Category Archives: FBI

The Mafia, Cosa Nostra was Just Arrested 46

Posted on by

6FBI rounds up nearly 50 mob suspects accused of litany of mafia crimes

The 46 defendants include alleged Philadelphia mob boss Joseph ‘Skinny Joey’ Merlino and New York crime figure Pasquale “Patsy” Parrello

Related reading: United States vs. JOSEPH MERLINO, FRANK GAMBINO, : RALPH ABRUZZI, STEVEN FRANGIPANI, : and ANTHONY ACCARDO criminal complaint

Joseph ‘Skinny Joey’ Merlino pictured in 2014. The alleged head of the Philadelphia mob was named in a federal indictment on Thursday charged with a range of crimes including extortion and fraud.Joseph ‘Skinny Joey’ Merlino pictured in 2014. The alleged head of the Philadelphia mob was named in a federal indictment on Thursday charged with a range of crimes including extortion and fraud. Photograph: Yong Kim/AP

Guardian: Nearly 50 alleged mobsters have been charged by US prosecutors with being part of an east coast crime syndicate.

The 46 suspects include an old-school mafioso in New York and a reputed mob chieftain in Philadelphia who has been pursued by the government for decades.

The indictment, unsealed in New York City, accuses the defendants of a litany of classic mafia crimes, including extortion, loansharking, casino-style gambling, sports gambling, credit card fraud and health care fraud. It said the syndicate operated in New York, Massachusetts, Pennsylvania, Florida and New Jersey.

Among those charged was Joseph “Skinny Joey” Merlino, the flamboyant alleged head of the Philadelphia mob who has repeatedly beat murder charges in past cases, but served nearly 12 years in prison for racketeering.

Also named in the indictment was Pasquale “Patsy” Parrello, identified as a longtime member of the Genovese organized crime family and the owner of an Italian restaurant in New York City.

Related reading: Indictment

Related reading: U.S. Attorney’s Office List of Charges document

Parrello, 72, pleaded not guilty to racketeering conspiracy and other charges at his arraignment in federal court in Manhattan.

He was detained without bail after prosecutors argued in court papers that he was a danger because of his “appetite and capacity for vengeance, control, and violence”. His attorney declined comment outside court.

Merlino, also was ordered held without bail at a hearing in West Palm Beach, Florida. His longtime lawyer, Ed Jacobs, declined to comment on the allegations, saying he hadn’t yet studied the indictment.

Prosecutors said 39 of those charged were arrested on Thursday. Alleged members of four New York crime families were among the defendants. During the arrests, agents seized three handguns, a shotgun, gambling paraphernalia and more than $30,000 in cash.

Diego Rodriguez, head of the FBI’s New York office, said the indictment “reads like an old school mafia novel”.

One count accuses Parrello, 72, of ordering a beating in 2011 of a panhandler he believed was harassing female customers outside his restaurant, Pasquale Rigoletto, on Arthur Avenue in the Bronx.

“Break his … knees,” he said, according to prosecutors. The panhandler was “assaulted with glass jars, sharp objects and steel-tipped boots, causing bodily harm”, the court papers said.

Afterward one of his cohorts was recorded saying: “Remember the old days in the neighborhood when we used to play baseball? … A ballgame like that was done,” the papers said.

Prosecutors also said that in 2013, Parello ordered retaliation against a man who stabbed a member of his crew outside a Bronx bar.

After an associate agreed to “whack” the attacker, Parrello cautioned him to “keep the pipes handy and pipe him, pipe him, over here (gesturing to the knees), not on his head,” court papers said.

Merlino, 54, who became a restaurateur in Boca Raton, Florida, following his release from prison, was implicated in a health care fraud scheme with Parrello and others. Investigators said the conspirators got corrupt doctors to bill insurers for unnecessary and excessive prescriptions for expensive compound creams in exchange for kickbacks.

