Transcription
Homeland Threat AssessmentU.S. Department of Homeland SecurityHomeland Threat AssessmentOctober 2020With honor and integrity, we will safeguard the Americanpeople, our homeland, and our values
U.S. Department of Homeland Security2ContentsForewordStructure of the HTAThreats:CyberForeign Influence ActivityEconomic SecurityTerrorismTransnational Criminal OrganizationIllegal ImmigrationNatural Disasters368101417212325
U.S. Department of Homeland SecurityHomeland Threat Assessment3ForewordIn my role as Acting Secretary, I receiveintelligence, operational, law enforcement,and other information on a daily basis.This Homeland Threat Assessment (HTA),the first of its kind for the U.S. Departmentof Homeland Security (DHS), draws uponall sources of information and expertiseavailable to the Department, includingfrom intelligence, law enforcement, andour operational Components. The result isa “Whole-of-DHS” report on the threats tothe Homeland. This HTA is as close as theAmerican people will get to seeing andunderstanding the information that I seeas Secretary and that our employees see intheir national security missions. As you readthrough the HTA you should have faith inknowing that these threats were identifiedusing the best intelligence, operationalinformation, and employee knowledgeavailable to the Department.Identifying Threats using a Whole-of-DHSApproachThe men and women serving in ouroperational Components are the expertsin their national security and homelandsecurity missions, making their insightscritical in threat identification andprevention. Our operational Componentsprovided information about the threatsthey see and combat in performance oftheir mission. DHS is the first and last lineof defense against many threats facing our“DHS has a vital mission: to secure the nation from the manythreats we face. This requires the dedication of more than240,000 employees in positions that range from aviation andborder security to emergency response, from cybersecurityanalyst to chemical facility inspector. Our duties arewide-ranging, and our goal is clear — keeping America safe.”Secretary Chad Wolf, State of the Homeland, September 9, 2020country. Our ability to mitigate these threats ispredicated on our ability to understand themand to inform the American people. I hopeall Americans take a moment to review thisHTA and visit DHS.gov to learn how they canprotect themselves from these threats.Today’s Threat EnvironmentCombatting terrorism will always be a priorityto the Department of Homeland Security.Foreign terrorist organizations (FTO) still havethe intent to attack the Homeland withinand from beyond our borders. In the 19 yearssince September 11th, 2001, the United StatesGovernment (USG), DHS, and our foreignpartners have taken the fight directly to thoseresponsible for the attacks on that day, and toother FTOs who seek to destroy our countrybased on an ill-informed and twisted ideology.We have enhanced our ability to identifyand prevent individuals affiliated with theseorganizations from traveling or immigrating tothe United States. We have enhanced securityand processes at our airports, ports of entry,and beyond our borders. We have built theworld’s greatest counterterrorism ecosystemto keep Americans safe. More specifically, DHShas partnered with other USG agencies andforeign governments to raise the baseline forscreening and vetting in the United States. Inthe last few years we have enhanced existingvetting programs, created the NationalVetting Center (NVC), expanded biographic
4Homeland Threat Assessmentand biometric information sharingprograms, and enacted national-levelpolicies requiring foreign governmentsto share essential information forvetting purposes or face potential travelrestrictions.Trade and economic security isHomeland Security. We are increasinglyconcerned about the threat posedby nation state actors in an emergingera of great power competition. DHSis specifically concerned with thedirect and indirect threat posed to theHomeland by the People’s Republic ofChina (PRC). The Chinese CommunistParty (CCP)-led PRC is challengingAmerica’s place as the world’s globaland economic leader. Threats emanatingfrom China include damaging the U.S.economy through intellectual propertytheft, production and distribution ofcounterfeit goods, and unfair tradepractices. DHS has a mandate to mitigatethese threats and we will do so with aclear-eyed view that China is a long-termstrategic competitor to the U.S.