Category Archives: THE WHITE HOUSE

TOP-SECRET – DHS Terrorist Use of Improvised Incendiary Devices and Attack Methods


(U//FOUO) Improvised incendiary devices (IIDs) typically are less expensive to make than improvised explosive devices but still are capable of creating mass casualties and causing widespread fear and panic.

(U//FOUO) Improvised incendiary devices (IIDs) can be constructed easily from everyday materials available at hardware and grocery stores.

(U//FOUO) IIDs can be used against many types of infrastructure targets; violent extremists have used them successfully in attacks in the United States and overseas.

(U//FOUO) The DHS/Office of Intelligence and Analysis (I&A) has no credible or specific intelligence indicating current terrorist attack planning featuring use of IIDs against infrastructure in the United States. The ease with which IIDs can be constructed and used, however, makes it difficult to detect and prevent such attacks.

(U) Improvised Incendiary Devices Can Be Constructed from Common Materials

(U//FOUO) An IID consists of an ignition source, a flammable or combustible fuel —including kerosene, cigarette and charcoal lighter fluid, motor fuels, such as gasoline or diesel, and reactive chemicals—and some type of container, such as propane cylinders, plastic pipes, bottles, and cans. IIDs range in sophistication from very simple and easily-constructed Molotov cocktails—which are made by filling a glass bottle with fuel and lighting a rag placed in the top—to more complicated timed devices consisting of a sodium and acid mixture.

(U) U.S. Infrastructure Vulnerable to Improvised Incendiary Device Attack

(U//FOUO) The accessibility of many types of infrastructure, such as government facilities, national monuments, various transportation and energy assets, and commercial facilities, make them susceptible to IID attacks. Passenger trains, ferries, and other public conveyances are among the more attractive targets for terrorists because they often have large numbers of people enclosed in concentrated areas that are difficult to evacuate rapidly.

(U) Previous Use of Improvised Incendiary Devices in the United States

(U//FOUO) Violent extremists have used IIDs against government facilities and vehicles, commercial facilities, and railroad lines. Their most frequent targets have been healthcare, educational and research facilities, and scientists and research personnel.

(U) Improvised Incendiary Device Attacks Abroad

(U) Terrorists using IIDs achieved their most notable success in a February 2007 attack by Kashmiri operatives who placed six suitcase IIDs in three cars of the “Friendship Express” passenger train traveling from India to Pakistan. Four of the six IIDs ignited, causing fires in two passenger cars that killed 68 people and injured 13. Other incidents, like those in the United States, have achieved mixed results.

— (U) In May 2008, an ethnic Uighur woman aboard a domestic flight bound for Beijing, China attempted to ignite a flammable liquid in a beverage can. She aroused suspicions when she exited the lavatory to pick up a second can after the first failed to ignite and produced a smell of gasoline.

— (U) In June 2007, two men drove a burning jeep with several gasoline-filled containers into the main terminal building at the Glasgow, Scotland airport, causing structural damage to the front of the building but no casualties.

— (U) In July 2006, two men plotted to attack two trains in Germany using suitcases filled with butane and gasoline, but the devices failed to ignite. German prosecutors claimed, however, that the trains would have become “balls of fire” had the IIDs functioned as planned


CONFIDENTIAL -DHS Infrastructure Protection Note: Evolving Threats to the Homeland


(U//FOUO) The Office of Infrastructure Protection (IP) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Infrastructure Protection Notes to address issues impacting the infrastructure protection community’s risk environment from terrorist threats and attacks, natural hazards, and other events. Based on the analysis within the DHS Office of Intelligence and Analysis product Evolution of the Terrorist Threat to the United States this IP Note outlines the evolution of terrorist threats and impacts to the Nation’s critical infrastructure.


  • (U//FOUO) Given recent terrorist activity, homeland security partners should operate under the premise that other operatives are in the country and could advance plotting with little or no warning.
  • (U//FOUO) Al-Qa’ida and its affiliates are focusing on smaller operations in the United States that are harder to detect but more likely to succeed than the large-scale attacks they once emphasized.
  • (U//FOUO) The increasing prevalence and role of Westerners (including U.S. citizens) in al-Qai’da and associated groups, either as leaders or operatives, gives these individuals knowledge of Western culture and security practices.
  • (U//FOUO) HITRAC assesses the sectors at greatest risk from these attack scenarios are Commercial Facilities, Government Facilities, Banking and Finance, and Transporation.


