Saturday, January 4, 2020

Finally, a Real NTAS Bulletin

Today the DHS Cybersecurity and Infrastructure Security Agency published a National Terrorism Advisory System (NTAS) Bulletin concerning a possibility of a set of potential terrorist threats against the United States by the government of Iran because of this week’s US assassination (okay my word not CISA’s) of Iran’s General Qassem Soleimani.

NTAS Background

In 2011, the Department of Homeland Security replaced the old and usually ignored color-coded alert system with the new NTAS system. For more that four years the NTAS website remained empty of any vacuous warnings about an unchanging terrorist threat to the Homeland; DHS was being careful to avoid the ‘cry wolf’ problem that had plagued the old system.

Originally, the NTAS was expected to issue alerts when there was information available about specific credible threats of an imminent terrorist attack. The idea being that when such an alert was actually issued, the public would be able to respond in some sort of effective manner and not just yawn.

On December 16th, 2015 that system was modified by adding three levels of terrorist attack warnings:

• BULLETIN - Describes current developments or general trends regarding threats of terrorism.
• ELEVATED ALERT - Warns of a credible terrorism threat against the United States.
• IMMINENT ALERT - Warns of a credible, specific and impending terrorism threat against the United States.

The same day that that change to the NTAS was made, the first Bulletin was published. And with that Bulletin, we also learned that a bulletin was issued for a specific period of time. The first bulletin would expire in six months. The second Bulletin was published just before the first expired, but it was given just five months before it expired. The third bulletin [no CAP ‘B” is an editorial comment on my part]; you guessed it, pretty much the same as the first. I stopped reporting about bulletin updates in May of 2018; I still periodically check the NTAS website, but I have generally stopped talking about the Bulletins.

What’s Different This Time?

First off, this Bulletin starts off with a brief (three bullet points) description of why Iran might be upset enough with us this week to do something about it. Next the comes the obligatory “At this time we have no information indicating a specific, credible threat to the Homeland” but the same bullet point notes that: “Iran and its partners, such as Hizballah, have demonstrated the intent and capability to
conduct operations in the United States”. Then there are three basic bullet points about how the Iranian threat could possibly be expected to be seen to develop:

• Iran maintains a robust cyber program and can execute cyber attacks against the United
States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive
effects against critical infrastructure in the United States.

• Iran likely views terrorist activities as an option to deter or retaliate against its perceived
adversaries. In many instances, Iran has targeted United States interests through its
partners such as Hizballah.

• Homegrown Violent Extremists could capitalize on the heightened tensions to launch individual attacks.

And, of course, the bulletin ends with this final feel good comment: “The Department of Homeland Security is working closely with our federal, state, local, and private sector partners to detect and defend against threats to the Homeland, and will enhance security measures as necessary.”

Finally, the Bulletin expires in 14 days.


Okay, there is not any real actionable information here, but then again “At this time we have no information indicating a specific, credible threat to the Homeland.” With out any ‘specific, credible threat’ information, there can hardly be any actionable information to share. If there were, it would not be a bulletin, but either an Elevated Alert or an Imminent Alert. Hopefully, we can avoid seeing any of those.

Okay, so what is a facility security officer to do with this type of information? I did one of my longer blog posts back in 2011: Enhanced Security Planning. The information still applies.

No comments:

/* Use this with templates/template-twocol.html */