Category Archives: Gangs and Crimes

National Guard Activated in Milwaukee, it Began this Way

Posted on by

Sylville Smith: 5 Fast Facts You Need to Know, Courtesy of Heavy
sylville smith, syville smith, sylville smith milwaukee, sylville smith police shooting, sylville smith photos, sylville smith pictures, sylville smith facebook

Sylville Smith was fatally shot by police in Milwaukee, Wisconsin, leading to riots in the city’s North Side. (Facebook)

A 23-year-old black man armed with a stolen gun was fatally shot Saturday afternoon by police in Milwaukee during a foot pursuit, authorities say.

The man has been identified as Sylville Smith, police said. Smith was shot in the chest and arm, Milwaukee Mayor Tom Barrett said.

He fled from a car during a traffic stop Saturday about 2:30 p.m. in the Wisconsin city’s North Side, police said in a press release. He was chased by two officers and was shot during the foot pursuit, according to police.

Peaceful protests turned to violent unrest Saturday night. One police officer was hospitalized after a brick was thrown through his windshield. Three others were hospitalized with unspecified injuries, but all were released by Sunday morning. Six buildings and several vehicles were burned, including a police car. Seventeen arrests were made, officials said.

The scene was calm Sunday morning, with community members gathering to cleanup and hold a prayer service. Governor Scott Walker activated the state’s National Guard as a precaution. They will be available to assist police Sunday if needed.

The investigation into the shooting is being conducted by the Wisconsin Department of Justice’s Division of Criminal Investigation. The Milwaukee County District Attorney’s Office will then review the findings of that investigation.

The officer who shot Smith has been placed on administrative leave. His name has not been released, but police say he is a 24-year-old man who has been with the department for six years. He has worked as an officer for three years.

The officer is black, Police Chief Edward Flynn said Sunday at a press conference.

1. The Officers at the Scene of the Shooting Were Wearing Body Cameras, the Mayor Says

Milwaukee Police say the incident began when two uniformed officers stopped a car with two people inside in the 3200 block of North 44th Street about 3:30 p.m. Saturday.

“Shortly after stopping the suspects, both occupants fled from the car on foot. The officers pursued the suspects, and during the foot pursuit one officer shot one suspect, armed with a semiautomatic handgun,” police said in a press release.”

Sylville Smith died at the scene, police said.

The shooting happened in a yard in the 3200 block of North 44th Street, police said.

Police said the other suspect, who has not been named, was taken into custody and is facing charges.

Mayor Tom Barrett said the two officers involved in the chase and shooting were wearing body cameras, WISN-TV reports. The cameras were operational, Barrett said.

He said the officer ordered the man to drop his gun twice and then fired several times when he refused. Barrett said a photo from the body camera clearly shows Smith had the gun in his hand when he was killed.

2. A Loaded Gun Stolen From a Home During a Burglary Was Found After the Shooting

Police said the semiautomatic handgun recovered at the scene was stolen in a burglary from a home in Waukesha, Wisconsin, in March 2016. The burglary victim said 500 rounds of ammunition were also taken.

Mayor Tom Barrett told reporters the gun was loaded, according to The Associated Press.

“This stop took place because two officers … saw suspicious activity,” Barrett said. “There were 23 rounds in that gun that that officer was staring at. I want to make sure we don’t lose any police officers in this community, either.”

Milwaukee Police Assistant Chief Bill Jessup told the Journal Sentinel it has not been determined if the gun was pointed at the officer or if shots were fired by the suspect.

“That officer had to make a split-second decision when the person confronted him with a handgun,” Jessup said. “This is a risk they take every day on behalf of our community.”

The shooting came after five fatal shootings during a nine-hour stretch from Friday night to Saturday morning. It occurred just blocks from three of those homicides, police told the Journal Sentinel.

“As everyone knows, this was a very, very violent 24 hours in the city of Milwaukee,” Jessup said. “Our officers are out here taking risks on behalf of the community and making split-second decisions.”