A magistrate judge in West Palm Beach, Florida, ordered Merlino held without bail pending a detention hearing on Tuesday. In papers arguing against his release, prosecutors said he “been captured on recordings supervising a number of individuals, questioning whether certain associates were ’rats.’”

In Massachusetts, five alleged associates of the New York-based Genovese crime family were arrested on extortion-related charges as part of the sweep. Four men were arrested in New Jersey.

Like Merlino, several other of the defendants, including Parrello, have records of mob-related convictions and prison time. One of the lesser-known defendants, Bradford Wedra, interrupted a hearing on Thursday where he pleaded not guilty to complain to the judge that he was broke after completing a 25-year sentence in another case.

“Now, I’m home and I can’t afford nothing,” he said before he was given a court-appointed lawyer.

What you Need to Know About IDI and Why

Posted on by

This Company Has Built a Profile on Every American Adult

Every move you make. Every click you take. Every game you play. Every place you stay. They’ll be watching you.

Bloomberg: Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.

IDI, a year-old company in the so-called data-fusion business, is the first to centralize and weaponize all that information for its customers. The Boca Raton, Fla., company’s database service, idiCORE, combines public records with purchasing, demographic, and behavioral data. Chief Executive Officer Derek Dubner says the system isn’t waiting for requests from clients—it’s already built a profile on every American adult, including young people who wouldn’t be swept up in conventional databases, which only index transactions. “We have data on that 21-year-old who’s living at home with mom and dad,” he says.

Dubner declined to provide a demo of idiCORE or furnish the company’s report on me. But he says these personal profiles include all known addresses, phone numbers, and e-mail addresses; every piece of property ever bought or sold, plus related mortgages; past and present vehicles owned; criminal citations, from speeding tickets on up; voter registration; hunting permits; and names and phone numbers of neighbors. The reports also include photos of cars taken by private companies using automated license plate readers—billions of snapshots tagged with GPS coordinates and time stamps to help PIs surveil people or bust alibis.

IDI also runs two coupon websites, allamericansavings.com and samplesandsavings.com, that collect purchasing and behavioral data. When I signed up for the latter, I was asked for my e-mail address, birthday, and home address, information that could easily link me with my idiCORE profile. The site also asked if I suffered from arthritis, asthma, diabetes, or depression, ostensibly to help tailor its discounts.

Users and industry analysts say the addition of purchasing and behavioral data to conventional data fusion outmatches rival systems in terms of capabilities—and creepiness. “The cloud never forgets, and imperfect pictures of you composed from your data profile are carefully filled in over time,” says Roger Kay, president of Endpoint Technologies Associates, a consulting firm. “We’re like bugs in amber, completely trapped in the web of our own data.”

When logging in to IDI and similar databases, a PI must select a permissible use for a search under U.S. privacy laws. The Federal Trade Commission oversees the industry, but PI companies are largely expected to police themselves, because a midsize outfit may run thousands of searches a month.

Dubner says most Americans have little to fear. As examples, he cites idiCORE uses such as locating a missing person and nabbing a fraud or terrorism suspect.

IDI, like much of the data-fusion industry, traces its lineage to Hank Asher, a former cocaine smuggler and self-taught programmer who began fusing sets of public data from state and federal governments in the early 1990s. After Sept. 11, law enforcement’s interest in commercial databases grew, and more money and data began raining down, says Julia Angwin, a reporter who wrote about the industry in her 2014 book, Dragnet Nation.

Asher died suddenly in 2013, leaving behind his company, the Last One (TLO), which credit bureau TransUnion bought in bankruptcy for $154 million. Asher’s disciples, including Dubner, left TLO and eventually teamed up with Michael Brauser, a former business partner of Asher’s, and billionaire health-care investor Phillip Frost. In May 2015, after a flurry of purchases and mergers, the group rebranded its database venture as IDI.

