DHS social media monitoring practices revealed under FOIA
Words like “dirty bomb,” “militia,” “Amtrak,” “dock,” “power,” and “grid” are among hundreds of words that may make analysts at the Department of Homeland Security’s National Operations Center (NOC) monitoring social networks take notice, according to one of its recently revealed manuals.
The list of possible trigger words was contained in a 39-page booklet that DHS was forced to reveal under a Freedom of Information Act request from the Electronic Privacy Information Center. The document, the 2011 Analyst’s Desktop Binder, provides operational details of NOC procedures, which quantify and calculate possible threat information from social networks, cable television and a variety of other media.
The document’s extensive list of over 350 key words and search terms used by analysts to monitor social media sites covers a lot of ground. The list is split into several categories that contain key words and search terms pertinent to the particular category. For instance, the list includes the names of DHS and its agencies, while the list of domestic security words contains “cops, law enforcement, DNDO (Domestic Nuclear Detection Office) and national preparedness,” while the list of health concerns and H1N1 contains “agro terror, epidemic, ricin, sarin, and pork.”
The document says its Media Monitoring Capability Mission & Reporting Parameters have three primary missions.
The first, according to the document, is to continually update existing National Situation Summaries (NSS) and International Situation Summaries (ISS) with the most recent, relevant, and actionable open source media information.
The second is to “constantly monitor all available open source information with the goal of expeditiously alerting the NOC Watch Team and other key Department personnel of emergent situations.”
The third is to instruct how to receive, process, and distribute media captured by DHS Situational Awareness Teams (DSAT) or other streaming media available to the NOC such as Northern Command’s (NORTHCOM) Full Motion Video (FMV) and via open sources.
The booklet also advises analysts on which news organizations are the most credible, with the major television networks, including CNN, Fox News at the top of the list, followed by major mainstream newspapers, international news organizations. News from second and third tier news sources and agenda-driven sites like Global Security.org, Moveon.org, have to be corroborated by first tier sites. Reports from fourth tier sources like Web blogs, the DrudgeReport and NationalTerroralert.com should also be verified by a first tier organization, it said.
|Event Details||Dates of Event|
|SANS Counter Hack 2013||Nov 7 - 14|
|SANS Pen Test Hackfest 2013||Nov 7 - 14|
|SANS Korea 2013||Nov 11 - 16|
|Military Exports & Compliance Asia||Nov 12 - 14|
|NCT: Counter IED Asia, 12 - 15 November 2013, Bangkok||Nov 12 - 15|
|School Safety Symposium||Nov 13 - 13|
|Southwest Microwave Perimeter Defense Seminar||Nov 13 - 13|
|OWASP AppSec USA 2013||Nov 18 - 21|
|GovSec West Conference & Expo 2013||Nov 19 - 20|
|Southwest Microwave Perimeter Defense Seminar||Nov 19 - 19|
|Oracle 7th Annual Federal Forum||Nov 20 - 20|
|World BORDERPOL Congress||Dec 3 - 4|
|Critical Infrastructure Protection and Resilience Europe||Feb 12 - 13|