(U//FOUO) The U.S. Homeland faces a persistent and evolving terrorist threat from a number of violent “jihadist” groups that are aligned ideologically with, but not necessarily directed by, al-Qa’ida. These groups are driven by their undiminished intent to attack the Homeland and a continued effort by these terrorist groups to adapt and improve their capabilities.

(U//FOUO) Al-Qai’da and its affiliates will continue to enhance its capabilities to attack the Homeland through greater cooperation with regional terrorist groups. Historically, al-Qa‘ida has focused on prominent political, economic, and infrastructure targets with the intent to produce mass casualties, visually dramatic destruction, significant economic aftershocks, and fear among the population. The group is innovative in creating new capabilities and overcoming security obstacles.

(U) Potential Attack without Warning

(U//FOUO) There is an increased challenge in detecting terrorist plots underway because of the current trend and tactics which use individuals or small groups acting quickly and independently or with only tenuous ties to foreign handlers. State, local, tribal, and private sector partners play a critical role in identifying suspicious activities and raising awareness of federal counterterrorism officials.

(U//FOUO) Given recent terrorist activity, homeland security partners should operate under the premise that other operatives are in the country and could advance plotting with little or no warning.

(U) Increased Frequency of Attacks Possible

(U//FOUO) Recent events suggest a trend in which terrorists seek to conduct smaller, more achievable attacks against easily accessible targets. Within the past year, attempted attacks and plots in the United States progressed to an advanced stage largely because of these groups’ ability to use operatives that have access to and familiarity with the U.S. as well as their use of new and varied attack patterns.

(U//FOUO) The evolving threat and increasing resilience of al-Qa’ida and other terrorist organizations have been highlighted by a number of recent domestic events, including the Times Square bombing attempt, the Fort Hood attack and the December 2009 airline bomb plot. The number and pace of attempted attacks against the United States over the past nine months have surpassed the number of attempts during any other previous one-year period.

(U) Globalization trends and recent technological advances will continue to enable even small numbers of alienated people to find and connect with one another, justify and intensify their anger, and mobilize resources to attack – all without requiring a centralized terrorist organization, training camp, or leader.

(U//FOUO) The increasing prevalence and role of Westerners (including U.S. citizens) in al-Qai’da and associated groups, either as leaders or operatives, gives these individuals knowledge of Western culture and security practices. U.S. persons who hold leadership positions in al-Qai’da and associated groups have also called publicly on Western individuals to wage jihad by conducting attacks locally.

(U//FOUO) The analysis below builds on these judgments by identifying the relative risk of attacks

TOP SECRET from the Homeland Security – DHS Mass Transit and Passenger Railroad Systems Terrorist Attack Preparedness Info Regarding a Realistic Threat


(U//FOUO) Terrorist attack tactics used against mass transit and passenger railroad systems abroad provide insights that can assist law enforcement officers in securing these critical infrastructure assets. The chart below highlights common tactics noted in attempted or successful use of explosive or incendiary devices against mass transit or passenger railroad systems in attacks conducted between March 2004 and November 2009. The information about these attacks provides insights into device type, selection, and construction and can help law enforcement identify patterns and develop protective measures. Analysis shows terrorists have timed attacks during periods of peak ridership; used multiple, coordinated, drop-and-leave devices in identical or similar baggage; and placed devices inside rail cars to cause casualties among passengers.




Unveiled – Letter from President Roosevelt to Stalin on an Acceptable Compromise


February 6, 1945

My dear Marshal Stalin:

I have been giving a great deal of thought to our meeting this afternoon, and I want to tell you in all frankness what is on my mind.

In so far as the Polish Government is concerned, I am greatly disturbed that the three great powers do not have a meeting of minds about the political setup in Poland. It seems to me that it puts all of us in a bad light throughout the world to have you recognizing one government while we and the British are recognizing another in London. I am sure this state of affairs should not continue and that if it does it can only lead our people to think there is a breach between us, which is not the case. I am determined that there shall be no breach between ourselves and the Soviet Union. Surely there is a way to reconcile our differences.

Marshal V. I. [sic] Stalin,
Koreis, The Crimea

I was very much impressed with some of the things you said today, particularly your determination that your rear must be safeguarded as your army moves into Berlin. You cannot, and we must not, tolerate any temporary government which will give your armed forces any trouble of this sort. I want you to know that I am fully mindful of this.

