Russian Special Forces now in Libya

Image result for Khalifa Haftar libya oil ports Haftar was protected by and lived in the U.S., becoming a citizen. We dispatched him to Libya to launch an interim government. Now he and Egypt both have turned to Russia for full control and support, Putin has complied, happily. John Kerry, Hillary Clinton and Barack Obama are not responding to calls on line 4. Hah…

BBC: Forces loyal to Libyan military strongman Khalifa Haftar say they have retaken key oil-rich areas in the country’s east.

Ground, sea and air forces were engaged in the fight for sites at Ras Lanuf, Sidra and Ben Jawad from a rival Islamist militia, a spokesman said.

Meanwhile, Russia has denied reports that it has deployed special forces to the region in support of Gen Haftar. {See below, emphasis added}

Libya has been in chaos since the overthrow of Colonel Gaddafi in 2011.

The oil terminals had been seized by the Benghazi Defence Brigades (BDB) – a mix of militias that includes Islamists – earlier this month, which then handed them over to the Petroleum Facilities Guard, affiliated to the UN-backed unity government based in Tripoli.

Gen Haftar is allied to an administration based in the eastern city of Tobruk, which is challenging the authority of the UN-backed government.

Russia moving special forces into Libya

U.S. sources claim Russia moving special forces into Libya to aid Libyan military commander Khalifa Haftar.

U.S., Egyptian and diplomatic sources say that Russia has apparently been moving special forces to an airbase in western Egypt near the border with Libya in recent days, according to a report by Reuters.

Image result for Khalifa Haftar Newsweek

The U.S. is concerned that such a Russian deployment may signify Russian support for Libyan military commander Khalifa Haftar, who suffered a setback on March 3 when the Benghazi Defense Brigades (BDB) attacked oil ports controlled by his forces.

U.S. officials claimed that their surveillance units had observed Russian special operations forces and unmanned aircraft at Sidi Barrani, which is about 100 km from the Egypt-Libya border. The apparent Russian deployments have not been previously reported.

The Russian defense ministry did not respond to these claims on Monday and Egypt denied the presence of any Russian contingent on its soil.

Mohamed Manfour, commander of the Benina air base near Benghazi in Libya, denied that Haftar’s Libyan National Army (LNA) had received military assistance from the Russian state or from Russian military contractors, and said there were no Russian forces or bases in eastern Libya.

Over the past two years a number of Western countries, including the U.S., have sent special operations forces and military advisors into Libya. The U.S. also carried out air strikes to support a successful Libyan campaign last year to oust ISIS from its stronghold in the city of Sirte.

Russia has shown increasing involvement in Libya in recent months and appears to be taking steps to back Haftar to lead the battle-torn kingdom, which has been split between local warlords in the aftermath of a 2011 NATO-backed uprising against the late leader Muammar Gaddafi, who was an ally of Russia. Several dozen armed private security contractors from Russia operated until February in a part of Libya that is under Haftar’s control.

The top U.S. military commander overseeing troops in Africa, Marine General Thomas Waldhauser, told the U.S. Senate last week that Russia was trying to exert influence in Libya to strengthen its leverage over whoever ultimately holds power.

“They’re working to influence that,” Waldhauser told the Senate Armed Services Committee on Thursday. Asked whether it was in the U.S. interest to let that happen, Waldhauser said: “It is not.”

Russian involvement in Libyan affairs appears to be growing at a time when it is limiting its operations in Syria to attempts to force a resolution without taking charge of the country. Waldhauser believes that this is Russia’s eventual goal in Libya, which will enable it to gain leverage there in the event that Haftar gains control of the country. It is also eyeing Libya’s oil fields as a source of economic opportunities.

Image result for  libya oil ports

Russia, however, says that its primary objective in the Middle East is to contain the spread of violent Islamist groups.

Meanwhile who is Khalifa Belqasim Haftar? (Wikipedia file)

Haftar was born in eastern Libya. He served in the Libyan army under Muammar Gaddafi, and took part in the coup that brought Gaddafi to power in 1969. He commanded the Libyan contingent against Israel in the Yom Kippur War of 1973.[3] In 1987, he became a prisoner of war during the war against Chad. While held prisoner, he and his fellow officers formed a group hoping to overthrow Gaddafi. He was released around 1990 in a deal with the United States government and spent nearly two decades in the United States, gaining U.S. citizenship.[4] Haftar lived comfortably in Virginia, relatively close to CIA headquarters, from the early 1990s until 2011.[5] In 1993, while living in the United States, he was convicted in absentia of crimes against the Jamahiriya and sentenced to death.

Haftar held a senior position in the forces which overthrew Gaddafi in the 2011 Libyan Civil War. In 2014 he was commander of the Libyan Army when the General National Congress (GNC) refused to give up power in accordance with its term of office. Haftar launched a campaign against the GNC and its Islamic fundamentalist allies. His campaign allowed elections to take place to replace the GNC, but then developed into a civil war.

Haftar’s campaign attracted opponents to the GNC to join him as well as armed groups including Zintan‘s al-Qaqaa and Sawaaq brigades, regional military police, the Saiqa special forces group in Benghazi, the Libyan air force and Ibrahim Jadhran’s federalist militias.[6]

Haftar has been described as “Libya’s most potent warlord,” having fought “with and against nearly every significant faction” in Libya’s conflicts, and as having a “reputation for unrivalled military experience”.

***

Internal rivalries based on region, city, tribe, political factions, ethnicity, and militia membership have supplanted dictatorial repression. The costs of this multi-layered disunity are stark: Libya has lost billions of dollars in potential revenues due to fights over control of the oil sector. And nearly 5,000 people have been killed due to the instability since 2014, when Libya formally divided politically.