3. Smith’s Criminal Record, Which Police Called ‘Lengthy,’ Included a Misdemeanor Conviction for Carrying a Concealed Weapon & Traffic Offenses

Police said in a press release that the 23-year-old man who was fatally shot had a “lengthy arrest record.”

A search of Wisconsin court records revealed several arrests, but only one misdemeanor conviction for Sylville Smith. His record also included traffic offenses. No felony convictions were found.

The misdemeanor conviction, for carrying a concealed weapon, came in July 2014. He pleaded guilty to the charge and was fined $443 and ordered to serve one day in jail.

His record also included guilty findings on traffic offenses for speeding, operating a motor vehicle without insurance, possession of open intoxicants in a motor vehicle and operating a motor vehicle with a suspended license.

Smith was arrested in 2015 on a charge of intimidating a witness by a person charged with a felony, which is itself a felony offense. The case was dropped later that year by the prosecutor.

He was also charged with first-degree recklessly endangering safety, a felony, and misdemeanor possession of THC earlier in 2015. Those charges were dismissed by a judge based on a motion by the defense.

According to the Journal Sentinel, both cases stemmed from a February 2015 shooting in which he was a suspect.

Smith was accused of calling his girlfriend from jail to tell her to call the victim in the shooting case to get him to fill out a sworn affidavit saying Smith didn’t commit the crime, according to court documents obtained by the Journal Sentinel.

The victim recanted his identification of Smith and the case was dropped after the victim did not show up to court and was uncooperative, the newspaper reports.

In 2013, Smith was charged with retail theft, but that case as also dropped by the prosecutor. Go here for more details, facts and videos from Heavy.

 

Who in Govt is Whistleblowing on Immigration/Asylum Detention?

Posted on by
This event was hosted by Jones Day Law firm in Washington DC. The policies currently being applied by DHS, ICE and Customs and Border Patrol have officially been challenged as noted in this video of the The U.S. Commission on International Religious Freedom and Human Rights First hosted a discussion on removal and detention of refugees seeking asylum in the U.S.

See the video here. While the session was almost 4 hours, please take the time to listen to the first two panelists…that will explain their mission and the links below. Moving forward, you will be able to better understand Barack Obama’s presentation next month at the United Nations, Jeh Johnson’s position and that of presidential candidate Hillary Clinton. Note that at no time is there a discussion about creating conditions by which globally migrants, refugees, asylum seekers would not have to leave their home countries in the first place.

Note also that the real human rights violations are happening in home countries yet no country leadership be it Mexico, El Salvador, Honduras, Syria, Iraq or Sudan has been brought before any tribunal for violations or war crimes.

2015 Annual Report

Click here to view USCIRF’s 2015 Annual Report

Click here to view USCIRF’s 2015 Annual Report Transmission Letters

2015 Annual Report Introduction

2015 Annual Report Overview

2015 Annual Report Prisoner Lists

It is a division of the State Department called United States Commission on International Religious FreedomUnited States Commission on International Religious Freedom

The Office of International Religious Freedom has the mission of promoting religious freedom as a core objective of U.S. foreign policy. The office is headed by the Ambassador-at-Large for International Religious Freedom, David N. Saperstein. We monitor religious persecution and discrimination worldwide, recommend and implement policies in respective regions or countries, and develop programs to promote religious freedom.

Given the U.S. commitment to religious freedom, and to the international covenants that guarantee it as the inalienable right of every human being, the United States seeks to:

  • Promote freedom of religion and conscience throughout the world as a fundamental human right and as a source of stability for all countries;
  • Assist emerging democracies in implementing freedom of religion and conscience;
  • Assist religious and human rights NGOs in promoting religious freedom;
  • Identify and denounce regimes that are severe persecutors on the basis of religious belief.

