Upload
dangkhanh
View
230
Download
6
Embed Size (px)
Citation preview
2015 National Fusion Center Association
Annual Training Event
Alexandria Hilton – Mark Center
November 3rd – 5th, 2015 Directors Only Meeting November 6th
Breakout Session Category Code
C/A — Collection and Analysis
M/L — Management and Leadership
O/R — Outreach
E/T — Exercise and Technical Assistance
T/A — Technology Applications
Monday, November 2
5:00 p.m. – 8:00 p.m. Registration Pan Am Foyer
Tuesday, November 3
7:00 a.m. – 5:00 p.m. Registration Pan Am Foyer
8:30 a.m. – 10:30 a.m. Welcome and Keynote Plenary Session Plaza Ballroom
Mike Sena – President, National Fusion Center Association
Presentation of the Colors—Alexandria Police Department
Color Guard
Welcome—Earl L. Cook, Chief of Police—Alexandria, Virginia
Welcome—Colonel W. Steven Flaherty, Superintendent— Virginia State Police
The Honorable James Clapper, Director of National Intelligence
Power Session Presentations:
Working Smarter Through Technical Assistance Advancements and Enhancement
Nationwide Deconfliction Systems
10:30 a.m. Exhibit Area Opens Plaza and Upper Foyers
10:30 a.m. – 11:15 a.m. Networking Break
11:15 a.m. – 12:15 p.m. Break-Out Session #1
E/T Sustaining Cyber Capability, Training and National Operations Magnolia C
Troy Campbell, KCTEW Cyber Threat Intelligence Program
Kelley Goldblatt, Michigan Cyber Command Center
Brett Paradis, Connecticut Intelligence Center
o Recent strides in cyber threat intelligence offer an array of cost-effective tactics for developing your
fusion center’s preparedness for cyberattacks. The NFCA’s Cyber Threat Intelligence Subcommittee
(NFCA-CTI) and Cyber Intelligence Network (CIN) provide best practices for fostering collaborative
efforts among fusion centers to build cyber resilience. Representatives from the CIN will share proven
tactics for using HSIN, CINAware and SitAware to complement internal and joint efforts across fusion
centers to further your mission.
Training:
Determining the right training to take can seem difficult at times. This session will address the various
types of cyber training currently available and the costs associated with them. Online vs in person
training opportunities will be explored as well as training opportunities based on skill sets and desired
goals. It will also address training opportunities available through public and private organizations.
This session is applicable to anyone who seeks to learn more about cyber training opportunities.
National Operations:
Cyber threats are not bound by geographic location. When one organization is attacked, many different
agencies may need to take part in mitigation and response efforts. The National Fusion Center
Association established a Cyber Threat Intelligence Subcommittee in August 2014. The Cyber
Intelligence Network was a product of that subcommittee. The new Cyber Intelligence Network (CIN)
community brings together over 50 agencies from more than 40 states to share tools, training and best
practices. Cyber analysts share standardized information and resources including intelligence product
templates and standard operating procedures. When a cyber-threat is identified, detailed information
is shared with partners to leverage the resources of every fusion center and coordinate an effective
response. Cyber intelligence analysts from across the country regularly post information to HSIN
concerning current threats and discuss incidents that may impact organizations across the country.
Representatives from the CIN will discuss best practices, success stories, how CIN supports the NFCA,
the uses of both CINAware and SitAware complement each other, how to incorporate your center in
the CIN, and how to find more information.
O/R Navigating Fusion Center Responses to Critical Incidents Terrace
Ryan Walsh, Senior Intelligence Analyst, Boston Regional Intelligence Center
Mark Bachta, Supervisory Intelligence Analyst, Boston Regional Intelligence Center
Melinda Gottesman, Intelligence Analyst, Joint Regional Intelligence Center in Los Angeles
Jennifer O’Keefe, Senior Intelligence Analyst, Joint Regional Intelligence Center in Los Angeles
o The Boston Regional Intelligence Center (BRIC) and Joint Regional Intelligence Center (JRIC) will share
their findings from a June 2015 analytic exchange to discuss critical incidents that have impacted their
areas of responsibilities including, but not limited to: the 2013 Boston Marathon Bombing and the 2013
search for Christopher Dorner. During the exchange, analysts discussed their roles supporting
command posts and investigations in response to the aforementioned incidents in addition to other
incidents and special events. The BRIC and JRIC will present best practices and success stories, areas for
improvement, steps taken to create an after action report, and ways in which we have prepared for
future critical incidents. The goal is for fusion center partners to be better positioned to assess ways in
which they can assist public safety efforts when a critical incident arises in their AOR.
C/A Fusion Center Participation in National Production Planning Beech
James Sung, DHS/I&A
Alex McClain, DHS I&A
Rick Smith, Greater Cincinnati Fusion Center
Jorhena Thomas, Washington Regional Threat Analysis Center
Kristina Bomba, Colorado Information Analysis Center
Samantha Korta, Wisconsin Statewide Information Center
o This talk/panel will discuss how fusion centers can take an active role in shaping, contributing to, and
participating in national-level intelligence production planning efforts. We will accomplish this through
a three-part session. 1) DHS/I&A/National Programs will describe the National Network of Fusion
Centers (NNFC) Compendium of Key Intelligence Questions effort, the value to the NNFC and DHS, how
centers can contribute, and the timeline for development. 2) DHS/I&A/Planning and Analytic
Standards will discuss how the NNFC questions are used in a national planning initiative, the Homeland
Security Intelligence Enterprise Program of Analysis (POA). DHS will describe the concept of the POA,
the purpose of the effort, and the process, including the participants and the timeline for development.
3) Fusion Center personnel who participated in this year's POA development effort will then engage in
a panel discussion to give their views of the experience, key takeaways, and how participation
benefited (or will benefit) them personally, their center, their region, and the fusion center network as
a whole. Fusion centers on the panel will include: Colorado, Greater Cincinnati, Washington DC, and
Wisconsin.
T/A Cyber In the Field – Operation Water Snake – Detect and Deter program Magnolia A and B
Devin King, Intelligence Officer, Louisiana State Analytical & Fusion Exchange
Troy Campbell, KCTEW Cyber Threat Intelligence Program
o Operation Water Snake:
Brief of the results, tactics and techniques used during Operation Water Snake, a joint endeavor
between the U.S. Coast Guard Sector New Orleans Intel (USCG) and the Louisiana State Analytical &
Fusion Exchange (LA-SAFE) that focused on identifying cyber wireless vulnerabilities with CIKR facilities
along the Mississippi River.
o Detect And Deter program:
Detect And Deter, a joint KCTEW/ FBI program is advancing the ability of fusion centers to work jointly
with their local federal partners to aid in the detection of persistent malware that may already reside in
CIKR private and SLTT systems. The presentation will show how a fusion center can use the program in
their AOR, increasing their analysis capability while contributing to the intelligence pool of the NNFC
and their federal partners.