You must believe me when I tell you that our people at home look with a critical eye on what they consider a disagreement between us at this vital stage of the war. They, in effect, say that if we cannot get a meeting of minds now when our armies are converging on the common enemy, how can we get an understanding on even more vital things in the future.

I have had to make it clear to you that we cannot recognize the Lublin Government as now composed, and the world would regard it as a lamentable outcome of our work here if we parted with an open and obvious divergence between us on this issue.

You said today that you would be prepared to support any suggestions for the solution of this problem which offered a fair chance of success, and you also mentioned the possibility of bringing some members of the Lublin government here.

Realizing that we all have the same anxiety in getting the matter settled, I would like to develop your proposal a little and suggest that we invite here to Yalta at once Mr. Beirut [Bierut] and Mr. Osubka Morawski from the Lublin government and also two or three from the following list of Poles, which according to our information would be desirable as representatives of the other elements of the Polish people in development of a new temporary government which all three of us could recognize and support: Bishop Sapieha of Cracow, Vincente [Wincenty] Witos, Mr. Zurlowski [Zulawski], Professor Buyak [Bujak], and Professor Kutzeva [Kutzeba]. If, as a result of the presence of these Polish leaders from abroad such as Mr. Mikolajczyk, Mr. Grabski, and Mr. Romer, the United States Government, and I feel sure the British government as well, would be prepared to examine with you conditions in which they would dissociate themselves from the London government and transfer their recognition to the new provisional government.

I hope that I do not have to assure you that the United States will never lend its support in any way to any provisional government in Poland that would be inimical to your interest.

It goes without saying that any interim government could be formed as a result of our conference with the Poles here would be pledged to the holding of free elections in Poland at the earliest possible date. I know this is completely consistent with your desire to see a new free and democratic Poland emerge from the welter of this war.

Most sincerely yours

Franklin Roosevelt

TOP-SECRET – DHS Testimony on Social Networking and Media Monitoring

Joint testimony of Chief Privacy Officer Mary Ellen Callahan, and Operations Coordination and Planning Director Richard Chávez for a House Committee on Homeland Security, Subcommittee on Counterterrorism and Intelligence hearing on DHS monitoring of social networking and media

311 Cannon


Chairman Meehan, Ranking Member Speier, and Members of the subcommittee, we appreciate the opportunity to be here today to discuss the Department of Homeland Security’s (DHS) use of social media, and the privacy protections the DHS Privacy Office has put into place.

Social media are web-based and mobile technologies that turn communication into an interactive dialogue in a variety of online fora. It may be appropriate for the government, including DHS, to use social media for a variety of reasons. The President has challenged his Administration to use technology and tools to create a more efficient, effective, and transparent government1. DHS recognizes that the use of social media by government actors must occur with appropriate privacy, civil rights, and civil liberties protections; whether DHS is disclosing its information and press releases via social media platforms like Twitter and Facebook, reviewing news feeds for situational awareness, or researching identified, discrete targets for legitimate investigatory purposes. Accordingly, DHS has created Department-wide standards designed to protect privacy, civil rights, and civil liberties in each category of its use. There are three general ways in which DHS utilizes social media, and each has associated privacy protections:

  • External communications and outreach between the Department and the public;
  • Awareness of breaking news of events or situations related to homeland security, known as “situational awareness;” and
  • Operational use, when DHS has the appropriate authorities, such as law enforcement and investigations.

In each category, the Department has established and enforces standards that incorporate privacy protections ex ante, create uniform standards across the components and Department, and are transparent with regard to the scope of our activities

External Communications and Outreach

Consistent with the President’s 2009 Memorandum on Transparency and Open Government, the Office of Management and Budget’s (OMB) Open Government Directive2 and OMB’s Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications3, the Department uses the social networking medium to provide the public with robust information through many channels. For example, DHS currently has a presence on many of the major social networking platforms, including Facebook, Twitter, and YouTube. In addition, FEMA launched a FEMA app for smartphones that contains preparedness information for different types of disasters. Similarly, the Transportation Security Administration has MyTSA Mobile Application, which enables the traveling public access to relevant TSA travel information, such as types of items that may be carried through TSA security checkpoints, or estimated wait times.