Perhaps the most immediate barrier to implementation is the role of General Khalifa Haftar, commander of the Libyan National Army (LNA). Although Secretary of State John Kerry did not mention him by name in his statement in Vienna after the meeting to support Libya on May 16, Haftar was clearly on his mind when he said battles of individuals serving their own interests undermined Libya’s security, and that Libya was at a crossroads between a fate of chaos fueled by personal rivalries or unity and peace. Article Eight of the current agreement stipulates that the Presidency Council should be the Supreme Commander of the Libyan Army, in control of all senior-level security official appointments and dismissals. In effect, this provision would give the Presidency Council control of Haftar’s fate. The pro-Haftar eastern government has made removal of this article one of its few conditions for recognizing the Government of National Accord (GNA).

This impasse underscores the need for Libyans to decide once and for all what relationship the military should have with civilian institutions in Libya, and specifically what role Haftar can or will play in the future of Libya. This has also been a difficult impasse for Western governments to navigate, harkening to a recurring Middle East policy battle between prioritizing counter-terrorism and security, and longer-term interests like political stability, rule of law and human rights. Haftar has contributed to counter-terrorism efforts against groups like Islamic State, especially in Benghazi, while undermining Libya’s long-term stability. More here from May of 2016.

Maritime Traffic, Pirates, Smuggling and Dark Beacons

Maritime traffic is hardly considered a top priority and it should be. For illicit activities on the high seas, there is major intelligence value when it comes to smuggling and pirates.

Image result for gps maritime pirates cargo

— Israeli navy veteran Ami Daniel points at his computer screen and explains why the ship he was tracking should have been stopped and searched. It sailed near the Libyan port of Tobruk and waited four days more than a mile off the coast without ever docking, then moved west to Misrata, which it had never visited before.

Next came Greece, where it waited another four days offshore.

Whatever was on the ship — possibly drugs, weapons or people — likely eventually made its way to Europe’s shores, he said.

At a time of deep concern over migrant smuggling, Daniel said his company Windward has the ability to pick up such suspicious maritime behavior that would otherwise go unnoticed.

Ninety percent of the world’s trade is via the oceans, and ports simply cannot check even a fraction of all the containers. For that reason, they try to narrow it down with watch lists of ships.

But with turbulence in northern Africa and the collapse of Libya, smuggling networks have taken advantage of the situation while also becoming more sophisticated, Silvia Ciotti, head of the EuroCrime research body, explained.

And with the influx of hundreds of thousands of refugees across the seas, resources in Europe have been stretched threadbare.

The same smugglers taking desperate migrants and refugees into Europe also take contraband goods, Ciotti said.

“One day it is drugs. One day it is weapons. They do not care,” she said. If a ship’s activities are unusual — turning off its radar or visiting an at-risk port — it will be flagged. More here for ToI.

Image result for gps maritime traffic

The company is Windward, a rather new company that did get an interesting investor, former CIA director, General David Petraeus.

Using what it calls activity-based intelligence, Windward, a five-year-old maritime data and analytics firm here, probes beyond the ship-tracking services available on today’s market to validate identities of ocean-going vessels.

It compares their patterns of behavior and past associations with other ships —even where they loaded or didn’t load in specific ports of call.

“Nobody knows who’s the real owner of 75 percent of the world’s vessels,” said Daniel. “The reason is, for business reasons, they are registered under various flags of convenience by a lawyer who has one share and nobody knows who’s on top of him.

“So the tools of looking at data bases or registries are great in theory, but not in practice.”

The same holds true, company executives here say, for the Automated Information System (AIS), satellite-supported tracking system initiated in recent years by the US Coast Guard and now required by ocean-going vessels and passenger ships. Specific findings from the report showed an increase in GPS manipulation of 59 percent over the past two years; that 55 percent of ships misreport their actual port of call for the majority of their voyage; that large cargo ships shut off AIS transmissions 24 percent longer than others; and that 19 percent of the ships that “go dark” are repeat offenders.

To illustrate this point, Windward conducted an analysis specifically for Defense News, in which the company employed “reverse engineering” of a known arms smuggling incident to highlight similarly suspicious behavior by a ship that managed to evade detection by law enforcement authorities.

Its baseline case was the Haddad, a 39-year-old, Bolivian-flagged cargo vessel that embarked from Iskenderun, Turkey, in early September. It was ultimately seized by Greek authorities south of Crete with a cache of some 5,000 shotguns and a half million rounds of undocumented ammunition.

Using the route plied by the 66-meter Haddad, which sailed along the Turkish coast en route to Libya before being stopped, Windward came up with a similar profile of another ship which, for a variety of legal and proprietary reasons, it preferred to call Vessel X.

Like the Haddad, Vessel X was more than 30 years old and around the same size, about 75 meters. It left the same Turkish port on Aug. 19 — less than a month prior to Haddad — bearing a flag of convenience, this one from the South Pacific island of Vanuatu.

A day later, Vessel X stopped in an area near the Turkish shore where there was no other port in the area or any other reason to stop at that location, company analysts found. More here from DefenseNews.

Meanwhile, pirating is back in the news.

Somali pirates just hijacked a commercial ship for the first time in five years

WaPo: In 2010 and 2011, groups of armed Somali men were hijacking merchant vessels off Somalia’s coast at an almost daily pace. Thousands of hostages of myriad nationalities were taken, and billions of dollars were lost on ransoms, damages and delayed shipments.