O/R Beyond Outreach 101: Building on the Successes of Private Sector Walnut Information Sharing by Integrating Disaster Intelligence and all Public Safety Partners
Ashley Reichert, Critical Infrastructure Specialist, Illinois Statewide Terrorism and Intelligence Center
Alana Sorrentino, Emergency Management Intelligence Officer, Illinois State Police - Statewide
Terrorism & Intelligence Center
o The need for information sharing with the private sector has been recognized among fusion centers, but how to keep partners engaged and growing the program can be a process of trial and error. The Statewide Terrorism & Intelligence Center’s private sector information sharing program, Infrastructure Security Awareness (ISA), was formed in September 2004. The program was restructured in 2006 after receiving feedback from private sector members and was further enhanced in 2010 with the addition of a dedicated private sector program manager. In 2011, the private sector became integrated with the newly created Business Emergency Operations Center (BEOC). This session will address how the private sector program was developed, membership recruitment, developing trusted relationships, keeping members engaged and continued growth, as well as lessons learned and best practices for developing and maintaining a private sector program. Building on the successes of the private sector program, the STIC integrated cyber, disaster intelligence, emergency management, fire service, public health, and school safety partners for information sharing. The need for integration of other public safety partners was recognized after realizing the successes of information sharing with the private sector. The private sector and the fusion center have several other information needs that can be met by the exchange of data among other public outreach partners, as many of these information needs cross these program areas. The collaboration with the BEOC proved valuable, and disaster intelligence has become a crucial
part of information sharing with the private sector. The Emergency Management (EM) Intelligence Officer position was created in 2013 to ensure outreach to local emergency preparedness professionals. Partnerships including those established with the Illinois Emergency Management Agency, local emergency management associations, outreach program analysts, and disaster management officials will be addressed, as well as lessons learned and best practices. For continued program growth, new ways of sharing information have been developed and implemented across all outreach programs. The collaborative partnerships among the fusion center offer the ability to share information based on the total needs of the public outreach programs. Recent success has been found through utilization of the HSIN Connect Public Safety Room that is activated during disasters and available to all members from outreach programs. This dynamic field of information sharing and collaboration provides the forum for continued program growth.
12:15 p.m. – 2:00 p.m. Lunch and Plenary Session Plaza Ballroom
Power Session Presentation:
National Counter Intelligence and Security Center
Plenary Session Presentation:
Islamic State Social Media: Potential Indicators of Foreshadowing
Heather Perez, Intelligence Analyst, Central Florida Intelligence Exchange
2:00 p.m. – 2:15 p.m. Break Plaza and Upper Foyers
2:15 p.m. – 3:15 p.m. Break-Out Session #2
O/R ATF Investigations and Illicit Firearms Trafficking Magnolia C
Jose R. Vazquez, Deputy Chief, ATF - Criminal Intelligence Division
o Personnel from ATF’s Office of Strategic Intelligence and Information will present an overview about
how ATF employs intelligence techniques in order to investigate violations under ATF’s jurisdictional
purview that occur online.
O/R Securing the Borders Terrace
Bill Chandler, Director, Minnesota Fusion Center
Dale Avant, Deputy Assistant Director, Texas Department of Public Safety
Robert Harris, Director, JTF-West
o This session will provide an overview of Texas, Federal, State and local law enforcement operations
implemented to deter Mexican Cartel drug and human smuggling operations and reduce the associated
transnational crime in our border communities, such as, home invasions, felony pursuits and stash
house-related extortions and kidnappings.
o The Minnesota Commissioner of Public Safety/HSA directed the Minnesota Fusion Center to conduct
an all-hazard but law enforcement centric assessment of the state’s northern border to address on-
going concerns. The Minnesota Fusion Center partnered with local, county, state, tribal and federal
partners and stakeholders to create an assessment addressing terrorism, criminal activity, all-hazard
information, critical resources and identifying gaps. Attendees will learn how the assessment outreach
and management has been conducted and the current state of the assessment involving over 30
partner agencies.
o This session will also inform attendees of the newly established DHS Southern Border and Approaches
Campaign / Joint Task Force West. The key objective of Joint Task Force-West (JTF-W) is to integrate
and align intelligence capabilities to achieve JTF-W missions. To achieve this goal the JTF-W
Headquarters actively supports the existing relationships of the JTF-W California, Arizona, New
Mexico/West Texas and South Texas Corridors with their respective State and Local Fusion Centers.
E/T Joint Terrorism Task Force Collaborative Efforts Beech
Lead Tactical Intelligence Analyst, Orange County Intelligence Assessment Center
Alberto Martinez, Deputy Director, Orange County Intelligence Assessment Center
FBI Representatives
o The FBI Orange County (California) Resident Agency Office, Joint Terrorism Task Force (JTTF) works
in collaboration with the Orange County Intelligence Assessment Center (OCIAC), California to
effectively coordinate the identification of individuals attempting to provide material support to a
Foreign Terrorist Organizations (FTO’s). The Orange County JTTF and OCIAC developed a model to
integrate information sharing by leveraging each organization’s strengths and capabilities to
identify on-line behavior of individuals possibly sympathizing with, inspired by and supporting
FTO’s. The trusting relationship established by the JTTF and fusion center integrated the strengths
of the fusion center by leveraging the OCIAC’s real-time open source monitoring analysis of data
openly available in the public domain, specifically the identification of extremist propaganda
impacting the homeland and southern California. The model serves as an effective example of the
merging of federal and local assets to create the partnerships necessary to successfully impact HVE
activity.
o This panel will discuss best practices in finding and analyzing intelligence for better collaboration
and dissemination. The discussion will also talk about various databases, access to systems, and
the different battle rhythms analysts follow to read through daily intelligence traffic.
T/A Open Source Tools for Forensics, Incident Response and Cyber Exercises (Red Teams) Magnolia A and B
Devin King, Intelligence Officer, Louisiana State Analytical & Fusion Exchange
Troy Campbell, KCTEW Cyber Threat Intelligence Program
o Open Source Tools for Forensics and Incident Response:
A case study overview utilizing open source tools to assist incident responders during a byer incident.
