Hey Hilary and Cheryl, it is a Felony

Posted on February 29, 2016February 29, 2016 by Denise Simon

Hoorah for Senator Grassley and..today February 29, 2016, the last official court ordered email document dump by the State Department is expected.

It is important to remember that a chain of email discussions included drone strikes.

Senior Clinton aide maintained top secret clearance amid email probe, letters show

FNC:

EXCLUSIVE: A senior Hillary Clinton aide has maintained her top secret security clearance despite sending information now deemed classified to the Clinton Foundation and to then-Secretary of State Clinton’s private unsecured email account, according to congressional letters obtained by Fox News.

Current and former intelligence officials say it is standard practice to suspend a clearance pending the outcome of an investigation. Yet in the case of Cheryl Mills, Clinton’s former chief of staff at the State Department, two letters indicate this practice is not being followed — even as the Clinton email system remains the subject of an FBI investigation.

In an Oct. 30, 2015, letter to Senate Judiciary Committee Chairman Charles Grassley, R-Iowa — who has been aggressively investigating the Clinton email case — Mills’ lawyer Beth A. Wilkinson confirmed that her client “has an active Top Secret clearance.” The letter said previous reporting from the State Department that the clearance was no longer active was wrong and due to “an administrative error.”

A second letter dated Feb. 18, 2016, from the State Department’s assistant secretary for legislative affairs, Julia Frifield, provided additional details to Grassley about the “administrative error.” It, too, confirmed Mills maintained the top secret clearance.

The letters come amid multiple congressional investigations, as well as an FBI probe focused on the possible gross mishandling of classified information and Clinton’s use of an unsecured personal account exclusively for government business. The State Department is conducting its own administrative review.

Under normal circumstances, Mills would have had her clearance terminated when she left the department. But in January 2014, according to the State Department letter, Clinton designated Mills “to assist in her research.” Mills was the one who reviewed Clinton’s emails before select documents were handed over to the State Department, and others were deleted.

Dan Maguire, a former strategic planner with Africom who has 46 years combined service, told Fox News his current and former colleagues are deeply concerned a double standard is at play.

A sample of the emails released from last week, lots of gossip.

“Had this happened to someone serving in the government, their clearance would have already been pulled, and certainly they would be under investigation. And depending on the level of disclosure, it’s entirely possible they would be under pretrial confinement for that matter,” Maguire explained. “There is a feeling the administration may want to sweep this under the rug.”

On Monday, the State Department was scheduled to release the final batch of Clinton emails as part of a federal court-mandated timetable.

So far, more than 1,800 have been deemed to contain classified information, and another 22 “top secret” emails have been considered too damaging to national security to release even with heavy redactions.

As Clinton’s chief of staff, Mills was a gatekeeper and routinely forwarded emails to Clinton’s personal account. As one example, a Jan. 23, ‎2011 email forwarded from Mills to Clinton, called “Update on DR meeting,” contained classified information, as well as foreign government information which is “born classified.”

The 2011 email can be declassified 15 years after it was sent — indicating it contained classified information when it was sent.

Fox News was first to report that sworn declarations from the CIA notified the intelligence community inspector general and Congress there were “several dozen emails” containing classified information up to the most closely guarded government programs known as “Special Access Programs.”

Clinton has maintained all along that she did not knowingly transmit information considered classified at the time.

The U.S. Department of State Foreign Affairs Manual lays out the penalties for taking classified information out of secure government channels – such as an unsecured email system. While the incidents are handled on a “case by case” basis, the manual suggests the suspension of a clearance is routine while “derogatory information” is reviewed.

The manual says the director of the Diplomatic Security Service, “based on a recommendation from the Senior Coordinator for Security Infrastructure (DS/SI), will determine whether, considering all facts available upon receipt of the initial information, it is in the interests of the national security to suspend the employee’s access to classified information on an interim basis. A suspension is an independent administrative procedure that does not represent a final determination …”

Fox News has asked the State Department to explain why Mills maintains her clearance while multiple federal and congressional investigations are ongoing. Fox News also asked whether the department was instructed by the FBI or another entity to keep the clearance in place. Fox News has not yet received a response.