In 2009, the Department established a Social Media Advisory Group, with representatives from the Privacy Office; Office of General Counsel; Chief Information Security Officer; Office of Records Management; and Office of Public Affairs to ensure that a variety of compliance issues including privacy, legal, security, and records management issues are addressed as DHS uses social media. This group governs and provides guidance on social media initiatives related to external communications and public outreach by reviewing recommendations from components and offices and evaluating Terms of Service agreements and Terms of Use policies. The group also developed a social media use plan, while working to ensure compliance issues are addressed and resolved before the first Department use of a particular application of social media.

DHS also established Department-wide standards for use of social media for communications and outreach purposes through the creation, and development of, two Privacy Impact Assessments (PIAs). The PIAs address two types of uses of social media within the communications/outreach category: 1) interactive platforms where the Department has official identities, using those profiles to provide information about the Department and its services, while having the ability to interact with members of the public such as allowing them to post comments on the official Department page or profile;4 and 2) unidirectional social media applications encompassing a range of applications, often referred to as applets or widgets, that allow users to view relevant, real-time content from predetermined sources, such as podcasts, Short Message Service (SMS) texting, audio and video streams, and Really Simple Syndication (RSS) feeds.5

The PIAs analyze the Department’s use of social media and networking for communications purposes, if and how these interactions and applications could result in the Department receiving personally identifiable information (PII), and the privacy protections in place. The PIAs describe the information the Department may have access to, how it will use the information, what information is retained and shared, and how individuals can gain access to and correct their information. For example, official DHS accounts across social media and networking websites and applications must be identified by the component or Department seal as well as an anonymous, but easily identifiable user name account displaying a DHS presence, such as “DHS John Q. Employee.” Both the communications and outreach PIAs also include periodically-updated appendices that identify the specific Department-approved profiles and applications. In addition, the PIAs contain provisions that Department-approved profiles are subject to Privacy Compliance Reviews by the DHS Privacy Office.

Situational Awareness

The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), has a statutory responsibility (Section 515 of the Homeland Security Act (6 U.S.C. § 321d(b)(1))) to provide situational awareness and establish a common operating picture for the federal government, and for state, local, tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other man-made disaster, and (2) ensure that critical terrorism and disaster-related information reaches government decision-makers. Traditional media sources, and more recently social media sources, such as Twitter, Facebook, and a vast number of blogs, provide public reports on breaking events with a potential nexus to homeland security. By examining open source traditional and social media information, comparing it with many other sources of information, and including it where appropriate into NOC reports, the NOC can provide a more comprehensive picture of breaking or evolving events. To fulfill its statutory responsibility to provide situational awareness and to access the potential value of the public information within the social media realm, in 2010, the NOC launched the first of three pilots using social media monitoring related to specific natural disasters and international events.

Beginning with the pilots, the reason the NOC utilizes social media tools is to identify breaking or evolving incidents and events to provide timely situational awareness and establish a more complete common operating picture. The NOC views information from a variety of sources to include open source reporting and a variety of public and government sources. The NOC synthesizes these reports for inclusion in a single comprehensive report. These reports are then disseminated to DHS components, interagency partners, and state, local, tribal, territorial, and private sector partners with access to the NOC’s common operating picture. The content of the reports may be related to standing critical information requirements, emerging events potentially affecting the homeland, or special events such as the Super Bowl or the United Nations General Assembly.

Prior to implementing each social media pilot, the Privacy Office and the Office of Operations Coordination and Planning developed detailed standards and procedures associated with reviewing information on social media web sites. These standards and procedures are documented through a series of pilot-specific PIAs.6

The NOC pilots occurred during the 2010 Haiti earthquake response, the 2010 Winter Olympics in Vancouver, British Columbia; and the response to the April 2010, Deep Water Horizon Gulf Coast oil spill. For each of these pilots, the NOC utilized internet-based platforms to provide situational awareness and develop a common operating picture directly related to the response, recovery, and rebuilding efforts in Haiti by reviewing information on publicly-available online fora, blogs, public websites, and message boards. Following the three discrete social media monitoring pilots by the NOC, the Privacy Office did a thorough (and public) Privacy Compliance Review of the NOC’s implementation of the PIAs’ privacy protections.7 The Privacy Office’s review found that the NOC’s social media monitoring activities did not collect PII, did not monitor or track individuals’ comments, and complied with the stated privacy parameters set forth in the underlying PIAs.