Tools to be discussed include Autopsy, The Sleuth Kit, Hashcat, John the Ripper and others.
o RED TEAMS – Cyber Exercise Support of Partner Agencies:
There are over 18,500 SLTT LE agencies in the US, most with minimal or no cyber security capability.
This session will show how the results from a spear phishing RED TEAM exercise led by the fusion
center can promote cyber safety, cyber threat awareness and encourage implementation of polices for
those partners while promoting the sharing of Cyber Intelligence from those agencies. The
presentation will show the process of proposing the EX, the steps involved with execution, how to
interpret the results, presentation of the results to the partner agency and discuss pitfalls to avoid.
3:15 p.m. – 4:00 p.m. Networking Break Plaza and Upper Foyers
4:00 p.m. – 5:00 p.m. Break-Out Session #3
C/A Digital Forensics Collection and Analysis: Trends, Tools and Best Practices Magnolia C
David Carabin, Director, Boston Regional Intelligence Center
Glenn Fueston, Associate Deputy Director Washington Baltimore HIDTA
Ben Lewis, Computer Crime Specialist, NWC3 Computer Crime Section
Glenn Hickok, President, MSAB
o The number of mobile device connections currently exceeds 7 billion globally and is growing
exponentially. This explosive growth and usage of mobile device connections and applications over
the past decade has led to creation of critical bodies of evidence associated with most crimes
committed globally, as well as information critical to threat analysis and assessment. Digital forensics
tools that extract and analyze data from mobile devices reveal information establishing location, intent,
actions and interactions of individuals. Moderated by Boston Regional Intelligence Center Director
David Carabin, this presentation focuses on commonly used tactics for effectively and efficiently
recovering and analyzing mobile device data, evolving innovations in technology, how digital forensics
collection and analysis is integral to the four Critical Operating Capabilities and legal and technical
trends currently shaping the role of digital forensics.
M/L Technology, Fusion Centers and P/CRCL: Managing the Risk and Terrace
Avoiding Public Meltdowns
Ayn Crawley – Director, Civil Rights and Civil Liberties Institute, DHS, Office for Civil Rights and Civil
Liberties
David Desmki, Law and Technology Analyst, Civil Rights and Civil Liberties Institute, DHS, Office for Civil
Rights and Civil Liberties
Annelsie Martin, Special Assistant to the Director, Civil Rights and Civil Liberties Institute, DHS, Office
for Civil Rights and Civil Liberties
o In many instances law and policy are far behind the emerging technologies for data collection and
information sharing that are potentially available to fusion centers. As fusion center directors, you are
charged with ensuring the privacy, civil rights and civil liberties considerations are well integrated into
your centers operations. This can be particularly challenging when considering some of the new
technologies. Where to begin? This session will provide a quick overview of many of the new (and not
so new) technologies with an examination of the potential P/CRCL red flags that should be taken into
consideration when acquiring or deploying new technology. We will also discuss strategies to mitigate
those risks. Use of biometric data – geolocation data (mobile phones/Stingray/Dirtbox/Wearables) -
LPR data (linked with other data - facial recognition) – unmanned aerial surveillance (many jurisdictions
are creating a range of innovative uses – data use considerations).
O/R TLO Program Coordination Beech
James Lopey, Nevada Threat Analysis Center
Chris Kusayanagi, Terrorism Liaison Officer, Program Manager, Joint Regional Intelligence Center in Los
Angeles
Remon Girgis, Deputy Sheriff, Los Angeles County Sheriff’s Department
Ervin Engelhardt, Terrorism Liaison Officer, Assistant Program Manager, Central California Intelligence
Center
o California has six DHS-designated fusion centers: four regional centers, known as Regional Threat
Assessment Centers (RTACs), covering the entire territory in the State, one urban area center, the
Orange County Intelligence Assessment Center (OCIAC), and the State Threat Assessment Center
(STAC). Terrorism Liaison Officer (TLO) programs are operated in each of the RTACs and the OCIAC and
are managed at the regional and local level. The individual RTAC TLO programs regularly coordinate
with the STAC and also receive leads, as appropriate. In an effort to develop consistency among TLO
programs in each of these regional and local centers, a working group was formed among the TLO
managers from each of the centers to develop minimum standards. As a result, a common
understanding and minimum requirements now exists among all TLOs across the State. This
presentation will highlight the best practices identified during the development of the California Fusion
Center’s TLO Program, provide details on how the TLO working group collaborates on developing new
courses and maintains a clear and consistent training program, and will also include the obstacles and
challenges the program has endured and how we have overcome them.
o Forming sustained and effective fusion liaison officer and critical infrastructure programs in rural areas
can be challenging. However costs can be kept at a minimum while traveling and forming important
relationships with federal, state, city, county and tribal agencies. NTAC has been able to deliver
consistent and effective fusion liaison related training in nearly every venue within the state, while at
the same time forging important relationships with health, police, fire, emergency medical, the military
and private sector, while maintaining a network of statewide FLOs. At the same time outreach with the
tribal areas has been very meaningful and productive as well. The presentation will share some lessons
learned and will outline some of the things that have worked in our area of operation. Included in the
presentation is an overview of TLO/FLO Training courses that have proven to be time-tested and cost
effective.
E/T Building Blocks of a State ISE Magnolia A and B
James Sheehan, Program Manager, Northern NJ-Newark/Jersey City UASI
Kshemendra Paul, Program Manager, Information Sharing Environment
Tom O’Reilly, Director, The Police Institute, School of Criminal Justice, Rutgers University
Al Ponenti, Director, New Jersey Regional Operations Intelligence Center
o For the past 2 years the State of NJ has been working towards the establishment of a State Information
Sharing Environment. The effort includes already built components, new projects, policy modifications
and enhancements, and most significantly; a collaborative effort between local, state and federal
partners, along with vendors and service providers. This has not been a jump up and down success
story, in fact it has been, and continues to be an arduous and difficult journey, and that story has value
for the network. Many of the gaps that became evident during this process have resulted in
enhancements such as the establishment of a Real Time Crime Center as a subsidiary of the ROIC. The
Fusion Center has been the focal point of the effort, but the components cross jurisdictions,
organizations and disciplines, as do the obstacles. This presentation will highlight both success and
failure, with an emphasis on the value of effort.
