DHS’ Information Security Program | An American Catastrophe | Legal Basis of Zawahiri Strike, and more

The Oak Creek Massacre Signaled the Rise of White Nationalist Violence. But the Warnings Went Unheeded  (Harmeet Kaur, CNN)
No one in the Sikh community in Oak Creek, Wisconsin, could ever have imagined the horror that would unfold on August 5, 2012. But when Pardeep Singh Kaleka looks back on that tragedy, in which a White supremacist gunman killed his father and six others at a Sikh gurdwara, he wonders if they should have seen it coming. “There was a certain understanding that it could happen in life, it could happen in the streets, and it could happen in different places — but not at a faith site while people pray on a Sunday,” he told CNN. “At the same time, especially around the surrounding Milwaukee areas, there was a heightened sense of political tension with the changing demographics.” When Kaleka’s family moved to Wisconsin from Punjab, India, in the ’80s, they got curious looks and questions about their turbans. Despite occasionally being subjected to hate, Kaleka says, they mostly felt welcomed. After 9/11, that curiosity turned to suspicion and prejudice and brown people across the country were being targeted in racist attacks. Tensions simmered as more immigrants moved in, and the gulf between Republicans and Democrats grew wider. The Oak Creek shooting was a wake-up call — a harbinger of the racist, extremist violence that would again rear its head in other places like Charleston, South Carolina; Pittsburgh; El Paso, Texas and Buffalo, New York.

On Fringe Social Media Sites, Buffalo Mass Shooting Becomes Rallying Call for White Nationalists  (Caitlin Dewey, Buffalo News)
While most of the world reacted with horror to the racist May 14 massacre at a Buffalo supermarket, one shadowy corner of the internet – the corner frequented by the accused gunman in the lead-up to his attack – continues to celebrate the murder of 10 Black people and goad each other to similar acts. One meme, a mock-up of the front page of the New York Daily News, shows a photo of Payton Gendron beside a series of bold-faced headlines, including “the mass shooter we’ve been waiting for” and “could you be next?” Another image imposes jokes over a still frame from the gunman’s livestream of the attack, showing the moment one woman was shot in the head. According to his online diary, Payton Gendron and Cory Clark – the customer service lead for the Iowa-based body armor manufacturer RMA Armament – interacted over a period of months on both the public social media site Reddit and in a private chatroom for hardcore weapons enthusiasts. The reaction does not surprise counterterrorism researchers, who have repeatedly warned that a network of anonymous message boards and encrypted messaging channels are incubating the next generation of white supremacist terror. But the challenge, they say, is interrupting these networks before they can inspire the next shooter.

Evaluation of DHS’ Information Security Program for Fiscal Year 2021  (DHS OIG)
DHS’ information security program for FY 2021 was rated “not effective,” according to this year’s reporting instructions. To receive an “effective” rating, agencies must achieve a “Level 4 – Managed and Measurable” in three of the five functions outlined in the National Institute of Standards and Technology Cybersecurity Framework. DHS received “Level 4 – Managed and Measurable” in the Protect function, “Level 3 – Consistently Implemented” in the Identify, Detect, and Respond functions, and “Level 2 – Defined” in the Recover function.

Our rating of “not effective” was based on our evaluation of DHS’ compliance with the FISMA requirements on unclassified and National Security Systems. We identified the following six deficiencies:

  1. systems in use without an authority to operate;
  2. known information security weaknesses not mitigated timely;
  3. security patches not applied timely to mitigate critical and high-risk security vulnerabilities on selected workstations and network equipment;
  4. one component running an unsupported operating system on its network equipment;
  5. inaccurate reporting of metrics in monthly scorecards and FISMA quarterly submissions; and
  6. outdated information technology security guidance that contradicts other DHS policies.

We recognize DHS was primarily focused on responding to a significant cyber incident during FY 2021. An official stated DHS faced significant challenges in FY 2021, as it diverted resources to respond to the SolarWinds incident.

Were Facebook and Twitter Consistent in Labeling Misleading Posts During the 2020 Election?  (Samantha Bradshaw and Shelby Grossman, Lawfare)
There’s room to improve in the upcoming midterm elections.