The crisis was so severe that a naval task force with more than two dozen vessels from European Union countries, the United States, China, Russia, India and Japan banded together to restore order to one of the world’s busiest shipping routes. They largely succeeded. In 2015, there were 17 pirate attacks near Somalia, down from 151 in 2011. Many of those attacks were on smaller fishing boats from nearby countries, mostly by disgruntled Somali fishermen, but not commercial ships.

Until Tuesday.

Somali officials acknowledged that the Aris 13, an oil tanker, had been escorted to the Somali coast by at least eight and perhaps as many as dozens of armed men on two small skiffs. Reports from organizations that monitor piracy could not conclusively identify which flag the ship was flying or where it was owned, but Sri Lanka’s Foreign Ministry confirmed that eight of its nationals were on board as crew. The ship was on its way south to Mogadishu, Somalia’s capital.

The attack originated in the Puntland region, which is semiautonomous. “The vessel’s captain reported to the company they were approached by two skiffs and that one of them could see armed personnel on board,” an unidentified Middle East-based official told the Associated Press. “The ship changed course quite soon after that report and is now anchored.”

The U.S. Navy’s 5th Fleet oversees anti-piracy efforts along Somalia’s coast. Concerns about piracy’s reemergence in the region have been growing in concurrence with greater exploitation of Somalia’s waters by foreigners engaged in illegal fishing. Deprived of a livelihood, some Somali fishermen have turned back to hijacking to get by.

Salad Nur, described as a “local elder” by the Associated Press, said that the men involved in Tuesday’s hijacking had been searching for a commercial vessel for days on the open water. “Foreign fishermen destroyed their livelihoods and deprived them of proper fishing,” Nur said.

Piracy is also on the rise on the other side of Africa. Armed groups based along Nigeria’s coast have made that region the most dangerous for seafarers. That coast is also a major oil shipping route. Now that oil prices have dropped, pirates there have taken to kidnapping crew members for ransom rather than siphoning off oil, as the abductions have proved more lucrative.

WikiLeaks Releases CIA Cyber Docs, Problem?

Primer: Steve Bannon works for President Trump in the White House.

Steve Bannon is a star – for Al-Qaeda, that featured him on the cover of their newspaper

steve-bannon-is-a-star---for-al-qaeda-that-featured-him-on-the-cover-of-their-paper

Then this headline….

The new scandal headlines for today is WikiLeaks, telling us they published the largest cache of secret CIA documents relating to the CIA’s ability to hack, break encryption and install malware. This is a problem? The problem is not the tools the CIA has, the problem is that someone inside the agency stole them and delivered them to WikiLeaks.

It is a good thing that the agency has these resources, why you ask?

Well….try this…The threat is real from Russians, Chinese, North Korea, Iran, Syria, Ukraine, al Qaeda and Islamic State…

Image result for stuxnet

Remember Stuxnet? This was a successful joint program under the Bush presidency with Israel to infect the Iranian nuclear program and it was to forces the centrifuges to spin out of control, which they did. Ultimately, it caused the progress of the Iranian infrastructure to be delayed substantially. It was in fact later uncovered by cyber scientists working for Siemens, the hardware and software platform used as the operating system. Good right? Yes.

Image result for u.s. cyber command

Well, there is more…

In recent years, Iran and North Korea have been sharing nuclear scientists and engineers, parts, testing and missile collaboration. So far, the missiles launched by North Korea for the most part have been unsuccessful, or at least did not achieve the ultimate objective and that is an official target strike. Why? Because of the United States. How so you ask?

Over the weekend, North Korea fired off 4 missiles in succession toward Japan. They did not reach the mainland but did reach the waterway that is part of the Japanese economic zone for maritime operations. We have American cyberwarriors that are doing effective work causing the missiles to fly off course or to technically fail. The objective is to use non-explosive weaponry to foul the North Korea and hence Iran’s missile program and while North Korea is not especially connected to the internet, some related systems are connected and then there is electronic warfare.

Image result for foreign hacking omb

We know that Islamic State is a terror operation that has militant cells in an estimated 30 countries. While they have depraved methods of murder, rape and terror, they too have a cyber operation.

The Will to Act

One question is whether ISIS will be consumed with the protection and continued expansion of its immediate fighting fronts, i.e., the “near enemy,” or whether its scope of vision includes America’s homeland. The Economist advances a strong case that desire for such expansion not only exists but will be exercised: “With its ideological ferocity, platoons of Western passport holders, hatred of America and determination to become the leader of global jihadism, ISIS will surely turn, sooner or later, to the ‘far enemy’ of America and Europe.”

And perhaps any doubt the militant’s sights are on America was removed by ISIS leader Abu Bakr al-Baghdadi’s Sept. 22 call for jihadists to not wait for the order but to rise, take up arms, and “kill Americans and other infidels” wherever they are. Clearly the group is showing no hesitancy in its desire to strike the U.S. heartland on a personal scale.

Cyber Operations Capability?

As to whether ISIS will have the capability to mount cyber operations against the U.S., David DeWalt, head of cybersecurity firm FireEye, believes that ISIS will follow in the footsteps of the Syrian Electronic Army and the Iran-based Ajax Security Team to target the United States and other Western nations.

“We’ve begun to see signs that rebel terrorist organizations are attempting to gain access to cyber weaponry,” DeWalt stated recently. He added that booming underground markets dealing in malicious software make offensive cyber weapons just an “Internet transaction” away for groups such as ISIS. More here.

Is there more to this that we should know? Yes…

There is the Middle East and we have a major vested interest in the region.

***

Cybersecurity in the Gulf: The Middle East’s Virtual Frontline

Cybersecurity is often discussed in relation to the major global powers: China’s economic espionage, Russian influence operations, and U.S. dragnet global surveillance to thwart terrorism.