5:30 p.m. – 8:00 p.m. Reception Plaza and Upper Foyers
Wednesday, November 4
7:00 a.m. – 5:00 p.m. Registration Pan Am Foyer
8:00 a.m. – 8:30 a.m. Exhibit Area Open Plaza and Upper Foyers
8:30 a.m. – 10:30 a.m. Plenary Session Plaza Ballroom
The Honorable James Comey, Director—Federal Bureau
of Investigation
Power Session Presentations:
Nlets—The International Justice and Public Safety Network
Opportunities for Fusion Centers to Participate in the Maritime Domain
Overview of El Paso Intelligence Center's IT Capabilities
FBI Showcasing Office of the Director of National Intelligence Online Course
Introduction to the ISACs and the NCCIC
Domestic Highway Enforcement Strategy and Information Sharing HIDTA Strategy
Regional Information Sharing Systems
10:30 a.m. – 11:15 a.m. Networking Break Plaza and Upper Foyers
11:15 a.m. – 12:15 p.m. Break-Out Session #4
C/A Violent Extremism Special Briefing - 2014 Las Vegas Police Ambush Magnolia C
Dori Koren, Sergeant, LVMPD Counterterrorism Unit
Bill Brewer, Detective, LVMPD Counterterrorism Unit
o In June 2014, a pair of violent extremists assassinated two police officers as they were eating lunch at a
local cafe in Las Vegas. Immediately upon executing the officers, the suspects declared a revolution
against the US government, and then proceeded to a nearby Walmart, where they continued their
attack. While motivated by a different ideology, the two shooters were radicalized and mobilized to
violence for many of the same reasons that fuel foreign-inspired homegrown violent extremists.
Following the attack, the Las Vegas Metropolitan Police Department (LVMPD) Counterterrorism (CT)
Unit launched a secondary investigation to identify and learn from the personal, sociological, and
political factors that drove this couple to violence. In conjunction with the LVMPD Homicide and Critical
Incident Response Team, the CT unit evaluated large amounts of evidence, interviewed a number of
associates, and retraced the history of both subjects. This briefing will highlight the terrorism-related
findings of this effort, with a particular focus on the concepts of radicalization and mobilization. The
shooters, who self-identified as terrorists, expressed an interest to martyr themselves for what they
believed to be a greater cause. The factors that caused the subjects' to transition from extremism to
violent extremism, as well as the role of social networks, propaganda, counter-messaging, tactics, and
group dynamics will be discussed. Providing this briefing will be Sergeant Dori Koren and Detective Bill
Brewer, who were intricately involved in the investigation and the prevention efforts that followed.
T/A Building Cyber Capabilities Through Collaboration Terrace
Brett Paradis, Intelligence Analyst, Connecticut Intelligence Center
Craig Dziedzic, General Manager, Bay Area UASI
Brian Rodrigues, Northern California Regional Intelligence Center
o In May 2013, the CA Bay Area’s fusion center, the Northern California Regional Intelligence Center
(NCRIC), established a Cyber Unit to collect and share cyber information as well as to provide
intelligence, analysis, and defense. In August of that same year, the Bay Area’s regional governing body
allocated over $400,000 in Urban Areas Security Initiative (UASI) grant funds to support the hiring of
cyber unit analyst positions for a twelve month period. Deliverables of the unit included providing
assessments and strategic analysis of cyber threats to the region and developing and providing end
user training to the NCRIC’s regional partners. Since then, the NCRIC has conducted outreach and
offered assessments and analysis to any of the region’s jurisdictions that make a request. Response
was slow at first, but when a story appeared in the Bay Area UASI newsletter, a number of other
jurisdictions requested their services. In addition end user trainings began. A simple, one hour
PowerPoint presentation for end users was developed and presented to the four Hub areas of the Bay
Area. This project has been viewed as a best practice within the Bay Area region as the fusion center
acted in partnership with the 12 county Bay Area region to provide information sharing across all
disciplines and levels of government. Moreover, the outreach conducted by the Bay Area UASI
provided the fusion center with an opportunity to work with key stakeholders from around the region.
This presentation will include speakers from both the Bay Area UASI and the NCRIC to discuss how the
project was developed and the challenges faced.
o This session will also cover the Connecticut Intelligence Center's Cyber Analysis Program. Some topics
will include, discussions of the CT Cyber Organizations that the Fusion Center interacts with, shares
information with, and receives information from. The day to day activities and practices utilized by the
Fusion Center in responding to Cyber related incidents. The session will also discuss some lessons
learned, and best practices. Finally the session will cover brief examples of COC1 Receive, COC2
Analysis, COC3 Dissemination, and COC4 Gather.
C/A Analytic Approach to investigating Shootings Beech
Joseph Brennan, Detective Sergeant, New Jersey State Police
Mike Dunn, Wynyard Group
o The Newark Regional Real Time Crime Center has a piloted an analytical program to identify gun
traffickers and purchasers within the CorrStat focus area of the Newark-Jersey City Urban Area. The
program utilizes data from NIBN E Trace Arrests shootings and seizures to connect disparate data
points to provide an actionable analysis of "Straw Purchasers" and the distribution of crime guns in
some of America's most violent cities.
C/A Vetting possible Pro-Foreign Terrorist Organization social media accounts Magnolia A and B
Lead Tactical Analyst for the Orange County Intelligence Assessment Center (OCIAC)
o This presentation will focus on effective and efficient efforts by a combination of fusion centers at
countering online activity of violent extremists, both at the tactical level to support investigations, as
well as working with partner fusion centers to providing strategic context of the threat for state-level
decision makers. OCIAC Tactical Analysis unit will focus on best practices on how to identify and vet
indicators of pro-Foreign Terrorist Organization online activity and possible mobilization to violence in
support of those organizations, focusing on tools and techniques used to identify possible accounts in
the local AoR or accounts advocating violence toward targets at the local level. This will include a
discussion of best practices on how to analyze and disseminate information to develop actionable
intelligence with partner agencies, while adhering to legal, civil rights, and privacy-related issues.
C/A Tactical Analysis Units: A Vital Component for All Fusion Centers Walnut
Jane Chung, JRIC Tactical Analysis Unit Supervisor
Melinda Gottesman, JRIC Tactical Analysis Unit Senior Intelligence Analyst
o The JRIC Tactical Analysis Unit (TAU) is a well-integrated HIDTA/Homeland, local/federal, sworn/civilian,
departmental/contractor staffed team with storied backgrounds and diverse expertise. This
presentation from TAU will highlight best practices of fusing intelligence and law enforcement
tradecraft in order to provide analytical case support to law enforcement investigators, and make the
case that all Fusion Centers should have a highly trained tactical unit; both to better understand the
crimes affecting their community, as well as to be able to support major criminal or terrorist events as
they occur. Presenters will discuss how JRIC TAU adds value to criminal and terrorism investigations;
working hand-in-hand with investigators to locate fugitives, provide detailed pattern of life analyses,
comprehensive takedown packages for field operations, and uncover criminal conspiracies. Presenters
will also discuss the value of leveraging HIDTA ISS and Fusion Center networks to enhance
investigations, forward-deploying tactical analysts to command posts, and creative exploitation of
social media analytics tools.