The Muslim Brotherhood, Then, Now and Hillary

Posted on February 28, 2016February 28, 2016 by Denise Simon

Wonder if Hillary or Anne Patterson received and read the full Great Britain document on the investigation into the Muslim Brotherhood? The scrubbed UK investigation report is here.

Misguided diplomacy at the White House and the U.S. State department is mission objectives and investment over terror facts and names, of this there is no dispute.

Hillary Emails: State Discussed ‘Cooperating,’ ‘Increased Investment’ With Egypt’s Muslim Brotherhood Government

TEL AVIV – 1,500 pages of former Secretary of State Hillary Clinton’s emails provide insight into the level of support the U.S. was considering in 2012 for Egypt’s newly elected Muslim Brotherhood government.

Breitbart: On August 30, 2012, Robert D. Hormats, the under-secretary of state for economic affairs, wrote to Clinton’s then-Deputy Chief of Staff Jake Sullivan to update him on a meeting he held with .

Shater was later sentenced to life imprisonment and then to death for multiple alleged crimes, including inciting violence and financial improprieties.

The email reveals Hormats and other U.S. diplomats discussed methods of cooperation with Shater, including an increase in American direct foreign investment.

Hormats wrote:

Anne Patterson, Bill Taylor, and I met with Muslim Brotherhood Deputy Supreme Guide Khairat al-Shater. He discussed broad principles of economic development based on 100 large infrastructure projects (over a billion dollars each) as part of Morsi’s Nadah (Renaissance Plan) Plan; ways of cooperating with the US to obtain support for these projects and for SMEs; and his hope for an IMF agreement and increased foreign direct investment from the US, the West, and the Arab world. He also noted that it was a priority for the GOE to build a true democratic system based on human rights and the rule of law.

Patterson, the U.S. Ambassador to Egypt at the time, was known for her repeated engagement with the Muslim Brotherhood. Taylor was the U.S. Special Coordinator for Middle East Transitions; that is, the U.S. envoy to the new leadership that emerged in the wake of the so-called Arab Spring.

Hormats’ meetings with the Muslim Brotherhood were not secret. But the emails reveal the scope of his discussions with the group about possible future investment.

In September 2012, the New York Timesreported that Hormats had led a delegation of businesses to Egypt to discuss possible private investment.

That same month, the State Department published a document that received little news media attention. It revealed that in August and September 2012, “Hormats visited Egypt to negotiate possible bilateral debt relief,”but the document did not provide further details.

After the toppling of Egypt’s longtime president Hosni Mubarak, the Muslim Brotherhood’s Muhammad Morsi served as president from June 30, 2012 to July 3, 2013, when he was removed from office amidst widespread protests and a military coup. After Mubarak was removed from office, the Obama administration pledged $1 billion in assistance to bolster Egypt’s transition to democracy.

Clinton and Secretary of Defense Leon Panetta each visited Cairo and met with Morsi during his tenure as president.

The meeting that Hormats describes in the email took place while the U.S. was negotiating an aid package to help relieve Egypt’s debt crisis amid concerns from U.S. lawmakers about funding the Muslim Brotherhood.

The email was sent a week and a half before protesters besieged the U.S. Embassy in Cairo on September 11, 2012, the same day the U.S. Special Mission in Benghazi came under attack.

Following the attacks, Obama stated of Morsi’s government, “I don’t think that we would consider them an ally, but we don’t consider them an enemy.”

***

Back in November of 2015, Senator Cruz was leading a charge in the Senate to list the Muslim Brotherhood as a terror organization. The Muslim Brotherhood is part of several proven terror organizations. Going back to 2014, Saudi Arabia joined the United Arab Emirates and Bahrain in withdrawing its ambassadors from Qatar, which it sees as an important supporter of the Muslim Brotherhood.

in 2014, Prime Minister David Cameron ordered an investigation into the Muslim Brotherhood as a terror organization and the results were conclusive they were, however due to internal pressure from Islamists all over Europe and especially the UK, Cameron pulled the report.

After Ukraine, DHS Warns Domestic Utility Companies

Posted on February 26, 2016February 26, 2016 by Denise Simon

Feds advise utilities to pull plug on Internet after Ukraine attack

WashingtonExaminer: The Department of Homeland Security advised electric utilities Thursday that they may need to stop using the Internet altogether, after the agency found that a cyberattack that brought down Ukraine’s power grid in December could have been far more devastating than reported.