“ With honor andintegrity, we willsafeguard theAmerican people, ourHomeland, and ourvalues.”Domestic violent extremism is a threatto the Homeland. As Americans, we allhave the right to believe whatever wewant, but we don’t have a right to carryout acts of violence to further thosebeliefs. The Department works withother Government, non-Government,and private sector partners to preventindividuals from making this transitionfrom protected speech to domesticterrorism reflected by violence. AsSecretary, I am concerned about anyform of violent extremism. That iswhy we design our programs to bethreat agnostic – ensuring that we cancombat a broad range of domesticthreats. However, I am particularlyconcerned about white supremacistviolent extremists who have beenexceptionally lethal in their abhorrent,targeted attacks in recent years. I amproud of our work to prevent terrorizingtactics by domestic terrorists and violentextremists who seek to force ideologicalchange in the United States throughviolence, death, and destruction.U.S. Department of Homeland SecurityExploitation of Lawful and ProtectedSpeech and Protests. During the courseof developing the HTA we began to seea new, alarming trend of exploitationof lawful protests causing violence,death, and destruction in Americancommunities. This anti-government,anti-authority and anarchist violentextremism was identified by DHS inSeptember 2019 when we publishedour Strategic Framework for CounteringTerrorism and Targeted Violence. Asthe date of publication of this HTA, wehave seen over 100 days of violence anddestruction in our cities. The co-optingof lawful protests led to destruction ofgovernment property and have turneddeadly.Indeed, DHS law enforcement officerssuffered over 300 separate injuries andwere assaulted with sledgehammers,commercial grade fireworks, rocks, metalpipes, improvised explosive devices,and more. This violence, perpetratedby anarchist extremists and detailedin numerous public statements thatremain available on the DHS website,significantly threatens the Homeland byundermining officer and public safety—as well as our values and way of life.While the HTA touches on these issues,we are still in the nascent stages ofunderstanding the threat this situationposes to Americans, the Homeland, andthe American way of life.Cyber security threats from nation-statesand non-state actors presentchallenging threats to our Homelandand critical infrastructure. DHS has acritical mission to protect America’sinfrastructure, which includes our cyberinfrastructure. We are concerned withthe intents, capabilities, and actions ofnation-states such as China, Russia, Iran,and North Korea. Nation-state targetingof our assets seeks to disrupt theinfrastructure that keeps the Americaneconomy moving forward and posesa threat to national security. On topof the threats to critical infrastructure,cybercriminals also target our networksto steal information, hold organizations
Homeland Threat Assessmenthostage, and harm American companies for theirown gain.Nation-states will continue to try to undermineAmerican elections. Threats to our election havebeen another rapidly evolving issue. Nation-stateslike China, Russia, and Iran will try to use cybercapabilities or foreign influence to compromiseor disrupt infrastructure related to the 2020 U.S.Presidential election, aggravate social and racialtensions, undermine trust in U.S. authorities,and criticize our elected officials. Perhaps mostalarming is that our adversaries are seeking tosway the preferences and perceptions of U.S.voters using influence operations. Americans needto understand this threat and arm themselves withall information available to avoid falling prey tothese tactics.While Russia has been a persistent threat byattempting to harm our democratic and electionsystems, it is clear China and Iran also pose threatsin this space. The IC’s Election Threat Update fromAugust 2020 and Microsoft’s announcement ofcyber-attacks from China, Russia, and Iran providefurther evidence of this threat and underscore theimportance in public and private partnerships tosecure democratic processes. DHS’s #Protect2020website can help you understand the threat toour elections and increase your preparedness andawareness.Transnational Criminal Organizations (TCOs)continue to profit at the expense of Americanlives. Mexican cartels and other TCOs will continueto smuggle hard narcotics like fentanyl, heroin,and methamphetamine into our communities,contributing to an alarming level of overdosesin the United States. No American communityis immune from the impact of these drugs.Furthermore, cartels will continue to usedangerous human smuggling methods tofacilitate migrants to our borders, putting thesemigrants and our officers and agents at significantrisk given the current COVID-19 pandemic.The threat of illegal and mass migration to theUnited States. Traditional migration push factorslike insecurity and economic conditions continueto push individuals north to the United States.While we are addressing illegal migration througha network of initiatives, we are concerned thatduring a pandemic this poses a more specificthreat to the migrants, the communities theyU.S. Department of Homeland Securitytransit, to U.S. border communities, and to ourofficers and agents who encounter migrantswhen they enter the United States. To mitigationthis threat we instituted enhanced restrictionsat our borders, limited travel to only essentialtravelers and implemented a Center for DiseaseControl (CDC) order