12:15 p.m. – 2:00 p.m. Lunch, Speaker, and Awards Plaza Ballroom
Power Session Presentations:
FBI e-Guardian Overview
DoD CIO's GMAP Pilot and Partnership with State and Urban Fusion Centers and the
National Fusion Center Association
The Honorable Francis X. Taylor, Under Secretary,
Intelligence and Analysis, U.S. Department of Homeland Security
2:00 p.m. – 2:15 p.m. Break Plaza and Upper Foyers
2:15 p.m. – 3:15 p.m. Break-Out Session #5
C/A Threats of Violence Targeting Law Enforcement and Military Magnolia C
Robin Liberto, Senior Intelligence Analyst, Virginia Fusion Center
Megan Molnar, Virginia Fusion Center
Joshua Franklin, Virginia Fusion Center
o This presentation, followed by a panel discussion, will look at the threats of violence targeting law
enforcement and military perpetrated by foreign terrorist organizations such as ISIL as well as those
threats conveyed by gangs against law enforcement and military personnel. The goal of this discussion
will be to address some of the driving factors influencing this threat stream including the prevalence of
social media as a major platform for threatening communications, the enticement and influence of
propaganda, and some of the psychological factors impacting the targeting of individuals based on
their occupation or organizational affiliation. Fusion Center personnel need to be able to recognize and
stay abreast of the factors influencing the current threats against law enforcement and the military as
well as be able to capture and collect that information when it is present in online platforms.
Regarding the four Enabling Capabilities, this topic impacts the first capability of privacy, civil rights,
and civil liberties protections, in addition to the second enabling capability of a sustainment strategy
for long-term growth of the National Network. Any discussion regarding threats directed at individuals
has to consider privacy and civil rights for what investigative measures and follow up are appropriate.
Additionally, in order to sustain long term growth, fusion centers need to have the capability to detect
and investigate evolving threats, especially as social media continues to be a platform for
communicating these threats and fostering propaganda eliciting support for terrorist organizations and
the promotion of criminal gang activity.
O/R Active Shooter: Three Years of Progress Terrace
Katherine Schweit, Section Chief, Federal Bureau of Investigation
o After the tragedy at Sandy Hook, the White House announced its Now is the Time Initiative, a multi-
agency effort aimed at reducing gun violence. In support of the this effort, the FBI has dedicated a staff
to work with other federal agencies, the White House, and state and local law enforcement on finding
ways to better prevent and recover from active shooter incidents. It is our goal to train law
enforcement officers and other first responders on the best practices to prevent and reduce harm in
active shooter incidents. This presentation will cover our most recent efforts and what we have learned
over the past three years working on this initiative. Chief among lessons learned is that no single
agency, no matter how big, has all of the resources and skills needed to address and respond to active
shooter events. Each agency has a unique role to play and collaboration is vital to these efforts. In this
way, fusion centers are essential to this process as they have become a focal point for gathering and
sharing information as well as strengthening and building new relationships among all law
enforcement.
E/T Persistent Monitoring Feed of Critical Infrastructure Assets Beech
P.J. Davis, Intelligence Analyst, Critical Infrastructure Protection, Orange County Intelligence
Assessment Center
Andrew Carlson, Critical Infrastructure Assessor, Joint Regional Intelligence Center
Nathaniel Watson, Intelligence Analyst, Joint Regional Intelligence Center
o Currently most fusion centers operate with a particular focus on countering acts of terror or major
criminal incidents within their jurisdiction. While appropriate, this “present day” perspective, if not
balanced with a longer-term view, may inordinately constrain critical infrastructure protection efforts.
The threat landscape of the 21st Century will not mimic that of the last three decades. Rather,
America’s geopolitical situation increasingly points to a future characterized by competition, if not
confrontation, with nation-state actors across the globe. For infrastructure owners responsible for
capital investment related to security, protecting against today’s threat may prove insufficient in 5-20
years. CIP in the 21st century must expand its perspective to consider the threat posed by possible
nation-state adversaries.
o The Persistent Monitoring Feed is an automatic search and results storing technique created utilizing
Palantir. The Feed automatically collects data from multiple sources using specific search terms,
Boolean search methodologies, and geographically demarcated spaces. We were motivated to create
the Persistent Monitoring Feed in order to ease the querying of information of activity around critical
infrastructure sites and provide data for analysis in studies. Currently, data that the Feed captures is
available within Palantir; however, specific queries must be created to capture this data on a case-by-
case basis. Personnel assigned to the Joint Regional Intelligence Center, working in collaboration with
Los Angeles Sheriff Department and Palantir developed the Persistent Monitoring Feed to create a
query engine specifically focused on critical infrastructure sites. The Feed presents information on a
scheduled basis as an email document that can be quickly scanned for information of importance to
personnel assigned critical infrastructure duties. We collect information to establish a baseline of
activity and track changes in activity. As we move forward, we will be adding additional sites and
examining search results. Adding sites and creating detailed exclusions and allowances will be the most
time intensive. The results of our efforts will provide a historical description of specific events
pertaining to critical infrastructure and provide a database where data is compared and contrasted
across sectors of critical infrastructure within Los Angeles County. In conclusion, we have come a long
way in developing the concept, creating the Persistent Feed Monitor system, and are now refining our
approach to the continuous search parameters. We believe this work can be replicated using available
information systems currently in use within the fusion centers nationwide.
O/R Fusion Center Collaboration Leads to Successful Public Health Integration Magnolia A and B
Cara Barnett, Public Health Intelligence Officer, Illinois’ Statewide Terrorism & Intelligence Center
Phillip Perez, Weapons of Mass Destruction (WMD) Medical Intelligence Analyst, Joint Regional
Intelligence Center
Heather Brown, Medical and Public Health Readiness Coordinator, State and Local Initiatives Branch,
Department of Homeland Security
o This session will discuss the process for developing the Public Health Information Sharing (PHIS)
program at the Statewide Terrorism and Intelligence Center (STIC) in Illinois. The program was initiated
in September 2014 and designed as a cooperative engagement to share vital, for official use only
(FOUO) information and ensure the timely dissemination of emerging public health and medical
information and intelligence to those with a need to know. The PHIS Program is an information
exchange and communications platform for public health stakeholders to share information regarding
infectious and communicable diseases, bioterrorism, environmental health, drug trends, emergency
preparedness and response, and other topics associated with health promotion and protection. It will
explain how the PHIS Program was developed through the integration of public health into the fusion
center, the recruitment of key public stakeholders, daily operations, and how it is able to disseminate
pertinent information to its partners. This session will demonstrate how the PHIS program has matured
and expanded all within its first year. Peer-to-peer collaboration among national network partners can
provide support to fusion centers that are building public health partnerships so that information
exchange and communication between partners occurs not just after a new public health crisis has
emerged but on a routine, everyday basis.