The Dec. 23 cyberattack forced U.S. regulators to place utilities on alert after unknown attackers caused thousands of Ukrainian residents to lose power for hours by installing malicious software, or malware, on utility computers. But the Department of Homeland Security said Thursday that the attack may have been directed at more than just the country’s electricity sector, suggesting the attackers were looking to cause more harm than was reported.

In response, federal investigators are recommending that U.S. utilities and other industries “take defensive measures.” To start with, they need to best practices “to minimize the risk from similar malicious cyber activity,” according to an investigative report issued Thursday by Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.

But the team is also recommending more drastic action, such as keep control-system computers away from the Internet.

“Organizations should isolate [industrial control system] networks from any untrusted networks, especially the Internet,” the report says. “All unused ports should be locked down and all unused services turned off. If a defined business requirement or control function exists, only allow real-time connectivity to external networks. If one-way communication can accomplish a task, use optical separation.”

The findings show that the power outages were caused by three attacks using cyberintrusion software to attack electric power distribution companies, affecting about 225,000 customers. It also reveals that once power was restored, the utilities continued “to run under constrained operations,” implying that the damage to grid control systems was profound.

The team also learned that “three other organizations, some from other critical infrastructure sectors, were also intruded upon but did not experience operational impacts.” That suggests the attackers were going after more than just the power grid, and may have been planning a much more economy-wide attack. The team does not disclose what other sectors of the country were targeted.

The team said the attack was well-planned, “probably following extensive reconnaissance of the victim networks,” the report says. “According to company personnel, the cyberattacks at each company occurred within 30 minutes of each other and impacted multiple central and regional facilities.”

The attackers were attempting to make the damage permanent. The report says the attackers installed “KillDisk” malware onto company computers that would erase data necessary to reboot operations after a cyberattack.

There is also a mystery to the attackers’ actions.

“Each company also reported that they had been infected with BlackEnergy malware; however, we do not know whether the malware played a role in the cyberattacks,” the report says. The malware was delivered using an email embedded hacking technique known as “spear phishing” that contained a number of malicious Microsoft Office attachments.

“It is suspected that BlackEnergy may have been used as an initial access vector to acquire legitimate credentials; however, this information is still being evaluated,” the team says.

The investigation was done with Ukraine authorities and involved the FBI, Department of Energy and the North American Electric Reliability Corporation.

***

New research is shining a light on the ongoing evolution of the BlackEnergy malware, which has been spotted recently targeting government institutions in the Ukraine.

Security researchers at ESET and F-Secure each have dived into the malware’s evolution. BlackEnergy was first identified several years ago. Originally a DDoS Trojan, it has since morphed into “a sophisticated piece of malware with a modular architecture, making it a suitable tool for sending spam and for online bank fraud,” blogged ESET’s Robert Lipovsky.

“The targeted attacks recently discovered are proof that the Trojan is still alive and kicking in 2014,” wrote Lipovsky, a malware researcher at ESET.

ESET has nicknamed the BlackEnergy modifications first spotted at the beginning of the year ‘BlackEnergyLite’ due to the lack of a kernel-mode driver component. It also featured less support for plug-ins and a lighter overall footprint.

“The omission of the kernel mode driver may appear as a step back in terms of malware complexity: however it is a growing trend in the malware landscape nowadays,” he blogged. “The threats that were among the highest-ranked malware in terms of technical sophistication (e.g., rootkits and bootkits, such as Rustock, Olmarik/TDL4, Rovnix, and others) a few years back are no longer as common.”

The malware variants ESET has tracked in 2014 – both of BlackEnergy and of BlackEnergy Lite – have been used in targeted attacks. This was underscored by the presence of plugins meant for network discovery, remote code execution and data collection, Lipovsky noted.

“We have observed over a hundred individual victims of these campaigns during our monitoring of the botnets,” he blogged. “Approximately half of these victims are situated in Ukraine and half in Poland, and include a number of state organizations, various businesses, as well as targets which we were unable to identify. The spreading campaigns that we have observed have used either technical infection methods through exploitation of software vulnerabilities, social engineering through spear-phishing emails and decoy documents, or a combination of both.”