Given the positive assessment of the three pilots, OPS and the Privacy Office designed a holistic set of privacy protections to be implemented whenever information made available through social media is being reviewed for situational awareness and establishing a common operating picture. In June 2010, the Department released its Publicly Available Social Media Monitoring and Situational Awareness Initiative PIA, incorporating these protections.8 This PIA describes how the NOC uses Internet-based platforms that provide a variety of ways to review information accessible on publicly-available online fora, blogs, public websites, and message boards. Through the use of publicly-available search engines and content aggregators, the NOC reviews information accessible on certain heavily-trafficked social media sites for information that the NOC can use to provide situational awareness and establish a common operating picture, all without monitoring or tracking individuals’ comments or relying on the collection of PII, with very narrow exceptions, discussed below.

The NOC does not: 1) actively seek PII except for the narrow exceptions; 2) post any information on social media sites; 3) actively seek to connect with internal/external social media users; 4) accept internal/external personal users’ invitations to connect; or 5) interact on social media sites. The NOC is, however, permitted to establish user names (consistent with the criteria established in the communications and outreach PIAs) and passwords to form profiles and follow relevant government, media, and subject matter experts on social media sites as described in the June 2010 PIA; and to use search tools under established criteria and search terms that support situational awareness and establishing a common operating picture.

As part of the publication of the June 2010 PIA, the Privacy Office mandates Privacy Compliance Reviews every six months. After conducting the second Privacy Compliance Review, the Privacy Office determined that this PIA should be updated to allow for the collection and dissemination of PII in a very limited number of situations in order to respond to the evolving operational needs of the NOC. After January 2011, this PII on the following categories of individuals may be collected when it lends credibility to the report or facilitates coordination with federal, state, local, tribal, territorial, and foreign governments, or international law enforcement partners:

  • U.S. and foreign individuals in extremis, i.e., in situations involving potential life or death circumstances;
  • Senior U.S. and foreign government officials who make public statements or provide public updates;
  • U.S. and foreign government spokespersons who make public statements or provide public updates;
  • U.S. and foreign private sector officials and spokespersons who make public statements or provide public updates;
  • Names of anchors, newscasters, or on-scene reporters who are known or identified as reporters in their posts or articles, or who use traditional and/or social media in real time to provide their audience situational awareness and information;
  • Current and former public officials who are victims of incidents or activities related to homeland security; and
  • Terrorists, drug cartel leaders, or other persons known to have been involved in major crimes of homeland security interest, (e.g., mass shooters such as those at Virginia Tech or Ft. Hood) who are killed or found dead.9

For this narrow category of individuals, DHS may only collect the full name, affiliation, position or title, and publicly-available user ID, when it lends credibility to the report. DHS determined that this information improves the efficacy and effectiveness of the social media monitoring initiative without an unwarranted invasion of privacy of individuals in each of these categories. For this narrow category of individuals the PII is only stored in the narrative report in which it is used, and is not tracked for any other reason. DHS published a System of Records Notice10 that describes the creation of these seven exceptions for the collection of PII and narrowly tailored, how much information can be collected, and how the information can be used. Furthermore, the Privacy Office is commencing its semi-annual Privacy Compliance Review in late February to ensure that the NOC continues to adhere to the privacy protections identified in the PIA.

Operational Use

There may be situations where particular programs within the Department or its components may need to access material on social media or individual profiles in support of authorized missions. Given the breadth of the Department’s mission, and the fact that access, collection, and use of social media and other publicly-available information is governed by specific legal authorities, rather than Department-wide standards, the Department has taken a different approach in embedding privacy protections into Department use of social media for operational purposes, with authority-based requirements implemented through policy and Management Directives. For example, components of DHS such as U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, Federal Protective Service, Federal Air Marshals Service, U.S. Coast Guard, and U.S. Secret Service have the authority to engage in law enforcement activities which may include the use of online and Internet materials. Other DHS offices and components may be authorized to utilize social media for specific law enforcement purposes such as investigating fraud. The Office of Intelligence and Analysis also has some overt collection authorities for intelligence purposes which may include the use of online and Internet materials.

