would It Do That?

Apple’s operating system uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. As cryptographer Matthew Green explains in a blog post, the user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes and if the result is the correct passcode, the device and data are unlocked.

To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. The number of password tries allowed before this happens is unclear. Apple says on its web site that the data becomes inaccessible after six failed password attempts. The government’s motion to the court (.pdf) says it happens after 10 failed guesses.

The government says it does not know for certain if Farook’s device has the auto-erase feature enabled, but notes in its motion that San Bernardino County gave the device to Farook with it enabled, and the most recent backup of data from his phone to iCloud “showed the function turned on.”

A reasonable person might ask why, if the phone was backing data up to iCloud the government can just get everything it needs from iCloud instead of breaking into the phone. The government did obtain some data backed up to iCloud from the phone, but authorities allege in their court document that he may have disabled iCloud backups at some point. They obtained data backed up to iCloud a month before the shootings, but none closer to the date of the shooting when they say he is most likely to have used the phone to coordinate the attack.

Is This Auto-Erase the Only Security Protection Apple Has in Place?

No. In addition to the auto-erase function, there’s another protection against brute force attacks: time delays. Each time a password is entered on the phone, it takes about 80 milliseconds for the system to process that password and determine if it’s correct. This helps prevent someone from quickly entering a new password to try again, because they can only guess a password every 80 milliseconds. This might not seem like a lot of time, but according to Dan Guido, CEO of Trail of Bits, a company that does extensive consulting on iOS security, it can be prohibitively long depending on the length of the password.

“In terms of cracking passwords, you usually want to crack or attempt to crack hundreds or thousands of them per second. And with 80 milliseconds, you really can only crack eight or nine per second. That’s incredibly slow,” he said in a call to reporters this week.

With a four-digit passcode, he says, there are only about 10,000 different combinations a password-cracker has to try. But with a simple six-digit passcode, there are about one million different combinations a password cracker would have to try to guess the correct one—Apple says would take more than five-and-a-half-years to try all combinations of a six-character alpha-numeric password. The iOS9 software, which appears to be the software on the San Bernardino phone, asks you to create a six-digit password by default, though you can change this requirement to four digits if you want a shorter one.

Later models of phones use a different chip than the iPhone 5c and have what’s called a “secure enclave” that adds even more time delays to the password-guessing process. Guido describes the secure enclave as a “separate computer inside the iPhone that brokers access to encryption keys” increasing the security of those keys.

With the secure enclave, after each wrong password guess, the amount of time you have to wait before trying another password grows with each try; by the ninth failed password you have to wait an hour before you can enter a tenth password. The government mentioned this in its motion to the court, as if the San Bernardino phone has this added delay. But the iPhone 5c does not have secure enclave on it, so the delay would really only be the usual 80 milliseconds in this case.

Why None of This Is an Issue With Older iPhones

With older versions of Apple’s phone operating system—that is, phones using software prior to iOS8—Apple has the ability to bypass the user’s passcode to unlock the device. It has done so in dozens of cases over the years, pursuant to a court order. But beginning with iOS8, Apple changed this so that it can no longer bypass the user’s passcode.

According to the motion filed by the government in the San Bernardino case, the phone in question is using a later version of Apple’s operating system—which appears to be iOS9. We’re basing this on a statement in the motion that reads: “While Apple has publicized that it has written the software differently with respect to iPhones such as the SUBJECT DEVICE with operating system (“iOS”)9, Apple yet retains the capacity to provide the assistance sought herein that may enable the government to access the SUBJECT DEVICE pursuant to the search warrant.”

The government is referring to the changes that Apple initially made with iOS8, that exist in iOS9 as well. Apple released iOS9 in September 2015, three months before the San Bernardino attacks occurred, so it’s very possible this is indeed the version installed on the San Bernardino phone.

After today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from.

What Does the Government Want?

A lot of people have misconstrued the government’s request and believe it asked the court to order Apple to unlock the phone, as Apple has done in many cases before. But as noted, the particular operating system installed on this phone does not allow Apple to bypass the passcode and unlock the phone. So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Note that even after Apple does all of this, the phone will still be locked, unless the government’s bruteforcing operation works to guess the password. And if Farook kept the iOS9 default requirement for a six-character password, and chose a complex alpha-numeric combination for his password, the FBI might never be able to crack it even with everything it has asked Apple to do.

Apple CEO Tim Cook described the government’s request as “asking Apple to hack our own users and undermine decades of security advancements that protect our customers—including tens of millions of American citizens—from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

What Exactly Is the Loophole You Said the Government Is Exploiting?

The loophole is the fact that Apple even has the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

How Doable Is All of This?

Guido says the government’s request is completely doable and reasonable.

“They have to make a couple of modifications. They have to make it so that the operating system boots inside of a RAM disk…[and] they need to delete a bunch of code—there’s a lot of code that protects the passcode that they just need to trash,” he said.

Making it possible for the government to test passwords with a script instead of typing them in would take a little more effort he says. “[T]hat would require a little bit of extra development time, but again totally possible. Apple can load a new kernel driver that allows you to plug something in over the Thunderbolt port… It wouldn’t be trivial but it wouldn’t be massive.”

Could This Same Technique Be Used to Undermine Newer, More Secure Phones?

There has been some debate online about whether Apple would be able to do this for later phones that have newer chips and the secure enclave. It’s an important question because these are the phones that most users will have in the next one or two years as they replace their old phones. Though the secure enclave has additional security features, Guido says that Apple could indeed also write crippled firmware for the secure enclave that achieves exactly what the FBI is asking for in the San Bernardino case.

“It is absolutely within the realm of possibility for Apple themselves to tamper with a lot of the functionality of the secure enclave. They can’t read the secure private keys out of it, but they can eliminate things like the passcode delay,” he said. “That means the solution that they might implement for the 5c would not port over directly to the 5s, the 6 or the 6s, but they could create a separate solution for [these] that includes basically crippled firmware for the secure enclave.”

If Apple eliminates the added time delays that the secure enclave introduces, then such phones would only have the standard 80-millisecond delay that older phones have.

“It requires more work to do so with the secure enclave. You have to develop more software; you have to test it a lot better,” he said. “There may be some other considerations that Apple has to work around. [But] as far as I can tell, if you issue a software update to the secure enclave, you can eliminate the passcode delay and you can eliminate the other device-erase [security feature]. And once both of those are gone, you can query for passcodes as fast as 80 milliseconds per request.”

What Hope Is There for Your Privacy?

You can create a strong alpha-numeric password for your device that would make bruteforcing it essentially infeasible for the FBI or anyone else. “If you have letters and numbers and it’s six, seven or eight digits long, then the potential combinations there are really too large for anyone to bruteforce,” Guido said.

And What Can Apple Do Going Forward?