that protects Americans fromCOVID-19.Natural occurrences continue to harm the life andproperty of Americans. In 2020 alone we haveseen an unprecedented storm season that hastaken the livelihoods of many Americans in ourGulf states and a historic wildfire season that hascaused devastation on the West Coast. Americansin-between our coasts also face the threat ofnatural disasters from a variety of causes. Ontop of the threat to life and safety, these eventshave devastating impacts on local and nationaleconomies. The Department is at the forefront ofproviding information to help Americans prepare,and we stand ready to respond after these eventsoccur.Likewise, a foreign-born virus reached ourshores in 2020. COVID-19 is the most recent anddeadly, in a list of infectious diseases that havethreatened the lives of Americans. We have seenunprecedented impact to life, health, and publicsafety from COVID-19 and taken action to preventour healthcare system from being overburdenedfrom COVID-19 patients. DHS was at the forefrontmitigating threat and we took decisive action torestrict air and sea travel from disease hot-spots,close our land borders to non-essential travel,provide lifesaving PPE to Americans, preventfraudulent PPE from entering our supply chains,and identify fraudsters who are trying to exploitthis situation for their own personal gain.ConclusionAs you read the HTA you will become more acutelyaware of the threats facing the American people,the Homeland, and the American way of life.You will also gain a clearer picture of the broadmission of the Department of Homeland Security.It is my privilege and honor to serve as the ActingSecretary of an organization whose employeeswillingly and bravely put themselves in harm’s wayevery day to protect us all. The men and women ofthe Department live up to our motto: With honorand integrity, we will safeguard the Americanpeople, our Homeland, and our values.5
6Homeland Threat AssessmentU.S. Department of Homeland SecurityStructure of the Threat AssessmentThe Department of Homeland Security (DHS) is the first and last lineof defense against the many threats facing our country. Our ability tomitigate these threats is predicated on our ability to understand them andto inform the American people. The DHS Homeland Threat Assessment1(HTA) identifies the primary threats facing the United States of Americaat and inside our borders. This Assessment draws upon all sources ofinformation and expertise available to the Department, including fromintelligence, law enforcement, and our operational components.The purpose of the HTA is to provide theAmerican people with an overview of theinformation collected and analyzed by DHSemployees around the world and provided to theSecretary of Homeland Security.The HTA is primarily informed by intelligenceanalysis prepared by the DHS Office ofIntelligence and Analysis (I&A) and by theComponent intelligence offices, which identifiedthe leading security threats to the Homelandbased on a review of all-source intelligenceinformation and analysis. Given the array ofpotential issues, I&A’s scoped its analysis tofocus on key threats covered by the intelligenceelements of the Department, which expertanalysts considered most likely and with thepotential to significantly affect U.S. security.The HTA was also informed by the expertiseand insights of the Department’s OperationalComponents, which assess and respond tothreats on a daily basis, as well as the informedviews of the DHS Office of Strategy, Policy, andPlans (PLCY), which leads threat identification andprevention activities.This inaugural HTA presents a holistic lookfrom across the Department and providesthe American people with the mostcomplete, transparent, and candid look atthe threats facing our Homeland. It breaksdown the major threats to the Homeland inthe following sections:1. The Cyber Threat to the Homeland2. Foreign Influence Activity in theHomeland3. Threats to U.S. Economic Security4. The Terrorist Threat to the Homeland5. Transnational Criminal OrganizationThreats to National Security6. Illegal Immigration to the UnitedStates7. Natural DisastersAs used in this document, “Threat Assessment” has the meaning given in the DHS Lexicon: a “product or process of evaluating information based on a setof criteria for entities, actions, or occurrences, whether natural or manmade, that have or indicate the potential to harm life, information, operations and/or property.”1
Homeland Threat AssessmentU.S. Department of Homeland SecurityWE STAND READY TO RISEAND FACE THE NEXTCHALLENGE THAT THREATENSOUR HOMELAND.7