In a whitepaper, researchers at F-Secure noted that in the summer of 2014, the firm saw samples of BlackEnergy targeting Ukrainian government organizations for the purposes of stealing information. These samples were nicknamed BlackEnergy 3 by F-Secure and identified as the work of a group the company refers to as “Quedagh.” According to F-Secure, the group is suspected to have been involved in cyber-attacks launched against Georgia during that country’s conflict with Russia in 2008.

“The Quedagh-related customizations to the BlackEnergy malware include support for proxy servers and use of techniques to bypass User Account Control and driver signing features in 64-bit Windows systems,” according to the F-Secure whitepaper. “While monitoring BlackEnergy samples, we also uncovered a new variant used by this group. We named this new variant BlackEnergy 3.”

Only Quedagh is believed to be using BlackEnergy 3, and it is not available for sale on the open market, noted Sean Sullivan, security advisor at F-Secure.

“The name [of the group] is based on a ship taken by Captain Kidd, an infamous privateer,” he said. “It is our working theory that the group has previous crimeware experience. Its goals appear to be political but they operate like a crimeware gang. There have been several cases this year of which BlackEnergy is the latest. The trend is one of off-the-shelf malware being used in an APT [advanced persistent threat] kind of way. The tech isn’t currently worthy of being called APT, but its evolving and scaling in that direction.”

Within a month of Windows 8.1’s release, the group added support for 64-bit systems. They also used a technique to bypass the driver-signing requirement on 64-bit Windows systems.

In the case of BlackEnergy 3, the malware will only attempt to infect a system if the current user is a member of the local administration group. If not, it will re-launch itself as Administrator on Vista. This will trigger a User Account Control (UAC) prompt. However, on Windows 7 and later, the malware will look to bypass the default UAC settings.

“The use of BlackEnergy for a politically-oriented attack is an intriguing convergence of criminal activity and espionage,” F-Secure notes in the paper. “As the kit is being used by multiple groups, it provides a greater measure of plausible deniability than is afforded by a custom-made piece of code.”

In 2014 from the Department of Interior and DHS:

Summary: Investigation of NPS-GCNP SCADA SYSTEM

Report Date: August 7, 2014

OIG investigated allegations that the Supervisory Control and Data Acquisition (SCADA) system at Grand Canyon National Park (Park) may be obsolete and prone to failure. In addition, it was alleged only one Park employee controlled the system, increasing the potential for the system to fail or become unusable.

The SCADA system is a private utilities network that monitors and controls critical infrastructure elements at the Park. Failure of the system could pose a health and safety risk to millions of Park visitors. Due to potential risks that system failure posed, we consulted with the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and asked that they assess the overall architecture and cybersecurity of the Park’s SCADA system.

ICS-CERT conducted an onsite review and issued a report outlining the weaknesses it found at the Park’s SCADA system, including obsolete hardware and software, inadequate system documentation and policies, insufficient logging and data retention. We provided a copy of ICS-CERT’s assessment report to the National Park Service for review and action.

Putin Dials the Hit Squad for This

Posted on February 26, 2016February 26, 2016 by Denise Simon

Nemtsov March Organizer Severely Beaten

By RFE/RL’s Russian Service: An organizer of an upcoming march to commemorate slain Kremlin critic Boris Nemtsov has been severely beaten in Russia’s Urals city of Chelyabinsk.

A member of the opposition PARNAS party, Aleksei Tabalov, wrote on his blog that Vyacheslav Kislitsyn was attacked by unknown men in Chelyabinsk on February 26.

According to Tabalov, Kislitsyn was hospitalized with numerous wounds, a broken rib, and heart problems.

Tabalov quoted Kislitsyn as saying that city police officers were among the attackers.

Tabalov says the attack was connected to the planned march to commemorate Nemtsov on February 27.

Nemtsov, a former deputy prime minister and vocal critic of President Vladimir Putin, was shot dead near the Kremlin on February 27 last year.

****

Others on the Putin list? Likely….

Russian Oppositionist Leonid Gozman To Putin: ‘Mr. President, You Must Resign!’