Guido says Apple could and should make changes to its system so that what the FBI is asking it to do can’t be done in future models. “There are changes that Apple can make to the secure enclave to further secure their phones,” he said. “For instance, they may be able to require some kind of user confirmation, before that firmware gets updated, by entering their PIN code … or they could burn the secure enclave into the chip as read-only memory and lose the ability to update it [entirely].”

These would prevent Apple in the future from having the ability to either upload crippled firmware to the device without the phone owner’s approval or from uploading new firmware to the secure enclave at all.

“There’s a couple of different options that they have; I think all of them, though, are going to require either a new major version of iOS or new chips on the actual phones,” Guido said. “But for the moment, what you have to fall back on is that it takes 80 milliseconds to try every single password guess. And if you have a complex enough password then you’re safe.”

Is the Ability to Upload Crippled Firmware a Vulnerability Apple Should Have Foreseen?

Guido says no.

“It wasn’t until very recently that companies had to consider: What does it look like if we attack our own customers? What does it look like if we strip out and remove the security mitigations we put in specifically to protect customers?”

He adds: “Apple did all the right things to make sure the iPhone is safe from remote intruders, or people trying to break into the iPhone.… But certainly after today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from. And that’s quite a big shift.” (Great job on this Kim)

 

Beyond the Bluster, Obama Missed a Major Deadline

Posted on by

But Obama did play golf last weekend and it appears he is missing the funeral of Supreme Court Justice Antoine Scalia to play golf?

Last year, the White House held a summit on the matter, any achievements? Nah.

 

It appears that perhaps Obama and his national security team has left the matter up the Tony Blinken at the State Department and the Brookings Institute.

The United States has mobilized countries around the world to disrupt and defeat these threats to our common security—starting with Daesh and al-Qaeda and including Boko Haram, al-Shabaab, AQAP, and a number of other groups. Now, the most visible part of this effort is the battlefield and our increasingly successful effort to destroy Daesh at its core in Iraq and Syria. Working by, with, and through local partners, we have taken back 40 percent of the territory Daesh controlled a year ago in Iraq and 10 percent in Syria—killing senior leaders, destroying thousands of pieces of equipment, all the while applying simultaneous pressure against key chock points and isolating its bases in Mosul and Raqqa. In fact, we assess Daesh’s numbers are the lowest they’ve been since we began monitoring their manpower in 2014.

We have a comprehensive strategy includes training, equipping, and advising our local partners; stabilizing and rebuilding liberated areas; stopping the flow of foreign fighters into and out of Iraq and Syria; cutting off Daesh’s financing and countering its propaganda; providing life-saving humanitarians assistance; and promoting political accommodations so that our military success is sustainable.

In each of these areas, we are making real progress. These hard-fought victories undermine more than Daesh’s fighting force. They erode the narrative it has built of its own success—the perception of which remains one of Daesh’s most effective recruiting tools. For the danger from violent extremism has slipped past war’s frontlines and into the computers and onto the phones of citizens in every corner of the world. Destined to outlive Daesh, this pernicious threat is transforming our security landscape, as individuals are inspired to violent acts from Paris to San Bernardino to Jakarta.

So even as we advance our efforts to defeat Daesh on the frontlines, we know that to be fully effective, we must work to prevent the spread of violent extremism in the first place—to stop the recruitment, radicalization, and mobilization of people, especially young people, to engage in terrorist activities. Read all the comments and remarks here.

White House Misses Deadline to Deliver ISIS Strategy to Congress

Brown: (CNSNews.com)The House Armed Services Committee noted Tuesday that the Obama administration missed their February 15 deadline to deliver a strategy to counter violent extremist groups in the Middle East, such as ISIS and al Qaeda, as required by the National Defense Authorization Act.

Rep. Mac Thornberry (R-Texas), chairman of the House Armed Services Committee, harshly criticized  President Obama’s failure to meet the deadline.

“I fear the President’s failure to deliver this report says far more about the state of his strategy to defeat terrorists than any empty reassurance he may offer from the podium,” Thornberry said in a statement.

“Unsurprisingly, the Administration cannot articulate a strategy for countering violent extremists in the Middle East. Time and again, the President has told us his strategy to defeat extremist groups like ISIS and al Qaeda is well underway,” Thornberry said, “yet, months after the legal requirement was established, his Administration cannot deliver that strategy to Congress.”

Thornberry also outlined the consequences of the administration’s failure, calling it “a lost opportunity” for Congress and the administration to come together for a common approach to respond to the threat.

“The Committee is working now to shape the FY17 National Defense Authorization Act and the Pentagon has already begun requesting authorities our troops need to defeat this enemy. Without a strategy, this amounts to leaving our troops in the wilderness with a compass, but no map,” he wrote.

“Failing to comply with the report deadline represents more than a failure of strategic vision for the White House,” Thornberry emphasized. “It is a lost opportunity for the Administration and Congress to work together on a common approach to face this threat.”

Section 1222 of the National Defense Authorization Act for FY16, signed by President Obama in November, “requires the Secretaries of State and Defense to deliver a strategy for the Middle East and countering violent extremism no later than February 15, 2016” according to Thornberry’s statement.

It also requires the Administration to “lay out a number of elements needed to defeat terrorist groups like ISIS and al Qaeda, including a description of the role the U.S. military will play in such a strategy, a description of the coalition needed to carry out the strategy, and an assessment of efforts to disrupt foreign fighters traveling to Syria and Iraq.”

House Speaker Paul Ryan (R-Wisc.) sent the White House a reminder of the deadline on February 10, citing a recent testimony by Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, that ISIS “will probably attempt to conduct additional attacks in Europe, and attempt to direct attacks on the U.S. homeland in 2016.”

“We are aware of the report and are actively working with multiple interagency offices to complete this legal requirement per the NDAA and look forward to submitting the completed report to Congress in the near-term,” Army Lt. Col. Joe Sowers, a Department of Defense spokesman, told The Hill on Friday.

*** Just one reason why Obama being tardy is an issue:

The intercontinental nuclear missile threat arrives in America.

 

Americans have been focused on New Hampshire and Iowa, but spare a thought for Los Angeles, Denver and Chicago. Those are among the cities within range of the intercontinental ballistic missile tested Sunday by North Korea. Toledo and Pittsburgh are still slightly out of range, but at least 120 million Americans with the wrong zip codes could soon be targets of Kim Jong Un…

***

“We assess that they have the capability to reach the [U.S.] homeland with a nuclear weapon from a rocket,” U.S. Admiral Bill Gortney of the North American Aerospace Defense Command said in October, echoing warnings from the Defense Intelligence Agency and the U.S. commander in South Korea…

All of this vindicates the long campaign for missile defense. Ronald Reagan’s Strategic Defense Initiative helped win the Cold War, and North Korea is precisely the threat that continued to justify the cause after the Soviet Union’s collapse… 

You can thank the George W. Bush Administration for the defenses that exist, including long-range missile interceptors in Alaska and California, Aegis systems aboard U.S. Navy warships and a diverse network of radar and satellite sensors. The U.S. was due to place interceptors in Poland and X-Band radar in the Czech Republic, but in 2009 President Obama and Hillary Clinton scrapped those plans as a “reset” gift to Vladimir Putin.