Besides pitching its databases to big-name PIs (Kroll, Control Risks), law firms, debt collectors, and government agencies, IDI says it’s also targeting consumer marketers. The 200-employee company had revenue of about $40 million in its most recent quarter and says 2,800 users signed up for idiCORE in the first month after its May release. It declined to provide more recent figures. The company’s data sets are growing, too. In December, Frost helped underwrite IDI’s $100 million acquisition of marketing profiler Fluent, which says it has 120 million profiles of U.S. consumers. In June, IDI bought ad platform Q Interactive for a reported $21 million in stock.

IDI may need Frost’s deep pockets for a while. The PI industry’s three favorite databases are owned by TransUnion and media giants Reed Elsevier and Thomson Reuters. “There’s no shortage,” says Chuck McLaughlin, chairman of the board of the World Association of Detectives, which has about 1,000 members. “The longer you’re in business, the more data you have, the better results.” He uses TLO and Tracers Information Specialists.

Steve Rambam, a PI who hosts Nowhere to Hide on the Investigation Discovery channel, says marketing data remains a niche monitoring tool compared with social media, but its power can be unparalleled. “You may not know what you do on a regular basis, but I know,” Rambam says. “I know it’s Thursday, you haven’t eaten Chinese food in two weeks, and I know you’re due.”

Wait…there is another problem you don’t know about.

Comcast Lobbies To Charge Customers More To Protect Their Online Privacy
Internet providers are still hashing out issues with the FCC. In particular, Comcast is currently defend its “pay-for-privacy” model to the FCC [PDF]. Comcast has even contended that  “the FCC has no authority to prohibit or limit these types of programs.”

So what exactly is the “pay-for-privacy” system? Essentially, companies like Comcast offers discounts to customers in exchange for allowing ISP’s to use their data. Comcast then floods these customers with various behaviorally-targeted ads. Customers who prefer privacy over pricing are charged a premium.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_comcast_office.jpg

comcast office

Several weeks ago a number of lawmakers urged the FCC to ban the “pay-for-privacy” system. They argued that this pricing pyramid is particularly harmful to elderly customers who do not necessarily understand how ISP’s work and low-income customers who cannot afford to pay the privacy premium. Members of Congress noted that Comcast’s policies are “counter to our nation’s core principle that all Americans have a fundamental right to privacy.”

Comcast argued that the “pay-for-privacy” model actually benefits elderly and low-income customers. They insisted that its “prohibition would harm consumers by, among other things, depriving them of lower-priced offerings.” They noted that this system is commonly used throughout the United States economy.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_fcc.jpg

fcc

Comcast also argued that its ensures “through contractual provisions that vendors who handle customer-related data have strong measures in place to protect that customer-related data, and that the vendors are prohibited from using that data for any purposes other than as directed by Comcast.”

The company concurs that opt-in agreements should be required when dealing with sensitive information. This kind of information would include financial, health, and children’s information, Social Security numbers, and precise geo-location information. All other information, however, would be subject to opt-out or, in most instances, “implied” consent.  The FCC is currently considering privacy rules that would require broadband providers to obtain consumers’ opt-in consent regardless of whether the information was sensitive or not. Hat tip to HotHardware

IRS Targeting Case Advances, Court Reverses Lower Decision

Posted on by

CONCLUSION

For the reasons set forth above, we affirm the district

court’s dismissal of appellants’ Bivens actions and statutory

claims, but reverse the district court’s dismissal of the actions

for injunctive and declaratory relief and remand for further

proceedings consistent with this opinion.

****

United States Court of Appeals

FOR THE DISTRICT OF COLUMBIA CIRCUIT

Argued April 14, 2016 Decided August 5, 2016

No. 14-5316

TRUE THE VOTE, INC.,

APPELLANT

v.