8U.S. Department of Homeland SecurityHomeland Threat AssessmentThe Cyber Threat to the HomelandCyber threats to the Homeland from both nation-states and non-stateactors will remain acute. U.S. critical infrastructure faces advanced threatsof disruptive or destructive cyber-attacks. Federal, state, local, tribal andterritorial governments, as well as the private sector, will experience anarray of cyber-enabled threats designed to access sensitive information,steal money, and force ransom payments.Nation State ThreatsRussia—which possesses some of the mostsophisticated cyber capabilities in the world—can disrupt or damage U.S. critical infrastructurenetworks via cyber-attacks. Russian state-affiliatedactors will continue targeting U.S. industry andall levels of government with intrusive cyberespionage to access economic, policy, and nationalsecurity information to further the Kremlin’sstrategic interests. Russia probably can conduct cyber-attacksthat would result in at least localized effectsover hours to days and probably is developingcapabilities that would cause more debilitatingeffects.We expect Russian cyber actors to use a rangeof capabilities including social engineering,publicly known software and hardwarevulnerabilities, poorly configured networks,and sophisticated “zero-day” attacks thatexploit security weaknesses in software.Under Russian law, the Federal Security Service(FSB) can compel Russian firms doing businessin the United States—or Russians working withU.S. firms—to comply with FSB informationsharing and operational mandates, presentingadditional routes for cyber espionage.China already poses a high cyber espionagethreat to the Homeland and Beijing’s cyber-attackcapabilities will grow. Chinese cyber actors almostcertainly will continue to engage in wide-rangingcyber espionage to steal intellectual property2 andpersonally identifiable information (PII) from U.S.businesses and government agencies to bolstertheir civil-military industrial development, gainan economic advantage, and support intelligenceoperations. China possesses an increasing abilityto threaten and potentially disrupt U.S. criticalinfrastructure. We expect China’s cyber operations againstU.S. companies to focus on the criticalmanufacturing, defense industrial base, energy,healthcare, and transportation sectors. Beijing has targeted information technologyand communications firms whose productsand services support government andprivate-sector networks worldwide, whileconcurrently advocating globally for Chineseinformation technology companies that couldserve as espionage platforms. Under China’s 2017 National Intelligence Law,Beijing can compel businesses based in Chinaand Chinese citizens living abroad to provideintelligence to the Chinese government. We remain concerned about China’s intent tocompromise U.S. critical infrastructure in orderto cause disruption or destruction. China’s efforts to dominate the 5G world posenew challenges to U.S. efforts to nationalsecurity, privacy, resistance to malign influence,and human rights. The exponential increasesin speed, connectivity, and productivitycould render American systems particularlyvulnerable to Chinese cyber threats.While Russia and China are the most capablenation-state cyber adversaries, Iranian and NorthKorean cyber actors also pose a threat to U.S.systems, networks, and information. Iran continuesto present a cyber espionage threat and isdeveloping access in the Homeland that could berepurposed for destructive cyber-attacks. NorthKorean cyber capabilities, while sophisticated,probably will remain confined to criminal
U.S. Department of Homeland SecurityHomeland Threat Assessmentgeneration of revenue. If Pyongyang’s intentchanges, however, it probably could quickly buildcapabilities to conduct broader espionage activity orthreaten infrastructure with disruptive cyber-attacks.activities, including efforts to target voterregistration systems; to compromise electionsystem supply chains; to exploit poor cybersecuritypractices on protected election systems ornetworks; or to hack official election websites orsocial media accounts.CybercrimeCybercriminals increasingly will target U.S.critical infrastructure to generate profit, whetherthrough ransomware, e-mail impersonation fraud,social engineering3, or malware. Undergroundmarketplaces that trade in stolen information andcyber tools will continue to thrive and serve as aresource, even for sophisticated foreign adversaries. Ransomware attacks—which have at leastdoubled since 2017—often are directed againstcritical infrastructure entities at the state andlocal level by exploiting gaps in cybersecurit Victims of cybercriminal activity in 2018 reportedover 2.7 billion in losses—more than twicethe amount lost in 2017. This figure does notrepresent the full scope of loss because somevictims do not report incidents.Cyber Threat to the U.S. Democratic ProcessesSome state or non-state actors likely will seek to usecyber means to compromise or disrupt infrastructureused to support the 2020 U.S. Presidential electionand the 2020 U.S. Census. Given the nationalimportance of these events, any related cyberactivities—or mere claims of compromise—mightfuel influence operations aimed at depressing voterturnout or census participation, misinforming aboutdemocratic processes, or shaping perceptions aboutthe integrity or outcome of the election or census(see subsequent