The office carries out its mission through:

  • The Annual Report on International Religious Freedom. The report contains an introduction, executive summary, and a chapter describing the status of religious freedom in each of 195 countries throughout the world. Mandated by, and presented to, the U.S. Congress, the report is a public document available online and in book form from the U.S. Government Printing Office.
  • The designation by the Secretary of State (under authority delegated by the President) of nations guilty of particularly severe violations of religious freedom as “Countries of Particular Concern” under the International Religious Freedom Act of 1998 (H.R. 2431) and its amendment of 1999 (Public Law 106-55). Nations so designated are subject to further actions, including economic sanctions, by the United States.
  • Meetings with foreign government officials at all levels, as well as religious and human rights groups in the United States and abroad, to address problems of religious freedom.
  • Testimony before the United States Congress on issues of international religious freedom.
  • Close cooperation with the independent United States Commission on International Religious Freedom.
  • Sponsorship of reconciliation programs in disputes which divide groups along lines of religious identity. The office seeks to support NGOs that are promoting reconciliation in such disputes.
  • Programs of outreach to American religious communities.

The Mafia, Cosa Nostra was Just Arrested 46

Posted on by

6FBI rounds up nearly 50 mob suspects accused of litany of mafia crimes

The 46 defendants include alleged Philadelphia mob boss Joseph ‘Skinny Joey’ Merlino and New York crime figure Pasquale “Patsy” Parrello

Related reading: United States vs. JOSEPH MERLINO, FRANK GAMBINO, : RALPH ABRUZZI, STEVEN FRANGIPANI, : and ANTHONY ACCARDO criminal complaint

Joseph ‘Skinny Joey’ Merlino pictured in 2014. The alleged head of the Philadelphia mob was named in a federal indictment on Thursday charged with a range of crimes including extortion and fraud.Joseph ‘Skinny Joey’ Merlino pictured in 2014. The alleged head of the Philadelphia mob was named in a federal indictment on Thursday charged with a range of crimes including extortion and fraud. Photograph: Yong Kim/AP

Guardian: Nearly 50 alleged mobsters have been charged by US prosecutors with being part of an east coast crime syndicate.

The 46 suspects include an old-school mafioso in New York and a reputed mob chieftain in Philadelphia who has been pursued by the government for decades.

The indictment, unsealed in New York City, accuses the defendants of a litany of classic mafia crimes, including extortion, loansharking, casino-style gambling, sports gambling, credit card fraud and health care fraud. It said the syndicate operated in New York, Massachusetts, Pennsylvania, Florida and New Jersey.

Among those charged was Joseph “Skinny Joey” Merlino, the flamboyant alleged head of the Philadelphia mob who has repeatedly beat murder charges in past cases, but served nearly 12 years in prison for racketeering.

Also named in the indictment was Pasquale “Patsy” Parrello, identified as a longtime member of the Genovese organized crime family and the owner of an Italian restaurant in New York City.

Related reading: Indictment

Related reading: U.S. Attorney’s Office List of Charges document

Parrello, 72, pleaded not guilty to racketeering conspiracy and other charges at his arraignment in federal court in Manhattan.

He was detained without bail after prosecutors argued in court papers that he was a danger because of his “appetite and capacity for vengeance, control, and violence”. His attorney declined comment outside court.

Merlino, also was ordered held without bail at a hearing in West Palm Beach, Florida. His longtime lawyer, Ed Jacobs, declined to comment on the allegations, saying he hadn’t yet studied the indictment.

Prosecutors said 39 of those charged were arrested on Thursday. Alleged members of four New York crime families were among the defendants. During the arrests, agents seized three handguns, a shotgun, gambling paraphernalia and more than $30,000 in cash.

Diego Rodriguez, head of the FBI’s New York office, said the indictment “reads like an old school mafia novel”.

One count accuses Parrello, 72, of ordering a beating in 2011 of a panhandler he believed was harassing female customers outside his restaurant, Pasquale Rigoletto, on Arthur Avenue in the Bronx.

“Break his … knees,” he said, according to prosecutors. The panhandler was “assaulted with glass jars, sharp objects and steel-tipped boots, causing bodily harm”, the court papers said.

Afterward one of his cohorts was recorded saying: “Remember the old days in the neighborhood when we used to play baseball? … A ballgame like that was done,” the papers said.