Team Obama also cut 14 of the 44 interceptors planned for Alaska and Hawaii, ceased development of the Multiple Kill Vehicle… and defunded the two systems focused on destroying missiles in their early “boost” phase… By 2013 even Mr. Obama partially realized his error, so the Administration expanded radar and short-range interceptors in Asia and recommitted to the 14 interceptors for the U.S. West Coast. It now appears poised to install sophisticated Thaad antimissile batteries in South Korea.

Hillary has NO Defense Under the Law or Executive Order

Posted on by

Executive Order #13526  Espionage Act

WASHINGTON — Ahmed Wali Karzai, the brother of the president of Afghanistan, gets regular payments from the CIA and has for much of the past eight years, The New York Times reported Tuesday.

The newspaper said that according to current and former American officials, the CIA pays Karzai for a variety of services, including helping to recruit an Afghan paramilitary force that operates at the CIA’s direction in and around Kandahar.

The CIA’s ties to Karzai, who is a suspected player in the country’s illegal opium trade, have created deep divisions within the Obama administration, the Times said.

Allegations that Karzai is involved in the drug trade have circulated in Kabul for months. He denies them.

Critics say the ties with Karzai complicate the United States’ increasingly tense relationship with his older brother, President Hamid Karzai. The CIA’s practices also suggest that the United States is not doing everything in its power to stamp out the lucrative Afghan drug trade, a major source of revenue for the Taliban.

Clinton email chain discussed Afghan national’s CIA ties, official says

FNC: EXCLUSIVE: One of the classified email chains discovered on Hillary Clinton’s personal unsecured server discussed an Afghan national’s ties to the CIA and a report that he was on the agency’s payroll, a U.S. government official with knowledge of the document told Fox News.

The discussion of a foreign national working with the U.S. government raises security implications – an executive order signed by President Obama said unauthorized disclosures are “presumed to cause damage to the national security.”

The U.S. government official said the Clinton email exchange, which referred to a New York Times report, was among 29 classified emails recently provided to congressional committees with specific clearances to review them. In that batch were 22 “top secret” exchanges deemed too damaging to national security to release.

Confirmation that one of these exchanges concerned a reported CIA asset means the emails went beyond issues like the drone strike campaign. Democrats repeatedly have said some messages referred to this, reinforcing Clinton’s position that the documents are over-classified.

Based on the timing and other details, the email chain likely refers to either an October 2009 Times story that identified Afghan national Ahmed Wali Karzai, the half-brother of then-Afghan president Hamid Karzai, as a person who received “regular payments from the Central Intelligence Agency” — or an August 2010 Times story that identified Karzai aide Mohammed Zia Salehi as being on the CIA payroll. Ahmed Wali Karzai was murdered during a 2011 shoot-out, a killing later claimed by the Taliban.

Fox News was told the email chain included then-Secretary of State Clinton and then-special envoy to Afghanistan and Pakistan Richard Holbrooke and possibly others. The basic details of this email exchange were backed up to Fox News by a separate U.S. government source who was not authorized to speak on the record.

It’s unclear who initiated the discussion – Clinton, Holbrooke or a subordinate – or whether the CIA’s relationship with the Afghan national was confirmed, because the classified documents are not public.

Holbrooke died in December 2010, during his service as a special envoy.

A CIA spokesperson told Fox News they had no comment on the email chain.

A spokeswoman for the Office of the Intelligence Community Inspector General also had no comment.

The U.S. government official’s account of the Clinton email chain dovetails with a Feb. 3 interview on Fox News’ “America’s Newsroom,” where Republican Rep. Chris Stewart, a member of the House intelligence committee, said, “I have never read anything more sensitive than what these emails contain. They do reveal classified methods. They do reveal classified sources and they do reveal human assets.”

Stewart added, “I can’t imagine how anyone could be familiar with these emails, whether they’re sending them or receiving them, and not realize that these are highly classified.”

While the Clinton campaign claims the government classification review has gone too far, Executive Order 13526, in a section called “classification standards,” says, “the unauthorized disclosure of foreign government information is presumed to cause damage to the national security.”

Fox News was first to report that the Clinton emails contained intelligence beyond “top secret,” and some of the information was deemed “HCS-O” – a code that refers to human intelligence from ongoing operations.

National security and intelligence experts emphasized to Fox News that security clearance holders are trained to not confirm or deny details of a classified program in an unclassified setting, which would include a personal unsecured email network, even if the classified program appears in press reports.

“The rules of handling classified information dictate if something is reported in open source [news reports] you don’t confirm it because it’s still classified information,” said Dan Maguire, who spent more than four decades handling highly classified programs and specialized in human intelligence operations.

As secretary of state, Clinton signed at least two non-disclosure agreements (NDA) on Jan. 22, 2009, and received a briefing from a security officer whose identity was redacted. As part of the NDA for “sensitive compartmented information” (SCI), Clinton acknowledged any “breach” could result in “termination of my access to SCI and removal from a position of special confidence and trust requiring such access as well as the termination of my employment or any other relationships with any Department or Agency that provides me with access to SCI.”

It is remains unclear how classified materials “jumped the gap” from a classified system to her personal server.

On Feb. 12, Clinton’s national press secretary Brian Fallon emphasized that classified information would have been marked as such. “I think when this review plays itself out, at the end they’ll find that what we have said is true,” he told CNN. “Nothing was marked classified at the time it was sent.”

Fallon also attacked the State Department inspector general, Steve Linick, for what he described as “fishing expedition-style investigations” since Clinton decided to run for president. “There is no basis. It is intended to create headwinds for her campaign, but it is not going to work,” Fallon said. He leveled a similar allegation against Intelligence Community Inspector General I. Charles McCullough, III, after his office notified Congress the emails contained information beyond top secret.

Inquiries by Fox News to Clinton’s attorney David Kendall about the status of or changes to her security clearance, and access to classified information, have not been returned.

GW Bush’s Nitro Zeus to Stop Iran, Obama?

Posted on by

Due to the Iran nuclear talks and eventual deal, this whole story while accurate it appears, may be an actual leak for the sake of legitimizing Iran.

 David Sanger and Mark Mazzetti report on the February 16, 2016 New York Times website that “in the early years of the Obama administration, the United States developed an elaborate plan for a cyber attack on Iran, in case the diplomatic effort to limit its nuclear program failed; and, led to a military conflict, according to a upcoming documentary film, and interviews with military and intelligence officials involved in the effort.”