DHS has established objective criteria by which those investigatory components can access publicly-available information. DHS components cannot review individuals’ information unless they have appropriate underlying authority and supervisory approval. Moreover, Office of Operations Coordination and Planning and Office of Intelligence and Analysis have additional specific policies on the use of social media for operational purposes. One of DHS’ responsibilities is to confirm our work is being done under the appropriate legal framework for federal law enforcement activities. However, with increased access to individuals’ personal information posted on the Internet and social media sites, these DHS components have been reminded that they must also be conscious of privacy considerations.

At DHS, we work every day to strike a balance between our need to use open source Internet and social media information for all purposes, but particularly law enforcement and investigatory purposes to further our mission, while protecting First Amendment rights, Fourth Amendment rights, and privacy.

In 1999, the Department of Justice issued guidelines for federal law enforcement agents that outline online investigative principles that are applicable, but do not explicitly reference, social media. In 2011, the Office of the Director of National Intelligence issued guidelines that outline how intelligence community professionals should use technology, including social media. Both guidelines address the following topics: obtaining information from publicly-available media under the same conditions that apply to obtaining information from other sources generally open to the public; passively observing and logging real-time electronic communications on media open to the public under the same circumstances in which these activities could be undertaken when attending a public meeting; and retaining the contents of a stored electronic message, such as online traffic, if that information would have been retained had it been written on paper. Moreover, federal law enforcement agents communicating online with witnesses, subjects, or victims must disclose their affiliation with law enforcement when DHS guidelines would require such disclosure if the communication were taking place in person or over the telephone — they may communicate online under a non-identifying name or fictitious identity if DHS guidelines and procedures would authorize such communications in the physical world.11 Finally, federal law enforcement agents may not access restricted online sources absent legal authority permitting entry into a private space. Until a Department-wide Management Directive on using social media for operational purposes is finalized, the Secretary has instructed all components to adhere to the DOJ or ODNI guidelines as appropriate.

In light of the varying authorities and responsibilities within the Department, instead of having a Privacy Impact Assessment with general standards (such as for communications and situational awareness purposes), the Department is developing a Management Directive for Privacy Protections in Operational Use of Social Media. The Management Directive will be enforceable throughout the Department, and will identify the authorities, restrictions, and privacy oversight related to use of social media for operational purposes. The Management Directive will also provide instructions on how to embed privacy protections into the operational use of social media and each investigation performed by Department personnel. The Privacy Office has already investigated one component’s use of social media for investigatory purposes; its conclusions are informing the Management Directive.

Consistent with the Department’s approach to embed privacy protections throughout the lifecycle of Department activities, the Privacy Office will conduct a Privacy Compliance Review or assessment of the Department’s adherence to the social media Management Directive approximately six months after the Directive is implemented.


In light of the scope and availability of information including PII found in social media venues, the Privacy Office intends to continue to monitor the Department’s use of social media in all three categories—communications and outreach, situational awareness, and operational use—to ensure privacy protections are built-in and followed.


1 President Barack Obama, Memorandum on Transparency and Open Government (January 21, 2009), available at; OMB Memorandum M-10-06, Open Government Directive (December 8, 2009), available at

2 See supra note 1.



6 The NOC and the Privacy Office developed three PIAs in the pilot stage of the NOC Media Monitoring Initiative: Haiti Social Media Disaster Monitoring Initiative, January 21, 2010, available at ttp://; 2010 Winter Olympics Social Media Event Monitoring Initiative February 10, 2010, available at; and April 2010 BP Oil Spill Response Social Media Event Monitoring Initiative, April 29, 2010, available at

7 Three Privacy Compliance Reviews have been completed and published by the Privacy Office, available at:


9 The most recent PIA update (authorizing these narrow PII categories collection) was finalized January 6, 2011, and is available at:


11 See, e.g., Online Investigative Principles for Federal Law Enforcement Agents (Department of Justice, 1999) and Civil Liberties and Privacy Guidance for Intelligence Community Professionals: Properly Obtaining and Using Publicly Available Information (Office of the Director of National Intelligence, 2011).

SECRET – DHS-FBI Suspicious Activities Involving School Buses

(U//FOUO) The purpose of this assessment is to alert law enforcement and homeland security officials about recent suspicious activity involving school buses and the licenses to drive them.

(U) Key Findings

(U//FOUO) A number of foreign nationals of investigative interest—including some with ties to extremist organizations—have been able to purchase school buses and acquire licenses to drive them.