Prosecutors also said that in 2013, Parello ordered retaliation against a man who stabbed a member of his crew outside a Bronx bar.

After an associate agreed to “whack” the attacker, Parrello cautioned him to “keep the pipes handy and pipe him, pipe him, over here (gesturing to the knees), not on his head,” court papers said.

Merlino, 54, who became a restaurateur in Boca Raton, Florida, following his release from prison, was implicated in a health care fraud scheme with Parrello and others. Investigators said the conspirators got corrupt doctors to bill insurers for unnecessary and excessive prescriptions for expensive compound creams in exchange for kickbacks.

A magistrate judge in West Palm Beach, Florida, ordered Merlino held without bail pending a detention hearing on Tuesday. In papers arguing against his release, prosecutors said he “been captured on recordings supervising a number of individuals, questioning whether certain associates were ’rats.’”

In Massachusetts, five alleged associates of the New York-based Genovese crime family were arrested on extortion-related charges as part of the sweep. Four men were arrested in New Jersey.

Like Merlino, several other of the defendants, including Parrello, have records of mob-related convictions and prison time. One of the lesser-known defendants, Bradford Wedra, interrupted a hearing on Thursday where he pleaded not guilty to complain to the judge that he was broke after completing a 25-year sentence in another case.

“Now, I’m home and I can’t afford nothing,” he said before he was given a court-appointed lawyer.

What you Need to Know About IDI and Why

Posted on by

This Company Has Built a Profile on Every American Adult

Every move you make. Every click you take. Every game you play. Every place you stay. They’ll be watching you.

Bloomberg: Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.

IDI, a year-old company in the so-called data-fusion business, is the first to centralize and weaponize all that information for its customers. The Boca Raton, Fla., company’s database service, idiCORE, combines public records with purchasing, demographic, and behavioral data. Chief Executive Officer Derek Dubner says the system isn’t waiting for requests from clients—it’s already built a profile on every American adult, including young people who wouldn’t be swept up in conventional databases, which only index transactions. “We have data on that 21-year-old who’s living at home with mom and dad,” he says.

Dubner declined to provide a demo of idiCORE or furnish the company’s report on me. But he says these personal profiles include all known addresses, phone numbers, and e-mail addresses; every piece of property ever bought or sold, plus related mortgages; past and present vehicles owned; criminal citations, from speeding tickets on up; voter registration; hunting permits; and names and phone numbers of neighbors. The reports also include photos of cars taken by private companies using automated license plate readers—billions of snapshots tagged with GPS coordinates and time stamps to help PIs surveil people or bust alibis.

IDI also runs two coupon websites, allamericansavings.com and samplesandsavings.com, that collect purchasing and behavioral data. When I signed up for the latter, I was asked for my e-mail address, birthday, and home address, information that could easily link me with my idiCORE profile. The site also asked if I suffered from arthritis, asthma, diabetes, or depression, ostensibly to help tailor its discounts.

Users and industry analysts say the addition of purchasing and behavioral data to conventional data fusion outmatches rival systems in terms of capabilities—and creepiness. “The cloud never forgets, and imperfect pictures of you composed from your data profile are carefully filled in over time,” says Roger Kay, president of Endpoint Technologies Associates, a consulting firm. “We’re like bugs in amber, completely trapped in the web of our own data.”

When logging in to IDI and similar databases, a PI must select a permissible use for a search under U.S. privacy laws. The Federal Trade Commission oversees the industry, but PI companies are largely expected to police themselves, because a midsize outfit may run thousands of searches a month.

Dubner says most Americans have little to fear. As examples, he cites idiCORE uses such as locating a missing person and nabbing a fraud or terrorism suspect.

IDI, like much of the data-fusion industry, traces its lineage to Hank Asher, a former cocaine smuggler and self-taught programmer who began fusing sets of public data from state and federal governments in the early 1990s. After Sept. 11, law enforcement’s interest in commercial databases grew, and more money and data began raining down, says Julia Angwin, a reporter who wrote about the industry in her 2014 book, Dragnet Nation.