However, as other countries move to digitize their economies, cybercriminals are zeroing in on these new and lucrative targets while regional players are quickly incorporating cyber capabilities into their own arsenals for achieving strategic ends.

The Middle East, particularly the Gulf states, are quickly recognizing the urgent need for better cybersecurity, while regional adversaries such as Iran have begun weaponizing code as an extension of broader strategic goals within the region. What, though, is the Gulf’s current cybersecurity atmosphere, and how does Iran’s emerging use of offensive cyber capabilities fit into its broader strategy in the Middle East?

Wajdi Al Quliti, the Director of Information Technology at the Organization of Islamic Cooperation, notes that “the region’s dramatic strides towards digitization—expected to add over $800 billion to GDP and over 4 million jobs by 2020—is making the Gulf a major target for fast evolving cyber threats.” Much like other regions, the Gulf is finding it difficult to sufficiently create criminal deterrence due to segmented laws and difficulties in attribution. Al Quliti argues “cross-border cooperation and common cybersecurity structures could prove to be a game-changing advantage in the fight against cybercrime.” However, “the elephant in the room,” according to Al Quliti, “is the issue of state-sponsored hacking, in which case harmonized laws are unlikely to make a difference.”

A critical point in nation-state hacking in the Middle East begins with the Stuxnet worm. Discovered in 2010 burrowed deep in Iranian networks, the worm had slowly been sabotaging Iran’s nuclear ambitions. Then in 2011 CrySyS Lab discovered Duqu, a cyber espionage tool tailored to gather information from industrial control systems, and in 2012, Kaspersky Labs identified Flame, another espionage tool, targeting various organizations in the Middle East. Both Duqu and Flame are associated with Stuxnet and attributed back to the Equation Group, widely considered an arm of the National Security Agency.

In 2012, Iranian officials found a wiper virus erasing files in the network of the Oil Ministry headquarters in Tehran, leading the ministry to disconnect all oil terminals from the Internet to prevent the virus from spreading. It is uncertain who was behind the attacks, but a mere four months later, Saudi Arabia’s largest oil company, Saudi Aramco, was hit with a similar wiper virus known as Disttrack—possibly coopted from the previous attack on Iran’s oil industry.

The data-erasing malware sabotaged three-quarters, some 35,000 of the company’s computers while branding screens with an image of a burning American flag. A few months later, another wiper virus attacked Qatar’s RasGas.

Al Quliti identifies “the region’s heavy dependence on oil and gas—as well as the oil and gas-powered desalination plants that provide much of the region’s fresh water”—as “a source of cyber vulnerability,” adding that “any cyber attack on these installations could prove catastrophic and might result in a humanitarian disaster.”

The sabotage operations against the Gulf’s oil industry have been attributed by various cybersecurity firms—but not officially by any government—to a group called Shamoon, thought to be an arm of the Iranian government.

Michael Eisenstadt, the Director of the Military and Security Studies Program at the Washington Institute for Near East Policy, notes that “cyber allows Iran to strike at adversaries globally, instantaneously, and on a sustained basis, and to potentially achieve strategic effects in ways it cannot in the physical domain.” For example, in March 2016, the Justice Department indicted seven Iranian Revolutionary Guard members for distributed denial of service attacks against U.S. banks in 2012 in retaliation for Iran sanctions imposed the previous year, as well as for infiltrating the systems of a small New York dam in 2013—a possible testing ground for penetrating larger pieces of U.S. critical infrastructure. In 2014, the same year North Korea set its sights on Sony Pictures, Iran’s cyber capabilities again reached into the United States, using another wiper virus to sabotage the operations of the Las Vegas Sands casino, whose chief executive, a staunch supporter of Israel, had suggested detonating a nuclear bomb in the heart of Tehran.

Last November, right before a major OPEC meeting, a variation of the Disttrack wiper used against Saudi Aramco struck again, now fitted with a picture of Alan Kurdi, the drowned Syrian toddler who washed up in Turkey in 2015. The virus targeted six Saudi organizations, most notably the Saudi General Authority of Civil Aviation, delivering its payload at the close of business on a Thursday, the start of the Islamic weekend, for maximum impact. Some experts speculate the November attack could have also been a false-flag operation to derail the Iranian nuclear deal.

Interestingly, for both the 2012 and 2016 Shamoon attacks, the wiper came fitted with stolen login credentials that Symantec now believes could have been gleaned from a cyber espionage tool, known as Greenbug, found on one of the administrator computers of a Saudi organization targeted in November. The potential link between Greenbug and the Shamoon group opens up possible investigations into the group’s involvement in a host of other Greenbug attacks throughout the Middle East, including breaches in Saudi Arabia, Bahrain, Iraq, Qatar, Kuwait, Turkey, and even Iran—though likely for domestic surveillance on dissidents. Just last week, another wiper virus hit 15 Saudi organizations, including the Ministry of Labor, prompting the government to issue an urgent warning of pending Shamoon attacks.

Eisenstadt points out that “Iran’s cyber activities show that a third-tier cyber power can carry out significant nuisance and cost-imposing attacks,” and “its network reconnaissance activities seem to indicate that it is developing contingency plans to attack its enemies’ critical infrastructure.” According to Eisentadt, is now seems that “in the past decade, Iran’s cyber toolkit has evolved from a low-tech means of lashing out at its enemies by defacing websites and conducting DDoS attacks, to a central pillar of its national security concept.”

Beginning to understand why the CIA and the other agencies are building cyber command war-rooms?

 

U.S. Military Footprint in Syria Expands

The hunt for ISIS leader Abu Bakr al-Baghdadi also continues in earnest. Raqqa is now surrounded by Kurdish and Free Syrian forces and Mosul is crumbling, a military official told ABC News, promising al-Baghdadi’s death at the hands of the U.S.-led coalition is “just a matter of time.”