C/A Cyber Threats to SLTT Governments Walnut
Richard J. Licht, Vice President, Integrated Intelligence Center, Security Operations, Center for Internet
Security
o State, local, tribal, and territorial (SLTT) governments represent a substantial portion of the cyber
security posture of the United States, encompassing more than 38,000 government entities. The Multi-
State Information Sharing and Analysis Center (MS-ISAC) will share its situational awareness of the
current cyber threat environment in state, local, tribal and territorial (SLTT) governments, with a focus
on the wide variety of cyber threat actors targeting SLTT governments, the most common targets, and
the prevalent cybercrime techniques as observed by MS-ISAC and the federal government. This
presentation will then look at where SLTT government cyber operations are heading and some of the
best and most interesting uses of new technologies in traditional operations.
3:15 p.m. – 4:00 p.m. Networking Break Plaza and Upper Foyers
4:00 p.m. – 5:00 p.m. Break-Out Session #6
O/R Human Trafficking: Sharing Information to Better Understand the Threat Magnolia C
Jessica Garcia, Intelligence Analyst, Texas Department of Public Safety
Ramona Carey, Senior Intelligence Analyst, Human Smuggling and Trafficking Center
Teresa Collier, Intelligence Analyst, Alabama Fusion Center
Jay Moseley, Director, Alabama Fusion Center
o The panel will discuss what the federal government is doing to combat human trafficking as well as talk
about the efforts states are doing to combat the threat. The panel will discuss how fusion centers can
work with federal partners as well as discuss how federal agencies can work with their state partners.
The panel will discuss challenges they face within their geographical areas such as sharing information,
creating and sustaining human trafficking task forces along with examples of how fusion centers can
collaborate between one another.
M/L Social Media Analysis Terrace
Dan Mahoney, Deputy Director, Northern California Regional Intelligence Center
Star Cazador, Northern California Regional Intelligence Center
o Fusion centers are increasingly asked to leverage emerging social media technology during large scale
events with the expectation it will be a security force multiplier. Often, analysts are provided out-of-
the-box media monitoring solutions with little to no formal training or tradecraft experience. The risk
to fusion centers in this arena is they will be held responsible for collecting vast troves of useless
information or even worse, miss critical information. As the social media world accelerates forward, so
too must the role of fusion centers in social media monitoring tradecraft.
o This session will cover the use of different social media monitoring and analysis tools during Special
Event support. The presentation will cover the work done by the NFCA Social Media Working Group,
policy guidelines, P/CRCL issues, and case studies of how Social Media Analysis has aided Law
Enforcement.
C/A Location-Based Analysis of Telecommunication Records Magnolia A and B
Diana White, Lead Intelligence Analyst, Northern California HIDTA
Al Meger, Uncharted Software
o When working on complex investigations, analysts are tasked with connecting the dots between people
and events. Location awareness is critical in developing the big picture, and telephones are a rich
source of location data. Specifically, Call Detail Records (CDRs) and live pings can be used to produce a
visual representation of phone location data that is easy for analysts and investigators to understand.
These records can also be used to develop a timeline showing a sequence of events or a subject’s
pattern of life. Traditionally, event timelines and telecommunication analysis were performed
separately, but new technology can provide a detailed, animated view of where and when events are
taking place. This presentation will begin with a brief explanation of how telephone networks work, an
overview of methods and best practices in analyzing phone location data, and examples of products
generated from successful phone analysis cases. Then, the presenters will discuss how analyzing Call
Detail Records using animation and 3-D visualization enhances law enforcement investigations. This
will be demonstrated using the GeoTime software and the Call Records Tool plugin.
C/A JRIC Threat Prioritization Process Best Practices Walnut
Alex Carillo, Lead Strategic Intelligence Analyst, Orange County Intelligence Assessment Center
Natalya Garber, Strategic Intelligence Analyst, Joint Regional Intelligence Center, Los Angeles
Meredith Young, Strategic Analysis Branch Manager, Joint Regional Intelligence Center
o The threat prioritization process (TPP) prioritizes threat topics to identify information gaps and align
internal resource allocation. This process was developed and used to determine major threats as
identified by partner agencies in the Joint Regional Intelligence Center (JRIC) area of responsibility
(AOR), arrive at a comprehensive threat picture for the region, and align the JRIC's products and
services. Information was derived from 18 months of external data collection (e.g., surveys, focus
groups), internal data analysis (e.g., requests for information), and focus group meetings with local law
enforcement, military, fire, public health, critical infrastructure, and private sector partners. The TPP
was adapted from and intended to complement the FBI’s Threat Review Process (TRP) and the Major
City Chief’s Association’s Criminal Intelligence Enterprise (CIE). This session will highlight the best
practices identified while executing the first iteration of the TPP, how each fusion center can scale the
JRIC’s TPP to accommodate their own capabilities and needs, and how this process benefits each fusion
center as well as the overarching fusion center network. The presentation will detail the process
involved in setting up, executing, and analyzing data from each of the three TPP phases (surveys,
internal data, and focus groups), including how the JRIC worked with the Orange County Intelligence
Assessment Center (OCIAC) to host one of the focus group meetings and how the OCIAC adapted the
TPP to meet their needs.
6:00 p.m. – 10:00 p.m. Dinner Options in Old Town Alexandria
Thursday, November 5
8:00 a.m. Exhibit Area Opens Plaza and Upper Foyers
8:30 a.m. – 10:30 a.m. Plenary Session Plaza Ballroom
Power Session Presentations:
Overview of the Terrorist Screening Center
Mobile BATS (mBATS) –The Real-time National Reporting of Arson and Explosives
Incidents for the U.S.