Asher died suddenly in 2013, leaving behind his company, the Last One (TLO), which credit bureau TransUnion bought in bankruptcy for $154 million. Asher’s disciples, including Dubner, left TLO and eventually teamed up with Michael Brauser, a former business partner of Asher’s, and billionaire health-care investor Phillip Frost. In May 2015, after a flurry of purchases and mergers, the group rebranded its database venture as IDI.

Besides pitching its databases to big-name PIs (Kroll, Control Risks), law firms, debt collectors, and government agencies, IDI says it’s also targeting consumer marketers. The 200-employee company had revenue of about $40 million in its most recent quarter and says 2,800 users signed up for idiCORE in the first month after its May release. It declined to provide more recent figures. The company’s data sets are growing, too. In December, Frost helped underwrite IDI’s $100 million acquisition of marketing profiler Fluent, which says it has 120 million profiles of U.S. consumers. In June, IDI bought ad platform Q Interactive for a reported $21 million in stock.

IDI may need Frost’s deep pockets for a while. The PI industry’s three favorite databases are owned by TransUnion and media giants Reed Elsevier and Thomson Reuters. “There’s no shortage,” says Chuck McLaughlin, chairman of the board of the World Association of Detectives, which has about 1,000 members. “The longer you’re in business, the more data you have, the better results.” He uses TLO and Tracers Information Specialists.

Steve Rambam, a PI who hosts Nowhere to Hide on the Investigation Discovery channel, says marketing data remains a niche monitoring tool compared with social media, but its power can be unparalleled. “You may not know what you do on a regular basis, but I know,” Rambam says. “I know it’s Thursday, you haven’t eaten Chinese food in two weeks, and I know you’re due.”

Wait…there is another problem you don’t know about.

Comcast Lobbies To Charge Customers More To Protect Their Online Privacy
Internet providers are still hashing out issues with the FCC. In particular, Comcast is currently defend its “pay-for-privacy” model to the FCC [PDF]. Comcast has even contended that  “the FCC has no authority to prohibit or limit these types of programs.”

So what exactly is the “pay-for-privacy” system? Essentially, companies like Comcast offers discounts to customers in exchange for allowing ISP’s to use their data. Comcast then floods these customers with various behaviorally-targeted ads. Customers who prefer privacy over pricing are charged a premium.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_comcast_office.jpg

comcast office

Several weeks ago a number of lawmakers urged the FCC to ban the “pay-for-privacy” system. They argued that this pricing pyramid is particularly harmful to elderly customers who do not necessarily understand how ISP’s work and low-income customers who cannot afford to pay the privacy premium. Members of Congress noted that Comcast’s policies are “counter to our nation’s core principle that all Americans have a fundamental right to privacy.”

Comcast argued that the “pay-for-privacy” model actually benefits elderly and low-income customers. They insisted that its “prohibition would harm consumers by, among other things, depriving them of lower-priced offerings.” They noted that this system is commonly used throughout the United States economy.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_fcc.jpg

fcc

Comcast also argued that its ensures “through contractual provisions that vendors who handle customer-related data have strong measures in place to protect that customer-related data, and that the vendors are prohibited from using that data for any purposes other than as directed by Comcast.”

The company concurs that opt-in agreements should be required when dealing with sensitive information. This kind of information would include financial, health, and children’s information, Social Security numbers, and precise geo-location information. All other information, however, would be subject to opt-out or, in most instances, “implied” consent.  The FCC is currently considering privacy rules that would require broadband providers to obtain consumers’ opt-in consent regardless of whether the information was sensitive or not. Hat tip to HotHardware

New Color-coded Cyber Threats

Posted on by

Remember when the Democrats and lobby groups ridiculed George W. Bush for using a color coded threat matrix? Carry on….

The White House now has a color-coded scale for cyber-security threat

TheVerge:  As the Obama administration nears its final months, the White House has released a framework for handling cyberattacks. The Presidential Policy Directive on United States Cyber Incident Coordination builds on the action plan that Obama laid out earlier this year, and it’s intended to create a clear standard of when and how government agencies will handle incidents. It also comes with a new threat level scale, assigning specific colors and response levels to the danger of a hack.