In Syria, coalition military forces conducted eight strikes consisting of 11 engagements against ISIS targets:

— Near Abu Kamal, two strikes destroyed a wellhead and an oil inlet manifold.

— Near Raqqa, two strikes engaged an ISIS tactical unit, destroyed two vehicles, and suppressed an ISIS tactical unit.

— Near Dayr Az Zawr, two strikes destroyed four tactical vehicles, four ISIS-held buildings, two wellheads, two engineering equipment pieces and a tank.

— Near Manbij, two strikes destroyed a vehicle and an artillery system.

Related reading: US-backed forces in Syria have isolated ISIS’s last stronghold in the country

All strikes are conducted by fighter, attack, bomber, rotary-wing or remotely piloted aircraft; rocket-propelled artillery; and some ground-based tactical artillery when fired on planned targets, officials noted.

U.S. Special Forces have been on the move in northern Syria, deploying near the city of Manbij over the weekend to act as a buffer between American-backed Syrian militias and forces controlled by Turkey. Photos have emerged of U.S. Stryker vehicles configured for the U.S. Army’s 75th Ranger Regiment and specialized Humvees used by Special Forces moving near the city, and U.S. officials confirmed that the American presence around the city had been beefed up. The Ankara-backed Free Syrian Army militia — bolstered by Turkish special forces — moved on Manbij last week, as Turkish officials said they wanted to clear the Kurdish YPG out of the area. Local Syrian forces and the U.S. military deny that the Kurdish forces are near the city.

On a recent trip to northern Syria, FP’s Paul McLeary spent time with both U.S. Special Forces and their local allies near the city, and found the Syrians clearly worried about the Turkish threat. The view from Baghdad. Speaking with FP on Monday, spokesman for the U.S. military command in Baghdad Col. John Dorrian said the American troop presence in Syria and Iraq hasn’t grown, despite the movement of more U.S. troops to Manbij. “There are adequate forces in the area” to handle the situation and “reassure our allies and our partners,” he said. The Manbij Military Council has also said that it turned back a Russian convoy of armored vehicles and troops that tried to enter the area, but Dorrian said he hasn’t seen any increase in Russian troops or aircraft around the city.
“Until now, U.S. military commanders have ruled out anything beyond some artillery support and an advisory role for U.S. special operations forces. But some officials and administration advisors are open to at least considering the idea of using conventional forces in a full-fledged combat role.”

  US SOF base at cement plant between Manbij, Raqqa.

A Syrian MiG-23 crashed in Turkey and the pilot is now claiming he was shot down.  Reuters reports that the pilot, who was rescued by Turkish authorities, says he was downed while flying over Idlib. The Islamist rebel group Ahrar al-Sham has claimed responsibility for downing the aircraft although the assertion has yet to be independently verified. The rescue by Turkey marks yet another sign of the turnaround in relations between Ankara, the Assad regime, and its supporters. In November 2015, a Turkish F-16 shot down a Russian Su-24 carrying out operations over Syria after it violated Turkish airspace, leading to a lengthy and bitter dispute between Turkey and Russia.

***

On Sunday, Syrian forces pushed ahead with their military campaign against the Takfiri Jabhat Fatah al-Sham group, formerly known as al-Nusra Front, in the Dar’a al-Balad neighborhood of the southwestern city of Dara’a, managing to retake several blocks of buildings, Syria’s official news agency, SANA, reported.

Large groups of the militants were killed in the areas of al-Masri, al-Karak and al-Arba’een.

Separately, the Syrian government forces targeted Daesh (ISIL or ISIS) positions on the southern outskirts of al-Qassr village in the northeastern countryside of Sweida province, leaving dozens of the terrorists dead and injured.

Additionally, the Daesh militants suffered serious setbacks in the western city of Deir ez-Zor after the army and its allies shelled their positions in the areas of al-Bogheiliyeh, Hatla, al-Sannof, al-Rwad, al-Sinaa and al-Rushdiye in the province.

Syria has been gripped by civil war since March 2011 with various terrorist groups, including Daesh, currently controlling parts of it.

 

Terrorists in U.S. Several Years Before Being Radicalized, then Canada

The Homeland Security report is based on unclassified information from Justice Department press releases on terrorism-related convictions and attackers killed in the act, State Department visa statistics, the 2016 Worldwide Threat Assessment from the U.S. intelligence community and the State Department Country Reports on Terrorism 2015.

The three-page report challenges Trump’s core claims. It said that of 82 people the government determined were inspired by a foreign terrorist group to carry out or try to carry out an attack in the United States, just over half were U.S. citizens born in the United States. The others were from 26 countries, led by Pakistan, Somalia, Bangladesh, Cuba, Ethiopia, Iraq and Uzbekistan. Of these, only Somalia and Iraq were among the seven nations included in the ban.

Of the other five nations, one person each from Iran, Sudan and Yemen was also involved in those terrorism cases, but none from Syria. It did not say if any were Libyan.

The report also found that terrorist organizations in Iran, Libya, Somalia and Sudan are regionally focused, while groups in Iraq, Syria and Yemen do pose a threat to the U.S.

The seven countries were included in a law President Barack Obama signed in 2015 that updated visa requirements for foreigners who had traveled to those countries. More here from Associated Press.

Then we have the gullible Prime Minister of Canada, Justin Trudeau who has invited Middle Eastern migrants, asylees and refugees in a welcome to Canada. Yet the intelligence and security authorities in Canada have a different position.