Fusion Center Participation in DHS Watchlisting
Private Sector/COAE Update
ONDI - IC Analytic Standards
Fusion Center / CIS Cyber Pilot Overview
Homeland Security Information Network
10:20 a.m. – 11:00 a.m. Networking Break Plaza and Upper Foyers
11:00 a.m. – 11:30 a.m. Break-Out Session #7a (first half-hour)
E/T The Emerging Threat of a Complex Attack Magnolia C
Kathleen Stanley, Battalion Chief, Fairfax County Fire and Rescue
o This presentation will examine complex attacks that have occurred on US soil and compare that to the
current active shooter planning. We will review one case in detail, Santa Monica College attack, and
examine the current elements of an attack. Discussed during the presentation will be the elements of a
complex attack, recent thwarted attacks, and possible countermeasures for first responders during an
attack. Attendees will receive products developed to enhance awareness and training on complex
attacks.
C/A Use of Investigative Tools and Vehicle Data to Capture Criminals Terrace
David Mohr, Sergeant, Prince George’s County Police Department
o This session will illustrate how Prince George’s County Police Department has used mobile application
devices, vehicle databases, and VIN tracking investigative tools to capture criminals committing auto
theft, homicide, robbery, and gang/drug related crimes. They've had great success in
implementing/developing these tools for their Police Department and for “W.A.V.E.” The Washington
Area Vehicle Enforcement Task Force. These tools are now being implemented by Fusion Centers
affording them access to two nationwide databases and vehicle investigative tracking tools; thereby
enhancing their critical baseline capabilities of providing analyst support to a wide variety of criminal
investigations. Based on the use of these tools, Prince George’s County Police Department and W.A.V.E
have recovered in several million dollars in vehicle recoveries over the past 2 years. Additionally, on
multiple occasions these recoveries have also led to other investigations and the recovery of
contraband to include drugs, guns and monies used in illicit activities. The presenter will provide
several case studies of how these tools were successfully implemented by his Police Department and
by W.A.V.E and describe newly developed techniques they’re using to more efficiently capture
criminals.
O/R Homeland Security: Seeing the Big Picture Beech
Chris Dishman, South Central Region Director, I&A, Department of Homeland Security
o Discussion of the current state of homeland security in the United States. The session will highlight the
similarities and differences between homeland security in America and other countries who address
similar threats. The workshop will also discuss the history which led to the country's current HLS
structure and pose questions regarding its strengths and weaknesses.
O/R Interagency Collaboration and Intelligence Sharing Magnolia A and B
Joe Morras, Federal Bureau of Investigation
Dan Engelhardt, Lieutenant, New Jersey State Police
Mike Cooper, Operation Intelligence Branch Chief, NCTC
Shanna Edwards, NCTC
Sean Evans, Senior Intelligence Officer, ODNI
o Representatives from FBI, DHS, and NCTC will provide an overview of their respective agency
responsibilities and engagement with SLTT and Fusion Centers to include; inter-agency collaboration,
product development, and distribution. The panel will also provide examples of their product lines.
11:40 a.m. – 12:10 p.m. Break-Out Session #7b (second half-hour)
O/R Can Your Information Save A Life? Enhanced Communication Magnolia C
and Officer Safety
o RISS will provide insight into the latest trends in information sharing. Topics will include: Federated
Search with RISS, HSIN, LEEP and Intelink; De-confliction; Multi-Agency Intelligence Sharing; Personal
Identification V-I Authentication.
O/R Countering Violent Extremism and Active Shooter Resource Awareness Terrace
Eric Hall, DHS CVE-AS Program Manager
o To counter violent extremism and prevent active shooter events, the Department of Homeland Security
(DHS) is working with a broad range of government, law enforcement, and civilian partners to gain a
better understanding of the behaviors, tactics and other indicators that could point to potential violent
and/or terrorist activity, and the best ways to mitigate or prevent that activity. One of the venues
utilized by DHS to promote information and intelligence sharing on a broad range of topics is joint DHS
and FBI Countering Violent Extremism and Active Shooter (CVE-AS) web portals on DHS’s Homeland
Security Information Network (HSIN). These portals provide a well-organized listing of topics so users
can quickly locate and access the information relevant to their interests. They provide videos and
training resources as well as a document library with intelligence, federal, academia, outreach
materials, and other resources covering numerous CVE and AS topics. The CVE-AS Fed/LE Portal
provides a forum for the exchange of Unclassified For Official Use Only (FOUO), Sensitive But
Unclassified (SBU) and Law Enforcement Sensitive (LES) information to sworn, full-time, Federal, State
and Local law enforcement officers; federal employees; and military personnel. The Main CVE-AS Portal
shares Unclassified FOUO information with private sector partners, civilian security personnel,
corporate executives, educational institutions/academia, international federal and Law Enforcement
partners, community leaders, and other State and Local partners, as appropriate. Federal and Law
Enforcement users automatically have access to both Portals. In addition to resources, the portals
include information on outreach initiatives, subject matter experts and forums to provide feedback,
share products, and ask questions.
O/R Utilizing Partnerships among Strategic and Tactical Fusion Center Beech
Cecila Garcia, Senior Cyber Intelligence Analyst, Orange County Intelligence Assessment Center
o Both the California State Threat Assessment Center (STAC) and the Orange County Intelligence
Assessment Center’s (OCIAC) operate within the California State Threat Assessment System (STAS), the
award-winning network of California fusion centers. The STAC is a multi-discipline fusion center
focusing largely on strategic threat intelligence in relation to all threats and all hazards facing the state
of California. The OCIAC is a tactical fusion center, focusing on outreach to local stakeholders and
intelligence collection via incident response and case support. The partnership among the OCIAC and
the STAC implements an innovative cyber capabilities function with three defining characteristics: local
reporting, intra-center integration, and inter-center integration. Together, these three distinctive
characteristics constitute a system whose results demonstrate its effectiveness. This arrangement
offers a framework by which small fusion centers with limited cyber capability can lean on the strategic
capabilities of other fusion centers as a means to communicate intelligence. Likewise, the STAC/OCIAC
relationship demonstrates a model by which strategic fusion centers can better integrate regional
reporting into products, acting as a force multiplier given the increased open communication within the
regional intelligence sector. The presentation will identify potential opportunities or best practices for
National Fusion Center partners, and welcome discussion pertinent to areas for improvement across
the FC Network. This presentation will review various UNCLASSIFIED//FOR OFFICIAL USE ONLY
(U//FOUO) case studies that demonstrate both the distinctive characteristics of the OCIAC and STAC’s
Cyber Units, and the centers critical operational capabilities (receive, analyze, disseminate, and gather).