(U//FOUO) DHS and the FBI have no information indicating these individuals are involved in terrorist plotting against the Homeland. Nonetheless, the ease with which they have obtained the vehicles and licenses raises concerns that terrorists could use school buses to support an attack.

(U) Suspicious Activities Involving School Buses

(U//FOUO) Most attempts by foreign nationals in the United States to acquire school buses and the licenses to drive them are legitimate. Individuals from the Middle East and South and Central America often purchase school buses to fulfill their transportation needs. For example, many foreign nationals use school buses to transport workers between job sites. Moreover, because driving is an easily transferable skill between countries, it would not be uncommon for a truck or bus driver from a foreign country to seek the same profession in the United States.

(U//FOUO) DHS and the FBI lack specific, credible intelligence indicating terrorists have been involved in procuring school buses or licenses to drive them, but several incidents raise concerns.

— (U//FOUO) Some school districts have reported an unusual increase in the number of foreign nationals seeking school bus driver positions. Subsequent FBI investigations have revealed that a number of applicants had connections to or sympathized with known terrorist groups.
— (U//FOUO) Most troublesome were individuals who the FBI reported had expressed interest in terrorist applications of explosives.

(U) Potential Use of School Buses as Weapons

(U//FOUO) Intelligence reporting and historical attacks in the United States and overseas indicate terrorists prefer to use large vehicles containing explosives to conduct vehicle-borne improvised explosive device (VBIED) attacks.

— (U//FOUO) Both the 1993 bombing of the World Trade Center in New York and the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City used trucks containing large quantities of explosives.
— (U//FOUO) Overseas terrorist bombings using large, explosives-laden vehicles include Khobar Towers in Saudi Arabia in 1996; U.S. Embassies in Kenya and Tanzania in 1998; and commercial, religious, and government buildings in Turkey in 2003, among others.

(U//FOUO) DHS and the FBI lack specific, credible intelligence indicating terrorists plan to use school buses as VBIEDs, but these vehicles have the capacity to carry large amounts of explosive material.

— (U//FOUO) Security surrounding school buses is generally relaxed. School bus parking lots often are unlocked and are not consistently monitored; some lots are unfenced and keys are often left in the buses so they can be moved quickly.

(U) Weaknesses in Commercial Driver’s Licensing Systems

(U//FOUO) School bus drivers are required to have a commercial driver’s license (CDL), but CDL requirements vary among states. DHS has previously published an assessment on how terrorists could exploit the CDL licensing system. Background checks for school bus drivers also vary from state to state; most require at least a state or FBI criminal check. Washington State, however, issues CDLs without proof of residency or legal status.

(U//FOUO) Once applicants obtain a CDL to drive large vehicles such as buses or trucks, they become eligible to apply for a hazardous material endorsement (HME) to legally transport hazardous materials. Instances continue to surface of individuals fraudulently obtaining valid CDL and HME credentials.

— (U//FOUO) Federal standards allow states to hire third parties—mainly private companies—to administer CDL tests. The majority of CDL fraud schemes involve corrupt third-party testers.
— (U//FOUO) In February 2007 a federal judge ordered the deportation of an Indian national whose suspicious behavior at a driving school instigated a nationwide antiterrorism investigation. The foreign national admitted to supplying falsified documents in his quest to obtain CDL/HME licenses.

(U) Indicators of Suspicious Activities

(U//FOUO) Law enforcement should be aware of the following indicators of possible terrorist interest in school buses, CDLs, and HMEs:

— (U//FOUO) Background checks on applicants for school bus driver positions that suggest criminal or terrorist connections that require further investigation.
— (U//FOUO) Possession of a CDL to drive a school bus without the appropriate driving skills.
— (U//FOUO) Unusual interest in obtaining an HME when it is not required for the type of job such as driving a school bus.
— (U//FOUO) Reports of school bus surveillance in bus lots or while in transit.
— (U//FOUO) Reports by school district officials or bus vendors of suspicious attempts to purchase school buses.

(U) Outlook

(U//FOUO) Suspicious incidents involving school bus purchases and abuse of commercial driver’s licensing processes raise concerns that terrorists could use school buses and hazardous materials in an attack. Law enforcement and homeland security officials need to be vigilant and investigate license applicants and holders with suspicious backgrounds or poor driving skills.