The principal terrorist threat to Canada remains that posed by violent extremists who could be inspired to carry out an attack in Canada. Violent extremist ideologies espoused by terrorist groups like Daesh and Al Qaeda (AQ) continue to appeal to certain individuals in Canada.

Infographic: A terrorism timeline of incidents involving Canadians between October 20, 2014 and September 30, 2016. Long description below.

Long description of infographic: Terrorism timeline

2016 Public Report on the Terrorist Threat to CanadaThe principal terrorist threat to Canada remains that posed by violent extremists who could be inspired to carry out an attack in Canada. Violent extremist ideologies espoused by terrorist groups like Daesh and Al Qaeda (AQ) continue to appeal to certain individuals in Canada.

As in recent years, the Government of Canada has continued to monitor and respond to the threat of extremist travellers, that is, individuals who are suspected of travelling abroad to engage in terrorism-related activity. The phenomenon of extremist travellers—including those abroad, those who return, and even those prevented from travelling—poses a range of security concerns for Canada. As of the end of 2016, the Government was aware of approximately 180 individuals with a nexus to Canada who were abroad and who were suspected of engaging in terrorism-related activities. The Government was also aware of a further 60 extremist travellers who had returned to Canada.

The threat environment has also evolved beyond Canada’s borders. Daesh has continued to dominate the landscape in the Middle East, where other terrorist groups such as Jabhat al-Nusra and Hizballah also operate. Elsewhere in the Middle East, Al Qaeda in the Arabian Peninsula (AQAP) has taken advantage of the civil conflict in Yemen to capture territory there and strengthen itself. In addition, 2016 saw Daesh’s expansion in Africa, and Boko Haram (now rebranded as a Daesh affiliate in West Africa) continues to pose a major threat to regional stability. In South and Southeast Asia, Daesh expansionism and entrenched regional groups shaped the threat environment.

Canadians and Canadian interests are also affected. Canadian Armed Forces (CAF) personnel, government officials and private citizens are under constant threat in certain regions. In September 2015, two Canadians were kidnapped in the Philippines. Both were killed by their captors in the spring of 2016. In January 2016, an AQ-affiliated group based in Mali attacked a hotel in Burkina Faso, killing six Canadians. That same month, attackers linked to Daesh targeted a coffee shop in Jakarta, Indonesia, killing one Canadian. In June 2016, a Somali government minister with Canadian citizenship was killed in an Al-Shabaab terrorist attack on a hotel in Mogadishu, Somalia. Also in June, 15 Nepalese security guards who protected the Embassy of Canada to Afghanistan in Kabul were killed when terrorists targeted the bus that was transporting them to work.

International Cooperation

The international security environment continues to result in increased threats to Canada and its interests, both domestically and abroad. Ongoing conflicts in several regions of Africa, the Middle East, Asia, Eastern Europe and elsewhere show no signs of abating and continue to have serious national and international security implications. Worldwide incidents of terrorism, espionage, weapons proliferation, illegal migration, cyber-attacks and other acts targeting Canadians—directly or indirectly—remain ever present. Since the bulk of such threats originate from (or have a nexus to) regions beyond Canada’s borders, CSIS needs to be prepared and equipped to investigate the threat anywhere.

Additionally, certain security threats continue to evolve. Over the past several years, the globalization of terrorism, fueled by elaborate online propaganda videos by extremist groups, has expanded the breadth of radicalization. In some instances, individuals influenced by extremist ideology and driven by a need to feed their sense of belonging have travelled (or attempted to travel) abroad to participate in terrorist activity. Others may continue to support their extremist ideology through training, fundraising, recruitment and attack planning within Canada. As the threat posed by ‘foreign fighters’ is international in scope, a global reach is an absolute necessity in efforts to track and thwart threats to Canada and its allies posed by such individuals.

Furthermore, while the international focus has been on countering terrorism, espionage threats remain ever present and have become far more complex due to continuing advancements in technology and the globalization of communications. On the cyber front, foreign governments and hackers continue to exploit the Internet and other means to target critical infrastructure and information systems of other countries.

Such threats cannot be countered in isolation, and CSIS must remain adaptable in order to keep abreast of developments in both the domestic and international spheres. Despite differences in mandate, structure or vision, security intelligence agencies around the globe are all faced with very similar priorities and challenges. To meet the Government of Canada’s priority intelligence requirements, CSIS maintains a well-established network of relationships with foreign agencies. In accordance with s.17(1)(b) of the CSIS Act, all such arrangements are authorized by the Minister of Public Safety and supported by the Minister of Foreign Affairs. These arrangements provide CSIS access to timely information linked to a number of threats and allow the Service (and, in turn, the Government of Canada) to obtain information which might otherwise not be available.

As of March 31, 2016, CSIS had established over 300 foreign arrangements in some 150 countries. Of those, 69 remain defined as ‘Dormant’ (due to a lack of need for engagement or exchanges for a period of one year or more), while nine remained defined as ‘Restricted’ due to concerns over the affected agencies’ respect for human rights or its reliability. The human rights reputations of foreign agencies with which CSIS engages is not something which the Service takes lightly. In order to mitigate potential risks of sharing information, CSIS regularly assesses its foreign relationships and reviews various government and non-government human rights reports for all countries with which the Service has implemented ministerially approved arrangements, always cognizant of the fact that our first responsibility is to the Canadian people and their safety. CSIS opposes in the strongest possible terms the mistreatment of any individual by a foreign agency. The Service must and does comply with Canada’s laws and legal obligations in sharing information with foreign entities, and expects the same from its foreign counterparts.