INTERNAL REVENUE SERVICE, ET AL.,

APPELLEES

Appeal from the United States District Court

*****

Appellants appeal from judgments of the district court

dismissing some of their claims under Rule 12(b)(6) for failure

to state a claim for relief, and others under Rule 12(b)(1) for

lack of jurisdiction, by reason of mootness. See True the Vote,

Inc. v. IRS, 71 F. Supp. 3d 219 (D.D.C. 2014); Linchpins of

Liberty v. United States, 71 F. Supp. 3d 236 (D.D.C. 2014).

Each of the above-named appellants together with numerous coplaintiffs

in the Linchpins of Liberty litigation, filed applications

with the Internal Revenue Service for recognition of tax

exemption as charitable or educational organizations pursuant to

26 U.S.C. § 501(c)(3), (4). As to what happened thereafter, we

construe the complaints in the light most favorable to the

plaintiffs, see Missel v. DHSS, 760 F.3d 1, 4 (D.C. Cir. 2014),

although there is very little factual dispute between the parties

as to the conduct committed by the IRS.

Instead of processing these applications in the normal

course of IRS business, as would have been the case with other

taxpayers, the IRS selected out these applicants for more

rigorous review on the basis of their names, which were in each

instance indicative of a conservative or anti-Administration

orientation, as we will set out in more detail below, and as was

admitted by the Department of Treasury in the 2013 report of

the Treasury Inspector General for Tax Administration

(TIGTA).

The appellants before us, plaintiffs below, are applicants

who were afforded this unequal treatment. They brought the

present actions against the IRS and several of its individual

employees, seeking money damages by way of relief under

Bivens v. Six Unknown Named Agents of Fed. Bureau of

Narcotics, 403 U.S. 388 (1971), and equitable relief by way of

injunction and declaratory judgment. Additionally, the

complaints alleged that the IRS invaded the plaintiffs’ statutory

rights by violating 26 U.S.C. § 6103, by conducting

unauthorized inspection and/or disclosure of tax return

information from their applications and the other information

improperly obtained from them. Read the full decision here.

Edward Snowden has Gone Hollywood

Posted on by

The U.S. v. Edward Snowden criminal complaint is under seal but the cover is here.

New Snowden Movie Depicts Traitor as Hero; Profiting from His Treason May Violate Law

JudicialWatch: The upcoming Hollywood movie about traitor Edward Snowden—criminally charged by the U.S. government under the Espionage Act—portrays the National Security Agency (NSA) subcontractor who leaked top secret information as a courageous patriot. Nothing surprising there considering the film’s Academy award-winning director, Oliver Stone, referred to Snowden as a “hero”back in 2013 when he fled to Moscow to avoid prosecution after betraying his country. Snowden’s illegal disclosures have helped terrorist groups like Al Qaeda and led to the death of innocent people. Last year Snowden began openly engaging with ISIS and Al Qaeda members and supporters via social media.

Image result for edward snowden Buzzfeed

“Snowden has done incalculable damage to the NSA and, in the process, to American national security,” according to University of Virginia Law School Professor Robert F. Turner, who specializes in national security issues and served as Counsel to the President’s Intelligence Oversight Board at the White House. “Officials in position to know said good people have already lost their lives thanks to Snowden. Countless more are likely to lose theirs now that our enemies know our most closely guarded sources and methods of communications intelligence collection.” Turner adds that Snowden is hailed as a hero and “whistleblower” by those who are clueless to the devastation he’s done. “When all of the smoke clears, it may very well be proven that Snowden is the most injurious traitor in American history.”