The cyberattack severity scale is somewhat vague, but it’s supposed to make sure that the agencies involved in cybersecurity — the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence — respond to threats with the same level of urgency and investment. A Level One incident is “unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence,” while a red Level Four one is “likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.” One final designation — Level Five, or black — covers anything that “poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of US persons.”

The upshot of this is that anything at Level Three or above will trigger a coordination effort to address the threat. In addition to the groups above, this effort will include the company, organization, or agency that was attacked.

Cybersecurity is a growing concern, and both Congress and the White House have spent the past several years pushing various frameworks for shoring it up. This includes a series of hotly debated bills that culminated in the Cyber Information Sharing Act, which has raised privacy questions as it’s been put into practice. At the same time, high-profile hacks have led to serious consequences for companies like Sony Pictures, Target, and Ashley Madison. Most recently, an unknown hacker or hackers — potentially linked to Russia — breached the Democratic National Committee’s servers, releasing large numbers of embarrassing documents and emails. This announcement doesn’t tell us exactly how the federal government will handle future cyberattacks, but along with everything else, it does signal that they’re becoming a more and more standard part of the security equation.

*****

From the White House FACT SHEET: Presidential Policy Directive

The PPD builds on these lessons and institutionalizes our cyber incident coordination efforts in numerous respects, including:

  • Establishing clear principles that will govern the Federal government’s activities in cyber incident response;
  • Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents;
  • Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident;
  • Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies;
  • Applying these policies and procedures to incidents where a Federal department or agency is the victim; and,
  • Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies, such as those implemented through Presidential Policy Directive 8-National Preparedness, so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

We also are releasing today a cyber incident severity schema that establishes a common framework within the Federal government for evaluating and assessing the severity of cyber incidents and will help identify significant cyber incidents to which the PPD’s coordination procedures would apply.

Incident Response Principles

The PPD outlines five principles that will guide the Federal government during any cyber incident response:

  • Shared Responsibility – Individuals, the private sector, and government agencies have a shared vital interest and complementary roles and responsibilities in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences.
  • Risk-Based Response – The Federal government will determine its response actions and  resource needs based on an assessment of the risks posed to an entity, national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
  • Respecting Affected Entities – Federal government responders will safeguard details of the incident, as well as privacy and civil liberties, and sensitive private sector information.
  • Unity of Effort – Whichever Federal agency first becomes aware of a cyber incident will rapidly notify other relevant Federal agencies in order to facilitate a unified Federal response and ensure that the right combination of agencies responds to a particular incident.
  • Enabling Restoration and Recovery – Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, balancing investigative and national security requirements with the need to return to normal operations as quickly as possible.

Significant Cyber Incidents

While the Federal government will adhere to the five principles in responding to any cyber incident, the PPD’s policies and procedures are aimed at a particular class of cyber incident: significant cyber incidents.  A significant cyber incident is one that either singularly or as part of a group of related incidents is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

When a cyber incident occurs, determining its potential severity is critical to ensuring the incident receives the appropriate level of attention.  No two incidents are the same and, particularly at the initial stages, important information, including the nature of the perpetrator, may be unknown.

Therefore, as part of the process of developing the incident response policy, the Administration also developed a common schema for describing the severity of cyber incidents, which can include credible reporting of a cyber threat, observed malicious cyber activity, or both.  The schema establishes a common framework for evaluating and assessing cyber incidents to ensure that all Federal departments and agencies have a common view of the severity of a given incident, the consequent urgency of response efforts, and the need for escalation to senior levels.

The schema describes a cyber incident’s severity from a national perspective, defining six levels, zero through five, in ascending order of severity.  Each level describes the incident’s potential to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.  An incident that ranks at a level 3 or above on this schema is considered “significant” and will trigger application of the PPD’s coordination mechanisms.