Terrorist Group Profiles

Cyber threats from hostile actors continue to evolve. State-sponsored entities and terrorists alike are using Computer Network Operations (CNO) directed against Canadian interests, both domestically and abroad. Canada remains both a target for malicious cyber activities, and a platform from which these hostile actors conduct CNO against entities in other countries.

Infographic: Graphic depicting Canadian sectors vulnerable to cyber threats. Long description below.

Long description of infographic: Canadian sectors at risk

These state-sponsored and terrorist CNO actors are increasing in number, capability and aggression, and have access to a growing range of tools and techniques that they can employ to accomplish their mission. As these tools and techniques evolve and become more complex, so too do the challenges of detecting and attributing CNO.

Moreover, despite the fact that they originate in the virtual realm, the consequences of CNO can be very real. For example, in December 2015, a cyber-attack conducted against three Ukrainian power companies resulted in a power outage that left hundreds of thousands of people in the dark. The type of systems the actors exploited in this attack is used by energy companies worldwide. Should such destructive cyber-operations be targeted against similar systems in Canada, they could potentially affect any and all areas of its critical infrastructure.

Unfortunately, CNOs are not uncommon and agencies at all levels of government in Canada have faced this threat. The Government of Canada witnesses serious attempts to penetrate its networks on a daily basis.

CSIS is also aware of state-sponsored cyber-espionage and influence activities targeting the private sector in Canada and abroad. The targets of these attacks often fall within Canada’s advanced technology sector and throughout the critical infrastructure spectrum. Universities engaged in advanced research and development have also been subjected to CNO. In addition to stealing intellectual property, one of the objectives of state-sponsored CNO is to obtain information which will give their own companies a competitive edge over Canadian firms. This could impact investment or acquisition negotiations involving Canadian companies and the Government of Canada, and, in turn, lead to lost jobs, revenue, and market share. Ultimately, cyber-espionage negatively impacts Canada’s economy as a whole.

In responding to these threats, CSIS relies on specialized collection techniques to report on state-sponsored cyber-espionage or cyber-terrorism activity. For instance, by analyzing networks or malware behind CNOs, the Service can uncover clues that help identify the origins of the cyber-attacks (known as “attribution”).

The Service also maintains relationships with domestic and foreign agencies to provide the Government of Canada with the most up-to-date intelligence regarding the cyber threats facing Canada and who is behind them.

The CSIS Security Screening program represents one of the most visible of the Service’s operational sectors. It helps defend Canada and Canadians from threats to national security emanating from terrorism and extremism, espionage, and the proliferation of weapons of mass destruction. Security screening prevents persons who pose these threats from entering or obtaining status in Canada, or from obtaining access to sensitive sites, government assets or information. In addition, through its government screening program, CSIS assists the RCMP with the accreditation process for Canadians and foreign nationals seeking access to or participating in major events in Canada.

2014-2015 2015-2016

Note: Figures have been rounded
**Individuals claiming refugee status in Canada or at ports of entry

Infographic: Statistics on the security screening program at CSIS for the 2014-2015 and 2015-2016 fiscal years. Long description below.

Long description of infographic: Statistics from the security screening program

Long description of infographic: Statistics for the 2015 Pan Am Games

Read more about the CSIS Security Screening program

The CSIS Security Screening program also played a key role in achieving the Government of Canada’s goal to resettle 25,000 refugees from Syria by February 29, 2016. Between November 2015 and February 2016, CSIS conducted screening investigations on the applicants selected for resettlement in Canada. CSIS continues to work closely with the Canada Border Services Agency (CBSA) and Immigration, Refugees, and Citizenship Canada (IRCC) to provide timely security advice regarding permanent resident applicants who could represent a threat to Canada’s national security, while ensuring legitimate refugees are screened and resettled in a timely manner.

The people of CSIS are committed to ensuring a Service that is nimble, flexible and innovative, and takes responsible risks in the delivery of its mandate and in the pursuit of its strategic outcome.

As of March 31, 2016
Infographic: the make-up of CSIS workforce and awards received. Long description below.

Long description of infographic: Statistics related to CSIS’ workforce and awards received

Recruiting the right talent to deliver on our mandate remains a key priority for the Service and the CSIS recruiting website, csiscareers.ca represents the cornerstone of our efforts. During 2014-2016, there were over 2 million hits to the site resulting in close to 90,000 applications being submitted.

Infographic: Statistics from csiscareers.ca and the total applications received during 2014-2015 and 2015-2016. Long description below.

Visit the CSIS recruiting site(External link)

Long description of infographic: Statistics from the CSIS recruiting site

The Service prioritizes a diverse workforce which allows us to better understand the demographics of the Canadian communities we protect, therefore better equipping us to collect relevant and accurate intelligence. Our recruiting team includes a diversity recruiter who liaises with a variety of community leaders across the country, and attends diversity job fairs and networking events in an effort to attract applicants from designated groups such as visible minorities, Aboriginal peoples and persons with disabilities.

In addition, a partnership has been established with Public Safety, the Royal Canadian Mounted Police (RCMP), Canada Border Services Agency (CBSA), Correctional Service Canada (CSC), Communication Security Establishment (CSE) and Department of National Defence to share best recruiting practices and hold joint initiatives.

The Academic Outreach (AO) program at CSIS seeks to promote conversations with experts from a variety of disciplines and cultural backgrounds working in universities, think tanks and other research institutions in Canada and abroad.

Infographic: Statistics related to the Academic Outreach program for 2014-2015 and 2015-2016. Long description below.

Long description of infographic: Academic Outreach statistics

Infographic: Academic Outreach publications from 2014-2016. Long description below.