section regarding Foreign Influencein the Homeland). Advanced persistent threat or other maliciouscyber actors likely will target election-relatedinfrastructure as the 2020 Presidential electionapproaches, focusing on voter PII, municipal orstate networks, or state election officials directly.Operations could occur throughout the 2020election cycle—through pre-election activities,Election Day, and the post-election period.Adversaries’ cyber capabilities vary greatly—as does the cyber defensive posture of electoralboards to stymie such actors. Adversariescould attempt a range of election interference9 Unidentified cyber actors have engaged insuspicious communications with the U.S. Censuspublic-facing network over at least the last year,including conducting vulnerability scans andattempting unauthorized access. Cyber activitydirected at the U.S. Census could include attemptsto gain illicit access to census-gathered bulk data;to alter census registration data; to compromise thecensus infrastructure supply chain; or conductingdenial-of-service attacks.OPPORTUNITY FOR CYBER ACTORSTO EXPLOIT COVID-19Both cybercriminals and nation-state cyber actors—motivated by profit, espionage, or disruption—willexploit the COVID-19 pandemic by targeting the U.S.healthcare and public health sector; governmentresponse entities, such as the U.S. Departmentof Health and Human Services and the FederalEmergency Management Agency; and the broaderemergency services sector. Cybercriminals most likely will deployransomware for financial gain, whereasnation-state cyber actors might seek to captureinsights into U.S. response plans and scientificinformation related to testing, therapeutics, andvaccine development. We expect that cybercriminals and nation-statecyber actors will target victims in the UnitedStates with COVID-19-themed spear-phishinge-mails, which we already have observedoverseas. These e-mails appear to claim to befrom official government sources, including theU.S. Centers for Disease Control and Preventionand the U.S. Department of State.On Thursday, September 17, 2020, FBI Director Wray described China’s unmatched success in stealing American intellectual property as “the greatest transfer of wealth in the history of theworld.” U.S. House of Representatives, Committee on Homeland Security, Annual Hearing on Threats to the Homeland.3Social engineering is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of apotential victim’s natural tendencies and emotional reactions.2
10U.S. Department of Homeland SecurityHomeland Threat AssessmentForeign Influence Activity in the U.S.Foreign influence activity will target U.S. foreign and domestic policy,international events such as COVID-19, and democratic processes andinstitutions, including the 2020 Presidential election. Russia is the likelyprimary covert influence actor and purveyor of disinformation andmisinformation within the Homeland. We assess that Moscow’s primaryobjective is to increase its global standing and influence by weakeningAmerica—domestically and abroad—through efforts to sow discord,distract, shape public sentiment, and undermine trust in Westerndemocratic institutions and processes.Amplifying U.S. Socio-Political Division be framed in the context of the U.S.election—seemingly in support of oropposition to political candidates—we assess that Moscow’s overarchingobjective is to weaken the UnitedStates through discord, division, anddistraction in hopes that Americabecomes less able to challengeRussia’s strategic objectives.Russian influence actors will continue using overt andcovert methods to aggravate social and racial tensions,undermine trust in U.S. authorities, stoke politicalresentment, and criticize politicians who Moscow viewsas anti-Russia. Although some of this activity might Russian influence actors will engagein media manipulation—acrosssocial media platforms, proxywebsites4, and traditional media, toinclude state-controlled outlets—toexacerbate U.S. social, political, racial,and cultural fault lines.5 Russian actors will attempt toundermine national unity andsow seeds of discord that exploitperceived grievances within minoritycommunities, especially amongAfrican Americans. Russian influenceactors often mimic target audiencesand amplify both sides of divisiveissues to maximize discord, tailoringmessaging to specific communities to“push and pull” them in different ways. The Russian government promulgatesmisinformation, threats, andnarratives intended to incite panic oranimosity among social and politicalgroups. For example, Russian actorsamplified narratives such as U.S. law4Proxy Website: Foreign news outlets, think tanks, and investigative journalist websites on behalf of foreign governments or foreign government-linkedbusinessmen and oligarchs in a non-overt or non-attributed way and that echo foreign government narratives, talking points, and disinformation. Statemedia often cite these proxy websites and portray them as credible and independent sources of information.