 
     “The plan, code-named NITRO ZEUS, was devised to disable Iran’s air defenses, communications systems; and, crucial parts of the power grid,” the Times noted; but, was shelved when the nuclear deal with Iran was concluded.  The Times adds that “NITRO ZEUS was part of an effort to assure POTUS Obama that he had alternatives, short of a full-scale war — if Iran lashed out at the United States, or its allies in the region.  At its height, officials say, the planning for NITRO ZEUS involved thousands of American military and intelligence personnel, spending tens of millions of dollars; and, placing electronic implants in Iranian computer networks to “prepare the battlefield,” in the parlance of the Pentagon.” 
 
    FC:  The White House was no doubt hoping to dissuade Israel from conducting a pre-emptive military strike against Iran’s nuclear infrastructure, while the nuclear negotiations with Iran were nearing a conclusion.  Left unanswered in the Times article was any mention of Israel’s cooperation and/or participation in the NITRO ZEUS planning and ultimate execution.  Was Israel made aware of the plan?; but, not invited to participate?  Were they a full partner and expected to contribute to the operation if it had occurred?  Or, did the White House attempt to keep Israel out of any knowledge or participation in the effort?
     Mr. Sanger and Mr. Mazzetti note that in addition to NITRO ZEUS, “American intelligence agencies developed a separate, far more narrowly focused cyber plan to disable Iran’s Fordo nuclear enrichment site, which Iran built deep inside a mountain near the [religious] city of Qom.  The attack [on Fordo] would have been a covert operation,” which would have required POTUS approval.
 
 
   “Fordo has long been considered one of the hardest targets in Iran, buried too deep for all but the most powerful bunker-buster [bombs] in the American military arsenal,” Mr. Sanger and Mr. Mazzetti write.  “Thev proposed [covert] intelligence operation called for the insertion of a computer “worm” into the facility — with the aim of frying Fordo’s computer systems — effectively delaying, or destroying the ability of Iranian centrifuges to enrich uranium at the enrichment site.  It was intended as a follow-up to “OLYMPIC GAMES,” the code-name of a cyber attack [never acknowledged] by the United States and Israel that destroyed 1,000 Iranian nuclear centrifuges; and [at least], temporarily disrupt [nuclear fuel] production at Natanz, a far larger; but, less protected enrichment site.”  This operation involved the use of the STUXNET cyber worm; and is considered by many the first military use of a cyber weapon of mass disruption.
 
     Mr. Sanger and Mr. Mazzetti note that “the existence of NITRO ZEUS was uncovered in the course of reporting for “Zero Days,” a documentary that will be shown Wednesday [today] at the Berlin Film Festival.  Directed by Alex Gibney, who is known for other documentaries, including the Oscar-winning, “Taxi To The Dark Side,” about the [alleged] use of torture by American interrogators; and, “We Steal Secrets: The Story Of Wikileaks.”
     “Zero Days,” describes the escalating conflict between Iran and the West, in the years leading up to the agreement, and discovery of the cyber attack on the Natanz enrichment plant; and, the debates inside the Pentagon over whether the United States has [had] a workable [cyber] doctrine for the use of a new form of weaponry — whose ultimate effects are [still] only vaguely understood,” the Times noted.
    “For the seven-year old United States Cyber Command, which is still building its cyber “special forces,” and deploying them throughout the world, the Iran project [which involved infusing electronic implants at key digital ‘choke-points] was perhaps its most challenging program yet,” Mr. Sanger and Mr. Mazzetti write.  “This was enormous, and [an] enormously complex program [operation],” said one participant who requested anonymity because the program is still [highly] classified.  “Before it was developed, the U.S. had never assembled a combined cyber, kinetic attack plan on this scale,” the official added.
     “While U.S. Cyber Command would have executed NITRO ZEUS, the National Security Agency’s (NSA) Tailorerd Access Operations Unit (TAO) was responsible for penetrating the adversary’s [Iran’s] networks, which would have required piercing, and maintaining a presence in a vast number of Iranian networks, including the country’s air defenses and its transportation and command control centers,” The Times noted.
     “It is a tricky business, the war planners say, because their knowledge of how networks are connected in Iran, or any other hard target, is sketchy, and collateral damage is always hard to predict.  It is easier to turn off power grids, for example, than to start them up again.”  And, there is the critical and fundamental issue of restoring trust in the system by the people — something which is often difficult to do — just ask Target.  They have managed; but, it took a while.
     The covert operation to sabotage Fordo was challenging to say the least, since this was a clandestine Iranian nuclear enrichment facility, buried inside a mountain and no doubt heavily guarded and very difficult to breach.  Very difficult, but not impossible.  As The Times noted, some of the stolen NSA documents purloined by fugitive Edward Snowden allegedly demonstrate how computer worms and cyber viruses can be secretly inserted — remotely — into a targeted network — even if disconnected from the Internet.  I commented on article yesterday on how to steal secret keylogger data from a disconnected/stand-alone computer in another room.  Needless to say, Mr. Snowden greatly aided our adversaries and the Islamic State and al Qaeda, others with his reckless and destructive leaks.  CIA Director john Brennan admitted in a CBS 60 Minutes interview on Sunday that the Paris attackers used encrypted communications to plan, orchestrate, and launch their attack, an operational technique that allowed them to ‘remain dark’ thus prevent or undermine our ability to ferret out and hopefully prevent their operations.  In the aftermath of the Snowden leaks, these groups substantially enhanced their encryption software; as evidenced in both Paris and San Bernardino.
     For the life of me, I cannot figure out why some within the U.S. government thought disclosing this alleged operation was in our national security interests and beneficial for everyone to know.  If the report is true, it betrays extremely sensitive tactics, techniques, and procedures.  As the age old saying goes, “one cannot vanquish one’s enemies, by telegraphing one’s punches.”  Okay, nukes aside.  There are those who argue that a deterrent capability only works, if the opponent believes you can actually do what you say you can.  But, the cyber world is vastly different from the kinetic, military weaponry world, as revealing an offensive cyber capability is likely to render the digital weapon useless beyond the initial public disclosure and use.  Hackers, malcontents, others will take pleasure in being the first to reverse engineer the cyber weapon and post their findings on the open net for all to see — and, take appropriate counter-measures.  One also has to assume that North Korea, among others, is now aware of how their own networked nuclear infrastructure could be vulnerable and take pre-emptive steps to remedy their vulnerabilities. More details from the NYT’s here.

Jeh Johnson’s State of DHS, Judge for Yourself

Posted on by

Remarks by Secretary of Homeland Security Jeh C. Johnson on the State of Homeland Security

Washington, D.C.
Woodrow Wilson Center
(As delivered)

Good morning everyone. Thank you Jane and the Wilson Center for hosting me again for this annual ritual. Jane is a terrific supporter of our Department and our homeland security mission, and a voice of strength and common sense in this town. Jane, for the third year in a row, I continue to appreciate your leadership and mentorship. Thank you again.