Lines of Effort and Lead Agencies

To establish accountability and enhance clarity, the PPD organizes Federal response activities into three lines of effort and establishes a Federal lead agency for each:

  • Threat response activities include the law enforcement and national security investigation of a cyber incident, including collecting evidence, linking related incidents, gathering intelligence, identifying opportunities for threat pursuit and disruption, and providing attribution.   The Department of Justice, acting through the Federal Bureau of Investigation (FBI) and the National Cyber Investigative Joint Task Force (NCIJTF), will be the Federal lead agency for threat response activities.
  • Asset response activities include providing technical assets and assistance to mitigate vulnerabilities and reducing the impact of the incident, identifying and assessing the risk posed to other entities and mitigating those risks, and providing guidance on how to leverage Federal resources and capabilities.   The Department of Homeland Security (DHS), acting through the National Cybersecurity and Communications Integration Center (NCCIC), will be the Federal lead agency for asset response activities.  The PPD directs DHS to coordinate closely with the relevant Sector-Specific Agency, which will depend on what kind of organization is affected by the incident.
  • Intelligence Support and related activities include intelligence collection in support of investigative activities, and integrated analysis of threat trends and events to build situational awareness and to identify knowledge gaps, as well as the ability to degrade or mitigate adversary threat capabilities.  The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, will be the Federal lead agency for intelligence support and related activities.

In addition to these lines of effort, a victim will undertake a wide variety of response activities in order to maintain business or operational continuity in the event of a cyber incident.  We recognize that for the victim, these activities may well be the most important.  Such efforts can include communications with customers and the workforce; engagement with stakeholders, regulators, or oversight bodies; and recovery and reconstitution efforts.   When a Federal agency is a victim of a significant cyber incident, that agency will be the lead for this fourth line of effort.  In the case of a private victim, the Federal government typically will not play a role in this line of effort, but will remain cognizant of the victim’s response activities consistent with these principles and coordinate with the victim.

Coordination Architecture

In order to facilitate the more coordinated, integrated response demanded by significant cyber incidents, the PPD establishes a three-tiered coordination architecture for handling those incidents:

National Policy Level:  The PPD institutionalizes the National Security Council-chaired interagency Cyber Response Group (CRG).  The CRG will coordinate the development and implementation of United States Government policy and strategy with respect to significant cyber incidents affecting the United States or its interests abroad.

National Operational Level:  The PPD directs agencies to take two actions at the national operational level in the event of a significant cyber incident.

  • Activate enhanced internal coordination procedures.  The PPD instructs agencies that regularly participate in the Cyber Response Group to develop these procedures to ensure that they can surge effectively when confronted with an incident that exceeds their day-to-day operational capacity.
  • Create a Unified Coordination Group.  In the event of a significant cyber incident, the PPD provides that the lead agencies for each line of effort, along with relevant Sector-Specific Agencies (SSAs), state, local, tribal and territorial governments, international counterparts, and private sector entities, will form a Cyber Unified Coordination Group (UCG) to coordinate response activities.  The Cyber UCG shall coordinate the development, prioritization, and execution of cyber response efforts, facilitate rapid information sharing among UCG members, and coordinate communications with stakeholders, including the victim entity.

Field Level:  The PPD directs the lead agencies for each line of effort to coordinate their interaction with each other and with the affected entity.

Integration with Existing Response Policy

The PPD also integrates U.S. cyber incident coordination policy with key aspects of existing Federal preparedness policy to ensure that the Nation will be ready to manage incidents that include both cyber and physical effects, such as a significant power outage resulting from malicious cyber activity.  The PPD will be implemented by the Federal government consistent with existing preparedness and response efforts.

Implementation tasks

The PPD also directs several follow-on tasks in order to ensure its full implementation.  In particular, it requires that the Administration develop and finalize the National Cyber Incident Response Plan – in coordination with State, Local, Territorial, and Tribal governments, the private sector, and the public – to further detail how the government will manage cyber incidents affecting critical infrastructure.  It also directs DHS and DOJ to develop a concept of operations for how a Cyber UCG will operate and for the NSC to update the charter for the CRG.