MEMRI: On February 15, 2016, Russian oppositionist politician Leonid Gozman, president of the neoliberal movement Union of Right Forces, published an open letter[1] calling upon Russian President Vladimir Putin to resign, saying that this is the only way to save Russia. In his letter, Gozman blames Putin for the deterioration of Russia’s economic, political and security situation, and for the country’s isolation. He states further that, due to the regime’s repressive policies and the rise in corruption, old fears have resurfaced and Russians once again feel the need to hide their opinions. He reminds Putin that dictatorial regimes tend to fail and that Russia’s last Tsar, Nicolai II, was quite popular in his day but this did not keep him from being assassinated.

The following are excerpts from Gozman’s open letter

“You Turned Russia Into A Bogeyman In The Eyes Of The Entire World”

“Your Excellency, Mr. President, you have been the leader of our country for the past 16 years. Evidently, the balance of successes versus failures has recently been moving in a negative direction. No matter what your propaganda is trying to hide, people are beginning to sense what is really going on.

“The quality of life in Russia is going downhill, our situation in the social sphere is deteriorating, real incomes are plummeting. You have not freed the country from its dependence on oil and, judging by your own declarations, you have no master plan for getting Russia out of this crisis.

“You promised victory over the terrorists, yet terrorist acts continue to occur. Under your leadership, these [terrorist] acts have already claimed more than three thousand lives, and, in most cases, the masterminds behind them have not been apprehended. In the Northern Caucasus [i.e., Chechen Republic], a criminal enclave has been created, which effectively functions independently of Russia yet nevertheless uses our resources. In addition to all this, you began a fratricidal war in Ukraine and then launched a war in Syria.

“You have turned Russia into a bogeyman in the eyes of the entire world. Your highly-publicized turning to the East has yielded no results, we are at loggerheads with our neighbors and have run out of allies in general. Sanctions and counter-sanctions, and the arms race provoked by your policies, weigh heavy on our economy. Tens of millions of people are being forced to pay the price of your not always solidly-founded geopolitical declarations.

“Social morale has plummeted to unprecedented depths. During the years of your leadership, deception, unjust trials and corruption have blossomed. Many people are convinced that your closest friends and officials are corrupt and that you yourself are often guilty of corruption. Everyone is increasingly talking about high-ranking officials having connections with criminal elements.[2] Against this backdrop, hypocrisy has reemerged in our lives and an old fear has resurfaced: people are now afraid to express what they think…”

“You Have Exhausted Your Potential”

“One should not delude oneself with high [support] ratings; these ratings reflect a state of collapse and a lack of any real alternative. They were drummed up artificially and they will naturally drop once the resources that feed them dry up.

“[Tsar] Nicholas II’s popularity in August 1914 [at the start of World War I] was probably greater than yours is today. People would kneel in his presence and would kiss the hem of his jacket. However, two and a half years later, exactly 99 years ago, the monarchy was toppled. Less than a year later, the Tsar was assassinated and the country was plunged into chaos for decades.

“Mr. President, the system you created is not the first authoritarian regime in history to find itself in a situation of economic, moral and political crisis. Such regimes usually end in catastrophe. However, there are examples of authoritarian [regimes] that at least ended peacefully and without bloodshed. Unlike many of your opponents, I believe that you do care about the fate of Russia. You still have a chance – though it is diminishing with each passing day – to save Russia.

“Your Excellency, you must step down. You have exhausted your potential. The longer you remain in the Kremlin, the likelier it is that events will culminate in a dreadful scenario…

“Of course, after your departure, hard times may [still] await us… It’s not as if without you, everything will suddenly be rosy. But with you, things will only get worse (and neither you nor anyone else can change this).

“Your Excellency, Mr. President, you must resign! You must resign, and the sooner the better. This is the best thing you can do for Russia.”

Endnotes:

[1] The letter was published in Gozman’s blog on the website of the independent radio station Echo of Moscow (Echo.msk.ru, February 15, 2016).

[2] The author is referring to the Anti-Corruption Foundation’s investigation into links between Prosecutor General Yuri Chaika’s family and Russian criminal elements (Chaika.navalny.com, December 1, 2015).

U.S. 133 Cyber Teams Under Construction

Posted on February 26, 2016February 26, 2016 by Denise Simon

Is this a change and an approval by Obama from 2012? (Note this is only a defensive strategy)

Presidential Cyberwar Authority

In October 2012, President Obama signed the top-secret Presidential Policy Directive 20, which enabled the military to aggressively initiate and thwart cyberattacks related our nation’s security. While most of the cyber attack targets are network systems or infrastructure-based, an elite Psychological Operations (PsyOps) team has focused its efforts on secretly defacing the public websites of our adversaries. Due to the high visibility and sensitive nature of this activity, only President Obama has the authority to target and launch these types of attacks.