This would make it illegal to profit from his crimes and the Department of Justice (DOJ) should confiscate all money made by the violators. Snowden is no whistleblower. In fact he violated his secrecy agreement, which means he and his conspirators can’t materially profit from his fugitive status, violation of law, aiding and abetting of a crime and providing material support to terrorism. It’s bad enough that people are profiting from Snowden’s treason, but adding salt to the wound, the Obama administration is doing nothing about it. Judicial Watch has launched an investigation and is using the Freedom of Information Act (FOIA) to obtain records. True whistleblowers and law-abiding intelligence officers such as Lt. Colonel Anthony Shaffer, FBI Special Agent Robert G. Wright and Valerie Plame got release authority in accordance with their secrecy agreement and did not seek money or flee to Russia. A federal appellate court has ruled that government employees, such as Snowden, who signed privacy agreements can’t profit from disclosing information without first obtaining agency approval. The case involved a CIA agent (Frank Snepp) who violated his agreement with the agency by publishing a book. A federal court denied Snepp royalties from his book and an appellate court upheld the ruling, reiterating that the disgraced agent breached the “constructive trust” between him and the government.

Related reading:  Audit of the Federal Bureau of Investigation’s Implementation of Its Next Generation Cyber Initiative

Furthermore, Snowden, Stone and the producers of a 2014 Oscar-winning Snowden film titled “Citizenfour” may be in violation of the Anti-Terrorism Act (ATA), which forbids providing material support or resources for acts of international terrorism. Many deep-pocketed institutions have been sued under the law for providing terrorist organizations or affiliates resources that assisted in the commission of terrorist acts. Just last month the families of victims killed and injured by Hamas filed a $1 billion lawsuit against Facebook under ATA for providing the terrorist group with material support by letting it use its services to help carry out attacks. A number of banks have also been sued under the law for financing terrorist activities, albeit unknowingly.

Both Stone and “Citizenfour” director Laura Poitras had clandestine meetings abroad with Snowden. Stone told a Hollywood trade publication he met Snowden in Russia and that he moved production overseas because filming in the U.S. was too risky. “We didn’t know what the NSA might do, so we ended up in Munich, which was a beautiful experience,” Stone said. Poitras actually collaborated with Snowden’s defection to China then Russia and had email communication with him before he committed his crimes so she had foreknowledge. This is all included in her documentary. On May 20, 2013 Snowden flew to Hong Kong to meet with British journalists and Poitras. He gave them thousands of classified documents and Poitras became known as the woman who helped Snowden spill his secrets, or rather commit treason. When Citizenfour won the 2015 Academy Award, Poitras was joined by Snowden’s girlfriend during her acceptance speech at the Dolby Theater in Hollywood, California. “The disclosures that Edward Snowden revealed don’t only expose a threat to our privacy but to our democracy itself,” Poitras said in her acceptance speech. “Thank you to Edward Snowden for his courage and for the many other whistleblowers.”

Snowden remains a fugitive from U.S. law protected by Russia. On June 14, 2013, federal prosecutors charged him with “theft of government Property,” “unauthorized communication of national defense information” and “willful communication of classified communications intelligence information to an unauthorized person.” Al Qaeda keeps using information leaked by Snowden to help its fighters evade surveillance technology, according to a British newspaper report. “The terrorist group has issued new video guidance based on what they have learnt about Western spying methods from the Snowden disclosures which have been made public on the internet,” the article states. “The move confirms the worst fears of British and American intelligence chiefs who warned that Snowden’s betrayal would play into the hands of the terrorists. The video even uses footage of news reports of the Snowden leak, highlighting how ‘NSA is tracking millions of phones.’”

New Color-coded Cyber Threats

Posted on by

Remember when the Democrats and lobby groups ridiculed George W. Bush for using a color coded threat matrix? Carry on….

The White House now has a color-coded scale for cyber-security threat

TheVerge:  As the Obama administration nears its final months, the White House has released a framework for handling cyberattacks. The Presidential Policy Directive on United States Cyber Incident Coordination builds on the action plan that Obama laid out earlier this year, and it’s intended to create a clear standard of when and how government agencies will handle incidents. It also comes with a new threat level scale, assigning specific colors and response levels to the danger of a hack.