Today I will outline progress we made in 2015 and the goals the President and I have for the Department of Homeland Security in 2016. In the remaining 344 days of this Administration, there is much to do. I intend to make every day count. The former president of my alma mater, Morehouse College, used to tell his students we only have just a minute, but eternity is in it, and it’s up to us to use it. With Deputy Secretary Alejandro Mayorkas as my partner, we will push an aggressive agenda to the end.

I begin these remarks with a shout-out to the men and women of DHS, led by the terrific component heads seated before me. It’s the nature of our business in homeland security that no news is good news. But no news is very often the product of the hard work and extraordinary, courageous effort our people put in every day to keep the American public safe.

Last fiscal year, for example, TSA screened 695 million passengers (3 million more than the year before); screened 450 million pieces of checked luggage (the highest in six years), and, at the same time, seized a record number 2,500 firearms from carry-on luggage, 84 percent of which were loaded.

Last fiscal year CBP screened 26.3 million containers, 11.3 million commercial trucks, 1 million commercial and private aircraft, 436,000 buses, ferries and trains, 103 million private vehicles, and 382 million travelers at land, marine and air ports of entry to the United States. At the same time, CBP collected nearly $46 billion in duties, taxes, and fees, making it the second largest revenue collector in the U.S. government.

Last fiscal year, HSI made a record high 33,000 criminal arrests, including 3,500 alleged members of transnational criminal gangs, and 2,400 alleged child predators.

Last fiscal year the Coast Guard saved over 3,500 lives, and seized 319,000 pounds of cocaine and 78,000 pounds of marijuana worth a total of $4.3 billion wholesale. In just one mission off the coast of Central and South America, the National Security Cutter STRATTON alone seized over $1 billion in cocaine, along with two drug cartel-owned submersibles.

Last year the Secret Service successfully orchestrated what may have been the largest domestic security operation in the history of this country, by providing physical security to 160 world leaders at the UN General Assembly, and, at the same time, providing security for Pope Francis as he visited New York, Washington, and Philadelphia.

Last year FEMA provided over $6 billion in federal disaster assistance, and was there to help communities recovering from flooding in Texas and South Carolina, tornadoes in Oklahoma, and typhoons in the Western Pacific.

This past Sunday, DHS personnel from the Secret Service, TSA, CBP, HSI, FEMA, I&A, NPPD, the Coast Guard, and other components led the federal effort to provide ground, air, maritime and cyber security for Super Bowl 50.

Then there are the individual acts of good and heroic work by our people, to save lives and go above and beyond the call of duty.

In late December nine Border Patrol agents traveled miles on foot or by horseback to come to the aid of an Arizona rancher who had fallen off her horse in a remote, mountainous area.

Last March two uniformed Secret Service officers helped save the life of a journalist who suffered a heart attack in the East Room of the White House.

Last July Coast Guard Petty Officer Darren Harrity swam nearly a mile, at night, in 57-degree water and 30-mph winds, to save the lives of four stranded fishermen.

Finally, we honor those killed in the line of duty. HSI Agent Scott McGuire was killed last month by a hit and run driver in Miami. I was glad to at least have had the opportunity to visit with Scott’s wife and five-year-old son, and hold Scott’s hand before he was officially declared brain dead. His funeral was 10 days ago in New Orleans.

Our people do extraordinary work every day to protect the homeland. Please consider thanking a TSO, a Coastie, a Customs officer, or a Border agent next time you see one.

Management Reform

Though our people do extraordinary work, I know we must improve the manner in which the Department conducts business. Like last year, reforming the way in which the Department of Homeland Security functions, to more effectively and efficiently deliver our services to the American people, is my New Year’s resolution for 2016. We’ve done a lot in the last two years, but, under the leadership of our Under Secretary for Management Russ Deyo, there is still much we will do.

My overarching goal as Secretary this last year is to continue to protect the homeland, and leave the Department of Homeland Security a better place than I found it.

The centerpiece of our management reform has been the Unity of Effort initiative I announced in April 2014, which focuses on getting away from the stove pipes, in favor of more centralized programming, budgeting, and acquisition processes.

We have transformed our approach to the budget. Today, we focus Department-wide on our mission needs, rather than through component stove pipes. With the support of Congress, we are moving to a simplified budget structure, in which line items mean the same across all components.

We have transformed our approach to acquisition. Last year I established a DHS-wide Joint Requirements Council to evaluate, from the viewpoint of the Department as a whole, our components’ needs on the front end of an acquisition.

We have launched the “Acquisition Innovations in Motion” initiative, to consult with the contractor community about ways to improve the quality and timeliness of our contracting process, and the emerging skills required of our acquisition professionals. We are putting faster contracting processes in place.

We are reforming our HR process. We are making our hiring process faster and more efficient. We are using all the tools we have to recruit, retain and reward personnel.

As part of the Unity of Effort initiative, in 2014 we created the Joint Task Forces dedicated to border security along the southern border. Once again, we are getting away from the stove pipes. In 2015, these Task Forces became fully operational. In 2016, we are asking Congress to officially authorize them in legislation.

We are achieving more transparency in our operations. We have staffed up our Office of Immigration Statistics and gave it the mandate to integrate immigration data across the Department. Last year, and for the second year in a row, we reported our total number of repatriations, returns and removals on a consolidated, Department-wide basis.

The long-awaited entry/exit overstay report was published in January, providing a clearer picture of the number of individuals in this country who overstay their visitor visas. It reflects that about one percent of those who enter this country by air or sea on visitor visas or through the Visa Waiver Program overstay.

We are working with outside, non-partisan experts on a project called BORDERSTAT, to develop a clear and comprehensive set of outcome metrics for measuring border security, apprehension rates, and inflow rates.

Since 2013 we’ve spearheaded something called the “DHS Data Framework” initiative. For the protection of the homeland, we are improving the collection and comparison of travel, immigration and other information against classified intelligence. We will do this consistent with laws and policies that protect privacy and civil liberties.

As we have proposed to Congress, I want to restructure the National Protection and Programs Directorate from a headquarters element to an operational component called the “Cyber and Infrastructure Protection” Agency.

I am very pleased with the 2016 DHS budget adopted by Congress and signed by the President as part of the omnibus spending deal reached in December. I’m very pleased with that. It funds all of our homeland security priorities, including, finally, the completion of the main building of the new DHS headquarters at St. Elizabeths campus in SE Washington. I will never get to work there, but perhaps they will name a courtyard or conference room after me.

The President’s budget request for 2017, released two days ago, funds our key priorities, to include aviation security, the Secret Service, recapitalization of the Coast Guard, and provides a huge increase in funding for cybersecurity.