The President authorizes these attacks using the global Cyber Warfare Command and Control System (CWCCS), which is accessible from this web page only from the President’s authorized computer.

****

WASHINGTON (AP) — Not long after Defense Secretary Ash Carter prodded his cyber commanders to be more aggressive in the fight against Islamic State, the U.S. ramped up its offensive cyberattacks on the militant group.

According to several U.S. officials, the attacks are targeting the group’s abilities to use social media and the Internet to recruit fighters and inspire followers, U.S. officials told The Associated Press.

U.S. officials confirmed that operations launched out of Fort Meade, Maryland, where the U.S. Cyber Command is based, have focused on disrupting the group’s online activities. The officials said the effort is getting underway as operators try a range of attacks to see what works and what doesn’t. They declined to discuss details, other than to say that the attacks include efforts to prevent the group from distributing propaganda, videos or other types of recruiting and messaging on social media sites such as Twitter, and across the Internet in general.

Other attacks could include attempts to stop insurgents from conducting financial or logistical transactions online.

The surge of computer-based military operations by U.S. Cyber Command began shortly after Carter met with commanders at Fort Meade last month.

Several U.S. officials spoke about the cyber campaign on condition of anonymity because they were not authorized to discuss it publicly. Much of the effort is classified.

Carter mentioned the operations briefly Thursday, telling a House Appropriations subcommittee only that Cyber Command is beginning to conduct operations against the Islamic State group. He declined to say more in a public setting.

The more aggressive attacks come after months of pressure from Carter, who has been frustrated with the belief that the Pentagon — and particularly Cyber Command — was losing the war in the cyber domain.

Late last year Carter told cyber commanders they had 30 days to bring him options for how the military could use its cyberwarfare capabilities against the group’s deadly insurgency across Iraq and Syria, and spreading to Libya and Afghanistan. Officials said he told commanders that beefing up cyberwarfare against the Islamic State group was a test for them, and that they should have both the capability and the will to wage the online war.

But the military cyber fight is limited by concerns within the intelligence agencies that blocking the group’s Internet access could hurt intelligence gathering.

Officials said Carter told commanders that he the U.S. to be able to impact Islamic State operations without diminishing the indications or warnings U.S. intelligence officers can glean about what the group is doing. On Jan. 27, Carter and Marine Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, went to Fort Meade for an update.

Officials familiar with Carter’s meetings said the secretary was frustrated that as Cyber Command has grown and developed over the past several years, it was still focused on the cyberthreats from nations, such as Iran, Russia and China, rather than building a force to block the communications and propaganda campaigns of Internet-savvy insurgents.

“He was right to say they could be more forward leaning about what they could possibly do against ISIS,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “You could disrupt their support networks, their business networks, their propaganda and recruitment networks.” However, Lewis added, the U.S. needs to be careful about disrupting the Internet to insure that attacks don’t also affect civilian networks or systems needed for critical infrastructure and other public necessities. U.S. officials have long been stymied by militants’ ability to use the Internet as a vehicle for inspiring so-called lone wolf attackers in Western nations, radicalized after reading propaganda easily available online.

“Why should they be able to communicate? Why should they be using the Internet?” Carter said during testimony before the defense appropriations subcommittee. “The Internet shouldn’t be used for that purpose.” He added that the U.S. can conduct cyber operations under the legal authorities associated with the ongoing war against the Islamic State group. The U.S. has also struggled to defeat high-tech encryption techniques used by Islamic State and other groups to communicate. Experts have been working to find ways to defeat those programs.

Cyber Command is relatively new. Created in 2009, it did not begin operating until October 2010.

Early on, its key focus was on defending military networks, which are probed and attacked millions of times a day. But defense leaders also argued at length over the emerging issues surrounding cyberwarfare and how it should be incorporated.

The Pentagon is building 133 cyber teams by 2018, including 27 that are designed for combat and will work with regional commands to support warfighting operations. There will be 68 teams assigned to defend Defense Department networks and systems, 13 that would respond to major cyberattacks against the U.S. and 25 support teams.