The cyberattack severity scale is somewhat vague, but it’s supposed to make sure that the agencies involved in cybersecurity — the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence — respond to threats with the same level of urgency and investment. A Level One incident is “unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence,” while a red Level Four one is “likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.” One final designation — Level Five, or black — covers anything that “poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of US persons.”

The upshot of this is that anything at Level Three or above will trigger a coordination effort to address the threat. In addition to the groups above, this effort will include the company, organization, or agency that was attacked.

Cybersecurity is a growing concern, and both Congress and the White House have spent the past several years pushing various frameworks for shoring it up. This includes a series of hotly debated bills that culminated in the Cyber Information Sharing Act, which has raised privacy questions as it’s been put into practice. At the same time, high-profile hacks have led to serious consequences for companies like Sony Pictures, Target, and Ashley Madison. Most recently, an unknown hacker or hackers — potentially linked to Russia — breached the Democratic National Committee’s servers, releasing large numbers of embarrassing documents and emails. This announcement doesn’t tell us exactly how the federal government will handle future cyberattacks, but along with everything else, it does signal that they’re becoming a more and more standard part of the security equation.

*****

From the White House FACT SHEET: Presidential Policy Directive

The PPD builds on these lessons and institutionalizes our cyber incident coordination efforts in numerous respects, including:

  • Establishing clear principles that will govern the Federal government’s activities in cyber incident response;
  • Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents;
  • Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident;
  • Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies;
  • Applying these policies and procedures to incidents where a Federal department or agency is the victim; and,
  • Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies, such as those implemented through Presidential Policy Directive 8-National Preparedness, so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

We also are releasing today a cyber incident severity schema that establishes a common framework within the Federal government for evaluating and assessing the severity of cyber incidents and will help identify significant cyber incidents to which the PPD’s coordination procedures would apply.

Incident Response Principles

The PPD outlines five principles that will guide the Federal government during any cyber incident response:

  • Shared Responsibility – Individuals, the private sector, and government agencies have a shared vital interest and complementary roles and responsibilities in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences.
  • Risk-Based Response – The Federal government will determine its response actions and  resource needs based on an assessment of the risks posed to an entity, national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
  • Respecting Affected Entities – Federal government responders will safeguard details of the incident, as well as privacy and civil liberties, and sensitive private sector information.
  • Unity of Effort – Whichever Federal agency first becomes aware of a cyber incident will rapidly notify other relevant Federal agencies in order to facilitate a unified Federal response and ensure that the right combination of agencies responds to a particular incident.
  • Enabling Restoration and Recovery – Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, balancing investigative and national security requirements with the need to return to normal operations as quickly as possible.

Significant Cyber Incidents

While the Federal government will adhere to the five principles in responding to any cyber incident, the PPD’s policies and procedures are aimed at a particular class of cyber incident: significant cyber incidents.  A significant cyber incident is one that either singularly or as part of a group of related incidents is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

When a cyber incident occurs, determining its potential severity is critical to ensuring the incident receives the appropriate level of attention.  No two incidents are the same and, particularly at the initial stages, important information, including the nature of the perpetrator, may be unknown.

Therefore, as part of the process of developing the incident response policy, the Administration also developed a common schema for describing the severity of cyber incidents, which can include credible reporting of a cyber threat, observed malicious cyber activity, or both.  The schema establishes a common framework for evaluating and assessing cyber incidents to ensure that all Federal departments and agencies have a common view of the severity of a given incident, the consequent urgency of response efforts, and the need for escalation to senior levels.

The schema describes a cyber incident’s severity from a national perspective, defining six levels, zero through five, in ascending order of severity.  Each level describes the incident’s potential to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.  An incident that ranks at a level 3 or above on this schema is considered “significant” and will trigger application of the PPD’s coordination mechanisms.