Political Stability in West and North Africa - Highlights from the Conference Pitfalls and Promises: Security Implications of a Post-revolutionary Middle East - Highlights from the Conference Russia and the West: The Consequences of Renewed Rivalry - Highlights from the Workshop Brittle Might? Testing China's    Success - Highlights from the Conference Foreign Fighters Phenomenon and Related Security  Trends in the Middle East - Highlights from the Workshop

Long description of infographic: Publications from Academic Outreach

In 2014-2015, AO hosted a conference that brought together multi-disciplinary experts from several countries. The conference was entitled “A Brave New World: Exploring the Evolving Nature of Cyber-conflict” and examined cyber threats facing Canada and its Western allies, our adversaries and their intent, as well as countermeasures that could help mitigate the proliferation of cyber conflict. In 2015-2016, we hosted another conference, “Brittle Might? Testing China’s Success”, which explored the challenges facing modern China, assessed the strengths and weaknesses of the country’s leadership, examined Beijing’s involvement in global affairs and debated China’s trajectory in the coming years.

The international conferences, however, represent only one component of the AO program. We also hosted a number of in-depth briefings on other topics of interest. For instance, one reviewed the global banking sector’s experience at identifying money laundering and terrorist financing activity. Another expert explored the phenomenon of radicalization in Western countries, while another guest specialist assessed the capabilities of Shia militias operating in Iraq and Syria.

During the period of review,  outside experts engaged CSIS staff on discussions covering a range of security and strategic issues, including Russia’s strategy towards the Arctic; the uses and limitations of ‘big data’ for intelligence analysis; Boko Haram’s campaign of violence in Nigeria; and the regional consequences of the conflict in Iraq and Syria on Lebanon.

The Security Intelligence Review Committee (SIRC) is an external independent review body that reports to Parliament on CSIS’ operations. It does so through its three core functions: certifying the CSIS Director’s annual report to the Minister of Public Safety, carrying out in-depth reviews of CSIS activities and conducting investigations into public complaints about CSIS. CSIS’ External Review and Liaison Unit (ER&L) manages the Service’s relationship with SIRC, ensuring that it receives all of the necessary information required to fulfil its mandate.

Infographic: Statistics related to SIRC reviews and complaints made to SIRC. Long description below.

Long description of infographic: SIRC reviews and complaints 2014-2015 and 2015-2016

Each year, SIRC provides a research plan identifying the reviews it plans to undertake. For each review, ER&L works closely with SIRC to ensure it has the documents it needs and to arrange briefings by CSIS employees. ER&L manages the correspondence between SIRC and the Service during a review as well as the Service’s response to the resulting report. These reviews, reflected in SIRC’s Annual Public Report, provide comprehensive assurance to Parliament and the Canadian public about the Service’s exercise of its authorities.

ER&L is also the primary point of contact for all stakeholders on public complaints made to SIRC and ensures that SIRC’s legal counsel has the information required for complaint investigations. When an investigation involves a hearing, ER&L assists Department of Justice legal counsel in preparing the CSIS case, including preparation of submissions, exhibits and arranging witnesses to testify at hearings.

ER&L coordinates CSIS responses to SIRC on questions, requests, recommendations, and correspondence. While CSIS is not required to accept all SIRC recommendations, they are reviewed carefully and CSIS responds in writing and these responses are reflected in SIRC’s Annual Report. In ensuring continuity and transparency, ER&L tracks progress and reports to SIRC on CSIS’ implementation of actions recommended by SIRC.

CSIS Internal Audit Branch / Disclosure of Wrongdoing and Reprisal Protection

The Internal Audit (IA) Branch is led by the Chief Audit Executive (CAE), who reports to the CSIS Director and to the CSIS External Audit Committee (AC). The IA Branch is subject to the Treasury Board Policy on Internal Audit, the Internal Auditing Standards for the Government of Canada as well as the International Standards for the Professional Practice of Internal Auditing.

The CAE provides assurance services to the Director, Senior Management and the AC, as well as independent, objective advice and guidance on the Service’s risk management practices, control framework, and governance processes. The CAE is also the Senior Officer for Disclosure of Wrongdoing.

The AC examines CSIS’ performance in the areas of risk management, control and governance processes relating to both operational activities and administrative services. By maintaining high standards in relation to its review function in particular following-up on the implementation of management action plans derived from audit recommendations, the AC supports and enhances the independence of the audit function.

In the capacity of Senior Officer for Disclosure of Wrongdoing, the CAE is responsible for administering the Internal Disclosure of Wrongdoing and Reprisal Protection Policy. The Policy provides a confidential mechanism for employees to come forward if they believe that serious wrongdoing has taken place. It also provides protection against reprisal when employees come forward, and ensures a fair and objective process for those against whom allegations are made.

The mandate of the Access to Information and Privacy (ATIP) Unit is to fulfill the Service’s obligations under the Access to Information Act and the Privacy Act. The Service’s Chief, ATIP is entrusted with the delegated authority from the Minister of Public Safety Canada to exercise and perform the duties of the Minister as head of the institution.

Infographic: ATIP statistics for the 2014-2015 and 2015-2016 fiscal years. Long description below.

Long description of infographic: ATIP statistics

As the custodian of expertise related to the Service’s obligations under the Access to Information Act and the Privacy Act, the ATIP Unit processes all requests made under the relevant legislation and responds to informal requests for information. In doing so, the unit must balance the need for transparency and accountability in government institutions while ensuring the protection of the Service’s most sensitive information and assets.

The Financial Resources table below provides a snapshot of CSIS expenditures over the last 6 years (from 2010-2011 to 2015-2016).

Infographic: Bar graph of CSIS expenditures over the last six years. Long description below.

Long description of infographic: CSIS expenditures from 2010-2016