Finally, we will improve the levels of employee satisfaction across the Department. We’ve been on an aggressive campaign to improve morale over the last two years. It takes time to turn a 22-component workforce of 240,000 people in a different direction. Though the overall results last year were still disappointing, we see signs of improvement. Employee satisfaction improved in a number of components, including at DHS headquarters.

This year we will see an improvement in employee satisfaction across DHS.

Counterterrorism

In 2016, counterterrorism will remain the cornerstone of the Department of Homeland Security’s mission. The events of 2015 reinforce this.

As I have said many times, we are in a new phase in the global terrorist threat, requiring a whole new type of response. We have moved from a world of terrorist directed attacks to a world that includes the threat of terrorist inspired attacks – in which the terrorist may have never come face to face with a single member of a terrorist organization, lives among us in the homeland, and self-radicalizes, inspired by something on the internet.

By their nature, terrorist-inspired attacks are harder to detect by our intelligence and law enforcement communities, could occur with little or no notice, and in general makes for a more complex homeland security challenge.

So, what are we doing about this?

First, our government, along with our coalition partners, continues to take the fight militarily to terrorist organizations overseas. ISIL is the terrorist organization most prominent on the world stage. Since September 2014, air strikes and special operations have in fact led to the death of a number of ISIL’s leaders and those focused on plotting external attacks in the West. At the same time, ISIL has lost about 40 percent of the populated areas it once controlled in Iraq, and thousands of square miles of territory it once controlled in Syria.

On the law enforcement side, the FBI continues to do an excellent job of detecting, investigating, preventing, and prosecuting terrorist plots here in the homeland.

As for the Department of Homeland Security, following the attacks in Ottawa, Canada in 2014, and in reaction to terrorist groups’ public calls for attacks on government installations in the western world, I directed our Federal Protective Service to enhance its presence and security at various U.S. government buildings around the country.

Given the prospect of the terrorist-inspired attack in the homeland, we have intensified our work with state and local law enforcement. Almost every day, DHS and the FBI share intelligence and information with Joint Terrorism Task Forces, fusion centers, local police chiefs and sheriffs.

In FY 2015 we provided over $2 billion in homeland security assistance to state and local governments around the country, for things such as active shooter training exercises, overtime for cops and firefighters, salaries for emergency managers, emergency vehicles, and communications and surveillance equipment. We helped to fund an active shooter training exercise that took place in the New York City subways last November and a series of these exercises just last weekend in Miami, Florida.

As I said at a graduation ceremony for 1,200 new cops in New York City in December, given the current threat environment, it is the cop on the beat who may be the first to detect the next terrorist attack in the United States.

We are enhancing information sharing with organizations that represent businesses, college and professional sports, faith-based organizations, and critical infrastructure.

We are enhancing measures to detect and prevent travel to this country by foreign terrorist fighters.

We are strengthening our Visa Waiver Program, which permits travelers from 38 different countries to come here without a visa. In 2014, we began to collect more personal information in the Electronic System for Travel Authorization, also known as the “ESTA” system, that travelers from Visa Waiver countries are required to use. As a result of these enhancements, over 3,000 additional travelers were denied travel here in FY 2015.

In August 2015, we introduced further security enhancements to the Visa Waiver Program.

Through the passage in December of the Visa Waiver Program Improvement and Terrorist Travel Prevention Act of 2015, Congress has codified into law several of these security enhancements, and placed new restrictions on eligibility for travel to the U.S. without a visa. We began to enforce these new restrictions on January 21. Waivers from these restrictions will only be granted on a case-by-case basis, when it is in the law enforcement or national security interests of the United States to do so. Those denied entry under the Visa Waiver Program as a result of this new law may still apply for a visa to travel to the U.S.

We are expanding the Department’s use of social media for various purposes. Today social media is used for over 33 different operational and investigative purposes within DHS. Beginning in 2014 we launched four pilot programs that involved consulting the social media of applicants for certain immigration benefits. USCIS now also reviews the social media of Syrian refugee applicants referred for enhanced vetting. Based upon the recent recommendation of a Social Media Task Force within DHS, I have determined that we must expand the use of social media even further, consistent with law.

CBP is deploying our Customs personnel at various airports abroad, to pre-clear air travelers before they get on flights to the United States. At present, we have this pre-clearance capability at 15 airports overseas. And, last year, through pre-clearance, we denied boarding to over 10,700 travelers (or 29 per day) seeking to enter the United States. As I said here last year, we want to build more of these. In May 2015, I announced 10 additional airports in nine countries that we’ve prioritized for preclearance.

For years Congress and others have urged us to develop a system of biometric exit – that is, to take the fingerprints or other biometric data of those who leave the country. CBP has begun testing technologies that can be deployed for this nationwide. With the passage of the omnibus bill, Congress authorized $1 billion in fee increases over a period of ten years to pay for the implementation of biometric exit. I have directed CBP begin implementing the system, starting at airports, in 2018.

Last month I announced the schedule for the final two phases of implementation of the REAL ID law, which goes into effect two and then four years from now. At present 23 states are compliant with this law, 27 have extensions, and 6 states or territories are out of compliance. Now that the final timetable for implementation of this law is in place, we will urge all states, for the good of their residents, to start issuing REAL ID-complaint drivers’ licenses as soon as possible.

In the current threat environment, there is a role for the public too. “If You See Something, Say Something™” must be more than a slogan. We continue to stress this. DHS has now established partnerships with the NFL, Major League Baseball and NASCAR, to raise public awareness at sporting events. An informed and vigilant public contributes to national security.

In December we reformed “NTAS,” the National Terrorism Advisory System. In 2011, we replaced the color-coded alerts with NTAS. But, the problem with NTAS was we never used it. It consisted of just two types of Alerts: “Elevated” and “Imminent,” and depended on the presence of a known specific and credible threat. This does not work in the current environment, which includes the threat of homegrown, self-radicalized, terrorist-inspired attacks.

So, in December we added a new form of advisory – the NTAS “Bulletin” – to the existing Alerts. The Bulletin we issued in December advises the public of the current threat environment, and how the public can help.

Finally, given the nature of the evolving terrorist threat, building bridges to diverse communities has become a homeland security imperative. Well informed families and communities are the best defense against terrorist ideologies. Al Qaeda and the Islamic State are targeting Muslim communities in this country. We must respond. In my view, this is as important as any of our other homeland security missions.

In 2015 we took these efforts to new levels. We created the DHS Office for Community Partnerships, headed by George Selim. George and this office are now the central hub of the Department’s efforts to counter violent extremism in this country, and the lead for a new interagency CVE Task Force that includes DHS, DOJ, the FBI, NCTC and other agencies.

Aviation Security

We are taking aggressive steps to improve aviation and airport security. The traveling public should be aware that, because of this and increased traveler volume, overall wait times have increased somewhat at airports, but we believe this is necessary for the public’s own safety.