Lines of Effort and Lead Agencies

To establish accountability and enhance clarity, the PPD organizes Federal response activities into three lines of effort and establishes a Federal lead agency for each:

  • Threat response activities include the law enforcement and national security investigation of a cyber incident, including collecting evidence, linking related incidents, gathering intelligence, identifying opportunities for threat pursuit and disruption, and providing attribution.   The Department of Justice, acting through the Federal Bureau of Investigation (FBI) and the National Cyber Investigative Joint Task Force (NCIJTF), will be the Federal lead agency for threat response activities.
  • Asset response activities include providing technical assets and assistance to mitigate vulnerabilities and reducing the impact of the incident, identifying and assessing the risk posed to other entities and mitigating those risks, and providing guidance on how to leverage Federal resources and capabilities.   The Department of Homeland Security (DHS), acting through the National Cybersecurity and Communications Integration Center (NCCIC), will be the Federal lead agency for asset response activities.  The PPD directs DHS to coordinate closely with the relevant Sector-Specific Agency, which will depend on what kind of organization is affected by the incident.
  • Intelligence Support and related activities include intelligence collection in support of investigative activities, and integrated analysis of threat trends and events to build situational awareness and to identify knowledge gaps, as well as the ability to degrade or mitigate adversary threat capabilities.  The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, will be the Federal lead agency for intelligence support and related activities.

In addition to these lines of effort, a victim will undertake a wide variety of response activities in order to maintain business or operational continuity in the event of a cyber incident.  We recognize that for the victim, these activities may well be the most important.  Such efforts can include communications with customers and the workforce; engagement with stakeholders, regulators, or oversight bodies; and recovery and reconstitution efforts.   When a Federal agency is a victim of a significant cyber incident, that agency will be the lead for this fourth line of effort.  In the case of a private victim, the Federal government typically will not play a role in this line of effort, but will remain cognizant of the victim’s response activities consistent with these principles and coordinate with the victim.

Coordination Architecture

In order to facilitate the more coordinated, integrated response demanded by significant cyber incidents, the PPD establishes a three-tiered coordination architecture for handling those incidents:

National Policy Level:  The PPD institutionalizes the National Security Council-chaired interagency Cyber Response Group (CRG).  The CRG will coordinate the development and implementation of United States Government policy and strategy with respect to significant cyber incidents affecting the United States or its interests abroad.

National Operational Level:  The PPD directs agencies to take two actions at the national operational level in the event of a significant cyber incident.

  • Activate enhanced internal coordination procedures.  The PPD instructs agencies that regularly participate in the Cyber Response Group to develop these procedures to ensure that they can surge effectively when confronted with an incident that exceeds their day-to-day operational capacity.
  • Create a Unified Coordination Group.  In the event of a significant cyber incident, the PPD provides that the lead agencies for each line of effort, along with relevant Sector-Specific Agencies (SSAs), state, local, tribal and territorial governments, international counterparts, and private sector entities, will form a Cyber Unified Coordination Group (UCG) to coordinate response activities.  The Cyber UCG shall coordinate the development, prioritization, and execution of cyber response efforts, facilitate rapid information sharing among UCG members, and coordinate communications with stakeholders, including the victim entity.

Field Level:  The PPD directs the lead agencies for each line of effort to coordinate their interaction with each other and with the affected entity.

Integration with Existing Response Policy

The PPD also integrates U.S. cyber incident coordination policy with key aspects of existing Federal preparedness policy to ensure that the Nation will be ready to manage incidents that include both cyber and physical effects, such as a significant power outage resulting from malicious cyber activity.  The PPD will be implemented by the Federal government consistent with existing preparedness and response efforts.

Implementation tasks

The PPD also directs several follow-on tasks in order to ensure its full implementation.  In particular, it requires that the Administration develop and finalize the National Cyber Incident Response Plan – in coordination with State, Local, Territorial, and Tribal governments, the private sector, and the public – to further detail how the government will manage cyber incidents affecting critical infrastructure.  It also directs DHS and DOJ to develop a concept of operations for how a Cyber UCG will operate and for the NSC to update the charter for the CRG.