C/A Radicalization, Ideology and Terrorism in the Middle East Magnolia A and B
Ghada Wahdan, Lead Criminal Intelligence Analyst, Colorado Information Analysis Center
o This presentation is intended to provide an introduction to the radical ideology that exists in the Middle
East and its nexus to terrorism, to include an understanding of radical Islam, sectarian division, the
ideology of Jihad in Islam, and social disorganization that leads to destabilization, such as the Arab
Spring. The presentation will also explore the underlying ideology of certain Foreign Terrorist
Organizations (FTOs) and radical organizations such as the Islamic State (IS), Hamas, Hezbollah, Boko
Haram, Al Shabab and the Muslim Brotherhood. Lastly, the presentation will examine the radicalization
process for both domestic and foreign-born extremists, and how propaganda, social media and other
non-traditional forms of messaging are influencing the next generation of terrorists.
12:10 p.m. – 2:00 p.m. Lunch and Speaker Plaza Ballroom
Plenary Presentation:
No Gun Left Behind - New Jersey State Police
The Honorable Suzanne Spaulding, Under Secretary, National Protection and
Programs Directorate , Department of Homeland Security
2:00 p.m. – 2:15 p.m. Break Plaza and Upper Foyers 2:15 p.m. – 3:15 p.m. Break-Out Sessions #8
C/A Joint Assessment Methodology and Challenges Terrace
Lindsay Hovis, Intelligence Analyst Supervisor, Pennsylvania Criminal Intelligence Center
o This presentation will cover the process used to put together the Bakken Crude Oil Trains Joint
Assessment that was released in December 2014, as well as the challenges faced in collaborating with
multiple fusion centers and the private sector (railroads). Eleven fusion centers were involved in the
assessment where Pennsylvania was the primary.
O/R Utilizing Fusion Center Websites to Collaborate with Partners Beech
Dave Hall, Director, Missouri Information Analysis Center
o Presentation of www.MIACX.org and the specialized portals within the website
A. Six regionalized LEO information sharing groups consist of local, state & federal law
enforcement officers.
B. Statewide Intelligence Liaison Officers group consists of members of public safety and
private industry.
C. Statewide organized retail crime group made up of law enforcement officers and retail
investigators.
D. Statewide financial crimes group made up of law enforcement officers and financial crime
investigators.
o This process allows members to share information in a timely manner and, in the case of law
enforcement, better prepare cases for their prosecutor. These projects have provided a bridge
between the intelligence community and other public safety agencies, as well as private partners. It
provides a mechanism for the sharing of information to targeted audiences within specific areas of the
state, as well bordering counties in bordering states. All levels of law enforcement communicate and
participate in the regional intel projects. Retail and financial investigators have better communication
with law enforcement. First responders are provided pertinent information on various items to include
terrorism, making their work safer.
O/R Crime Gun Intelligence Magnolia A and B
Mitchell Ross, Milwaukee Police, Intelligence Fusion Center
Shannon Kail, Crime Analyst, Milwaukee Police, Intelligence Fusion Center
o As of August 2015, the City of Milwaukee experienced a total of 102 Homicides (83 by use of firearm)
and 354 non-fatal shootings. From January to August 2015, the Crime Gun Intelligence Center (CGIC)
provided valuable information on 157 NIBIN Cases (violent firearms) connected to 267 shooting
incidents, with 18 NIBIN cases that involve a 2015 homicide. The Milwaukee IFC established a CGIC in
September 2014 with a more formalized process in March 2015. The CGIC consists of a NIBIN program
& technicians, eTrace/firearm expert, Shotspotter manager, crime analysts, MPD detectives and
officers, ATF Agents, representatives from DOC and probation/parole, district attorney, and supporting
agencies. As a team we utilize the forensics data, technical data, and network analysis to help the
Milwaukee Police Department prioritize cases, areas, and individuals to investigate. Along with above
we have added Training and Outreach for FFL Dealers. This training was developed by the Milwaukee
Fusion Center with the help of other Police Jurisdictions as well as WI. DOJ, ATF, CIB, U S Attorney's
Office, and National Shooting Sports Foundation. This program is a true Fusion Center Outreach and
incorporates NSI-SAR'S, S4 (See Something Say Something") and signs of Criminal Activity /terrorism. It
has been one of several well received outreach programs that help build a relationship between our LE
Partners (at all levels) and Public / Private Sector in order to reduce gun violence and reduce the
number of illegal guns by focusing on “Straw Purchase” education.
C/A Understanding Information Sharing and Analysis Centers (ISAC’s) Walnut
Joe Viens, Director, Enterprise Business Continuity and Crisis Management, Time Warner Cable
Fred Hintermister, Manager, ES-ISAC, NERC
Andy Jabbour, Managing Director, RE-ISAC
Denise Anderson, Executive Director, National Health Information Sharing and Analysis Center
Charles Egli, Lead Analyst, Water Information Sharing and Analysis Center
Michael Arceneaux, Managing Director, Water Information Sharing and Analysis Center
Joshua Poster, Principal Analyst and public Liaison, Surface Transportation and Public Transportation
ISACs
o Building off last year’s ISAC overview presentation, this year, the NFCA has assembled a panel of ISAC’s
representing both lifeline and commercial interests. We will be joined by a panel with representation
from WaterISAC, Electricity Sector ISAC (ES-ISAC), Communications ISAC / NCC, Surface Transportation
& Public Transportation (ST / PT) ISACs and the Financial Services ISAC (FS-ISAC) and moderated by the
Real Estate ISAC (RE-ISAC). The panel will provide overviews of their individual ISAC’s, discuss their
operations, how they partner with government and ways they are or may be able to contribute to and
benefit from the Nation's Fusion Centers. The ISAC’s and their respective members maintain interests
throughout the critical infrastructure environment and work across on all-hazards environment, with
varying levels of focus on cyber threats, terrorism, health and natural hazards.
3:15 p.m. – 3:30 p.m. Networking Break Plaza and Upper Foyers
3:30 p.m. – 5:30 p.m. Closing Plenary Plaza Ballroom
Kerry Sleeper, Assistant Director, Federal Bureau of Investigation
Kshemendra Paul, Program Manager, Information Sharing Environment
Kurt Reuther, Acting Principal Deputy Under Secretary for Intelligence and Analysis, Department of Homeland Security Closing Keynote:
The Honorable Alejandro Mayorkas, Deputy Secretary, Department of Homeland Security Closing Comments:
Mike Sena, President, NFCA
Friday, November 6 8:00 a.m. – 1:30 p.m. Directors-Only Session and Lunch