Since 2014 we have enhanced security at overseas last-point-of-departure airports, and a number of foreign governments have replicated these enhancements.

As many of you know, in May of last year a certain classified DHS Inspector General’s test of TSA screening at eight airports, reflected a dismal fail rate and was leaked to the press. I directed a 10-point plan to fix the problems identified by the IG. Under the new leadership of Admiral Pete Neffenger over the last six months, TSA has aggressively implemented this plan. This has included “back to basics” retraining of the entire TSO force, increased use of random explosive trace detectors, testing and re-evaluating the screening equipment that was the subject of the IG’s test, a rewrite of the standard operating procedures manual, increased manual screening, and less managed inclusion. These measures were implemented on or ahead of schedule.

We are also focused on airport security. In April of last year TSA issued guidelines to domestic airports to reduce access to secure areas, to require that all airport and airline personnel pass through TSA screening if they board a flight, to conduct more frequent screening of airport and airline personnel, and to conduct continuous criminal background checks of airport and airline personnel. Since then employee access points have been reduced, and random screening of personnel within secure areas has increased four-fold. We are continuing these efforts in 2016. Two days ago TSA issued guidelines to further enhance the screening of aviation workers in the secure area of airports.

Cybersecurity

While counterterrorism remains a cornerstone of our Department’s mission, I have concluded that cybersecurity must be another. Making tangible improvements to our Nation’s cybersecurity is a top priority for me and President Obama before we leave office.

Two days ago the President announced his “Cybersecurity National Action Plan,” which is the culmination of seven years of effort by his Administration. The Plan includes a call for the creation of a Commission on Enhancing National Cybersecurity, additional investments in technology, federal cybersecurity, cyber education, new cyber talent in the federal workforce, and improved cyber incident response.

DHS has a role in almost every aspect of this plan.

As reflected in the President’s 2017 budget request, we want to expand our cyber response teams from 10 to 48.

We are doubling the number of cybersecurity advisors to in effect make “house calls,” to assist private sector organizations with in-person, customized cybersecurity assessments and best practices.

Building on DHS’s Stop.Think.Connect campaign, we will help promote public awareness on multi-factor authentication.

We will collaborate with Underwriters Laboratory and others to develop a Cybersecurity Assurance Program to test and certify networked devices within the “Internet of Things” — such as your home alarm system, your refrigerator, or even your pacemaker.

Last year we greatly expanded the capability of DHS’s National Cybersecurity Communications Integration Center, or “NCCIC.” The NCCIC increased its distribution of information, the number of vulnerability assessments conducted, and the number of incident responses.

At the NCCIC, last year we built a system to automate the receipt and distribution of cyber threat indicators in near real-time speed. We built this in a way that also includes privacy protections. We did this ahead of schedule.

I have issued an aggressive timetable for improving federal civilian cybersecurity, principally through two DHS programs:

The first is called EINSTEIN. EINSTEIN 1 and 2 have the ability to detect and monitor cybersecurity threats in our federal civilian systems, and are now in place across all federal civilian departments and agencies.

EINSTEIN 3A is the newest iteration of the system, and has the ability to actually block potential cyber attacks on our federal systems. Thus far E3A has actually blocked 700,000 cyber threats, and we are rapidly expanding this capability. About a year ago, E3A covered only about 20 percent of our federal civilian networks. In the wake of the OPM attack, in May of last year I directed our cybersecurity team to make at least some aspects of E3A available to all federal departments and agencies by the end of last year. They met that deadline. Now that the system is available to everyone, 50 percent are actually on line, including OPM, and we are working to get all federal departments and agencies on board by the end of this year.

The second program, called Continuous Diagnostics and Mitigation, helps agencies detect and prioritize vulnerabilities in their networks. In 2015, we provided CDM sensors to 97 percent of the federal civilian government. Next year, DHS will provide the second phase of CDM to 100 percent of the federal civilian government.

We have worked with OMB and DNI to identify the government’s high value systems, and we are working aggressively with the owners of these systems to increase their security.

In September, DHS awarded a grant to the University of Texas San Antonio to work with industry to identify a common set of best practices for the development of Information Sharing and Analysis Organizations, or “ISAOs.”

Finally, I thank Congress for passing the Cybersecurity Act of 2015. This new law is a huge assist to DHS and our cybersecurity mission. We are in the process of implementing this new law now.

Immigration/Border Security

Turning to immigration and border security:

As I explain it to both Democrats and Republicans, immigration policy must be two sides of the same coin. The resources we have to enforce immigration laws are finite, and they must be used wisely. This is true of every aspect of law enforcement. It’s referred to as “prosecutorial discretion.”

With the immigration enforcement resources we have, ICE is focused more sharply on public safety and border security. Those who are convicted of serious crimes or who are apprehended at the border are top priorities for removal. And we will enforce the law in accordance with these priorities.

Accordingly, over the last several years deportations by ICE have gone down, but an increasing percentage of those deported are convicted criminals. And, an increased percentage of those in immigration detention, around 85 percent, are in the top priority for removal. We will continue to focus our resources on the most significant threats to public safety and border security.

In furtherance of our public safety efforts, in 2014 we did away with the controversial Secure Communities program and replaced it with the new Priority Enforcement Program, or “PEP.” PEP fixes the political and legal controversies, in my judgment, associated with Secure Communities and enables us to take directly into custody from local law enforcement the most dangerous, removable criminals. Since PEP was created, cities and counties that previously refused to work with Secure Communities are coming back to the table. Of the 25 largest counties that refused to work with ICE before, 16 are now participating in PEP. In 2016, we want to get more to participate.

And, because we are asking ICE immigration enforcement officers to focus on convicted criminals and do a job that’s more in line with law enforcement, last year we reformed their pay scale accordingly. Now these immigration officers are paid on the same scale as the rest of federal law enforcement.

We have also prioritized the removal of those apprehended at the border. We cannot allow our borders to be open to illegal migration.

southwest border u s b p apprehensions f y 2000 - f y 2015

Over the last 15 years, our Nation – across multiple administrations — has invested a lot in border security, and this investment has yielded positive results. Apprehensions – which are an indicator of total attempts to cross the border illegally – are a fraction of what they used to be.

southwest border u s b p apprehensions f y 2000 - f y 2015 - noting numbers rose in 2014

In FY 2014, overall apprehensions increased, as we saw a spike in the number of families and unaccompanied children from Central America during the spring and summer of 2014. That year the overall number of apprehensions was 479,000. Across the government, we responded aggressively to this surge and the numbers fell sharply within a short period of time.

southwest border u s b p apprehensions f y 2000 - f y 2015 noting numbers fell in 2015

In FY 2015, the number of those apprehended on the southwest border was 331,000 – with the exception of one year, this was the lowest number since 1972.

From July to December 2015 the numbers of migrants from Central America began to climb again.