U.S. Department of Homeland SecurityHomeland Threat Assessmentenforcement ignoring ICE detention requestsand releasing an illegal immigrant accused ofrape; assaults on supporters and opponentsof the President; and portrayals of U.S. lawenforcement as racially biased. Russian influenceactors also have exploited national tragedies,such as the 2017 mass shooting in Las Vegas, andprotest movements—sometimes magnifyingboth a protest and a counter-protest—such asthe 2017 protest activity in Charlottesville.COVID-19 Influence NarrativesRussian online influence actors are advancingmisleading or (what they perceive as) inflammatorynarratives about the COVID-19 pandemic probablyto stoke fear, undermine the credibility of the U.S.government, and weaken global perceptions ofAmerica. Moscow probably will study the Americanpublic’s reaction to its COVID-19 disinformationto improve future influence campaigns aimed atshaking public confidence in Washington, whichit can unleash opportunistically during a crisis,hostilities, or a period of degraded relations. Russian online influence actors have claimedthat the U.S. President is incapable of managingthe COVID-19 crisis and sought to exacerbatepublic concerns by amplifying content critical ofthe U.S. response to the public health crisis andthe economic downturn. In contrast, the actorshighlighted China’s and Russia’s alleged successagainst the COVID-19 outbreak and praisedPresident Putin’s COVID-19 plan and Russia’sample supply of tests. Russian online influence actors spreadmisinformation and conspiracy theoriesabout the origin of COVID-19, claiming it is aU.S.-engineered biological weapon that U.S.military officials spread in China.Chinese operatives probably are wagingdisinformation campaigns using overt andcovert tactics—including social media trolls—to shift responsibility for the pandemic to othercountries, including the United States. Chinamight increase its influence activities in responseto what it views as anti-China statements fromthe U.S. Government over China’s role in thepandemic. Since August 2019, more than 10,000suspected fake Twitter accounts havebeen involved in a coordinated influencecampaign with suspected ties to the ChineseGovernment. Among these are hackedaccounts from users around the world thatpost messaging and disinformation aboutthe COVID-19 pandemic and other topics ofinterest to China. China’s Foreign Ministry, state media, andofficial Twitter accounts promote overtnarratives claiming the coronavirus mayhave originated in the United States, criticizethe U.S. pandemic response, and publicizeFOREIGN INFLUENCE DEFINITIONS:Foreign Influence. Any covert, fraudulent, deceptive, or unlawful activity of foreign governments—or personsacting on their behalf—undertaken with the purpose or effect of influencing, undermining confidence in, oradversely affecting U.S. democratic processes or institutions or otherwise affecting socio-political sentiment orpublic discourse to achieve malign objectives. Covert Influence: Activities in which a foreign government hides its involvement, including the use of agentsof influence, covert media relationships, cyber influence activities, front organizations, organized crimegroups, or clandestine funds for political action. Overt Influence: Activities that a foreign government conducts openly or has clear ties to, including the use ofstrategic communications, public diplomacy, financial support, and some forms of propaganda. Disinformation: A foreign government’s deliberate use of false or misleading information intentionallydirected at another government’s decisionmakers and decision-making processes to mislead the target, forceit to waste resources, or influence a decision in favor of a foreign government’s interests. Misinformation: Foreign use of false or misleading information. Misinformation is broader than disinformationbecause it targets a wide audience rather than a specific group.We note that U.S. Persons linking, citing, quoting, or voicing the same themes, narratives, or opinions raised by these influence activities likely are engaging in First Amendment-protected activity, unless they are acting at the direction or under the control of a foreign threat actor. Furthermore, variants of the topics covered in this report, even thosethat include divisive terms, should not be assumed to reflect foreign influence or malign activity absent information specifically attributing the content to malign foreign actors.511
12U.S. Department of Homeland SecurityHomeland Threat AssessmentChina’s COVID-19-related medical assistanceto U.S. cities and states. China has doubledthe number of official government postsdisseminating false narratives about COVID-19and has carried out persistent and la
Homeland Threat Assessment U.S. Department of Homeland Security. 3 “DHS has a vital mission: to secure the nation from the many threats we face. This requires the dedication of more than 240,000 employees in positions that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility inspector.