In January I announced a series of focused enforcement actions to take into custody and remove those who had been apprehended at the border in 2014 or later and then ordered removed by an immigration court. I know this made a lot of people I respect very unhappy. But, as I said, we must respect the law in accordance with our priorities and enforce it.

In January overall apprehensions on the southwest border dropped 36 percent from the month before. At the same time, the number of unaccompanied children apprehended dropped 54 percent, and the number of those in families dropped 65 percent. So far in February, the numbers have remained at this decreased level. This six-week decline is encouraging, but it does not mean we can dial back our efforts. We will continue to enforce the law consistent with our priorities for enforcement, which includes those apprehended at the border in 2014 or later.

Then there is the other side of the coin. The new enforcement policy the President and I announced in November 2014 makes clear that our limited resources will not be focused on the removal of those who have committed no serious crimes, have been in this country for years, and have families here. Under our new policy, these people are not priorities for removal, nor should they be.

In fact, the President and I want to offer, to those who have lived here for at least five years, are parents of U.S. citizens or lawful permanents residents, and who have committed no serious crimes, the opportunity to request deferred action on a case-by-case basis, to come out of the shadows, get on the books, and be held accountable. We are pleased that the Supreme Court has agreed to hear the case of Texas v. United States, which involves the new deferred action policies we announced in November 2014.

Our immigration enforcement priorities, the ending of Secure Communities, and the new deferred action policy now in the courts are among 10 executive actions the President and I announced in November 2014 to fix our broken immigration system.

We also issued a proposed rule to expand eligibility for “provisional” extreme hardship waivers of the 3- and 10-year bars to all persons who statutorily qualify for a waiver. The comment period is closed, and we are now preparing to issue the final rule on provisional waivers.

We published new guidance for public comment on the “extreme hardship” requirement. The comment period is closed and we plan to issue final guidance on extreme hardship very soon.

We are about to publish a final rule to strengthen the program that provides Optional Practical Training for students in STEM fields studying at U.S. universities.

We finalized a new rule that allows spouses of high-skilled H-1B workers who are here in the United States under H-4 visas to apply for work authorization.

We are working with the Department of Labor and other agencies to ensure, for the protection of workers, the consistent enforcement of federal labor, employment and immigration laws.

We are promoting and increasing access to citizenship through the new White House Task Force on New Americans. The week of September 14-21 we celebrated the “Stand Stronger Commit to Citizenship Campaign.” In that one week, USCIS naturalized 40,000 people.

We now permit credit cards as a payment option for naturalization fees.

Our overall policy is to focus our immigration resources more effectively on threats to public safety and border security, and, within our existing legal authority, do as much as we can to fix the broken immigration system. We’re disappointed that Congress has not been our partner in this effort, by passing comprehensive immigration reform legislation.

Finally, we recognize that more border security and deportations may deter illegal migration, but they do nothing to overcome the “push factors” that prompt desperate people to flee Central America in the first place. We are preparing to offer vulnerable individuals fleeing the violence in Central America a safe and legal alternate path to a better life. We are expanding our Refugee Admissions Program to help vulnerable men, women and children in Central America who qualify as refugees. We are partnering with the UN High Commissioner for Refugees and non-governmental organizations in the region to do this as soon as possible. This approach builds on our recently established Central American Minors program, which is now providing an in-country refugee processing option for certain children with lawfully present parents in the United States.

Refugees

We are doing our part to address the Syrian refugee crisis. USCIS, in conjunction with the Department of State, is working hard to meet our commitment to admit at least 10,000 Syrian refugees by the end of this fiscal year. We will do this carefully, screening refugees in a multi-layered and intense screening process involving multiple law enforcement, national security, and intelligence agencies across the Federal Government.

U.S. Secret Service

Over the last year, Director Joe Clancy of the Secret Service has done a tremendous job reforming his agency, including hiring a chief operating officer from outside the Secret Service, altering the structure and management of the agency, ramping up efforts to hire new members of its workforce, and expanding training opportunities. In 2016 we will continue to work on areas that still need improvement.

The U.S. Coast Guard

With the help of Congress, in 2016 we will continue to rebuild the Coast Guard fleet. This year Congress provided funding for a ninth National Security Cutter, design funding for the Offshore Patrol Cutter, and funding to continue production of our Fast Response Cutter. As reflected in the President’s 2017 Budget Request, we will also seek $150 million for the design of a new heavy icebreaker, in recognition of the expanding commercial activity in the Arctic.

FLETC

Since 2012, our Federal Law Enforcement Training Centers (FLETC) has trained more than a quarter million federal, state and local officers and agents. At the same time, FLETC continually updates its curriculum to address the biggest challenges facing law enforcement, to include training for active shooter situations, in cyber forensics, and in human trafficking.

FEMA

In 2016 FEMA will continue to do its extraordinary job of supporting the American people and communities to prepare for, respond to, and recover from various disasters. FEMA will continue to focus on efforts to enhance resilience and mitigation measures before disaster strikes, to prevent loss and save lives.

Lawful Trade and Travel

We continue to promote lawful trade and travel. We will continue to pursue the President’s U.S.-Mexico High Level Economic Dialogue and his Beyond the Border Initiative with Canada. We are implementing the “Single Window,” which, by December 2016, will enable the private sector to use just one portal to transmit information to 47 government agencies about exports and imports, thereby eliminating over 200 different forms and streamlining the trade process.

Last week the Secretary of Commerce and I joined the President of Mexico to open a new six-lane bridge near El Paso that will replace a 78-year-old two-lane one. Next week I will join the Mexican Secretary of Finance to inaugurate a pre-inspection pilot in Laredo, Texas.

Conclusion

In conclusion, according to Time Magazine, I have “probably the hardest job in America.” That’s not true. The President has the hardest job in America. But I may rank in the top ten. I have a lot of challenges, a lot of problems and a lot of headaches. There is also far too much partisanship in Washington, and, especially during an election year, politics has become a blood-sport in this town. Too often it is more important to score political points than achieve smart, sound government policy on behalf of the American people.

Through it all, I still love public service, and I am dedicated to serving the American people, protecting our homeland, and serving our President.

I find inspiration in the amazing stories of our workforce that I told you about at the beginning of this speech. I also find inspiration and strength in the weekly batch of letters I receive from the American people we serve, particularly from the school kids. Here’s one from a young man named Brett Shepard, handwritten in pencil:

“To Jeh Johnson…I just wanted to say I think you’re doing a good job… I ran for class president in my government class. I ended up becoming the Secretary of Homeland Security which honestly I would rather be … [president is] not all it’s cracked up to be.”

Like Brett, at this moment in the life of our Nation, there’s nothing I’d rather be than Secretary of Homeland Security. It is and always will be the highlight of my professional life. In the time left to me in office, I pledge all my energy to continue to protect the homeland and leave the Department of Homeland Security a better place than I found it.

Thank you very much.