2015 National Fusion Center Association Annual Training Event

2015 National Fusion Center Association

Annual Training Event

Alexandria Hilton – Mark Center

November 3rd – 5th, 2015 Directors Only Meeting November 6th

Breakout Session Category Code

C/A — Collection and Analysis

M/L — Management and Leadership

O/R — Outreach

E/T — Exercise and Technical Assistance

T/A — Technology Applications

Monday, November 2

5:00 p.m. – 8:00 p.m. Registration Pan Am Foyer

Tuesday, November 3

7:00 a.m. – 5:00 p.m. Registration Pan Am Foyer

8:30 a.m. – 10:30 a.m. Welcome and Keynote Plenary Session Plaza Ballroom

Mike Sena – President, National Fusion Center Association

Presentation of the Colors—Alexandria Police Department

Color Guard

Welcome—Earl L. Cook, Chief of Police—Alexandria, Virginia

Welcome—Colonel W. Steven Flaherty, Superintendent— Virginia State Police

The Honorable James Clapper, Director of National Intelligence

Power Session Presentations:

Working Smarter Through Technical Assistance Advancements and Enhancement

Nationwide Deconfliction Systems

10:30 a.m. Exhibit Area Opens Plaza and Upper Foyers

10:30 a.m. – 11:15 a.m. Networking Break

11:15 a.m. – 12:15 p.m. Break-Out Session #1

E/T Sustaining Cyber Capability, Training and National Operations Magnolia C

Troy Campbell, KCTEW Cyber Threat Intelligence Program

Kelley Goldblatt, Michigan Cyber Command Center

Brett Paradis, Connecticut Intelligence Center

o Recent strides in cyber threat intelligence offer an array of cost-effective tactics for developing your

fusion center’s preparedness for cyberattacks. The NFCA’s Cyber Threat Intelligence Subcommittee

(NFCA-CTI) and Cyber Intelligence Network (CIN) provide best practices for fostering collaborative

efforts among fusion centers to build cyber resilience. Representatives from the CIN will share proven

tactics for using HSIN, CINAware and SitAware to complement internal and joint efforts across fusion

centers to further your mission.

Training:

Determining the right training to take can seem difficult at times. This session will address the various

types of cyber training currently available and the costs associated with them. Online vs in person

training opportunities will be explored as well as training opportunities based on skill sets and desired

goals. It will also address training opportunities available through public and private organizations.

This session is applicable to anyone who seeks to learn more about cyber training opportunities.

National Operations:

Cyber threats are not bound by geographic location. When one organization is attacked, many different

agencies may need to take part in mitigation and response efforts. The National Fusion Center

Association established a Cyber Threat Intelligence Subcommittee in August 2014. The Cyber

Intelligence Network was a product of that subcommittee. The new Cyber Intelligence Network (CIN)

community brings together over 50 agencies from more than 40 states to share tools, training and best

practices. Cyber analysts share standardized information and resources including intelligence product

templates and standard operating procedures. When a cyber-threat is identified, detailed information

is shared with partners to leverage the resources of every fusion center and coordinate an effective

response. Cyber intelligence analysts from across the country regularly post information to HSIN

concerning current threats and discuss incidents that may impact organizations across the country.

Representatives from the CIN will discuss best practices, success stories, how CIN supports the NFCA,

the uses of both CINAware and SitAware complement each other, how to incorporate your center in

the CIN, and how to find more information.

O/R Navigating Fusion Center Responses to Critical Incidents Terrace

Ryan Walsh, Senior Intelligence Analyst, Boston Regional Intelligence Center

Mark Bachta, Supervisory Intelligence Analyst, Boston Regional Intelligence Center

Melinda Gottesman, Intelligence Analyst, Joint Regional Intelligence Center in Los Angeles

Jennifer O’Keefe, Senior Intelligence Analyst, Joint Regional Intelligence Center in Los Angeles

o The Boston Regional Intelligence Center (BRIC) and Joint Regional Intelligence Center (JRIC) will share

their findings from a June 2015 analytic exchange to discuss critical incidents that have impacted their

areas of responsibilities including, but not limited to: the 2013 Boston Marathon Bombing and the 2013

search for Christopher Dorner. During the exchange, analysts discussed their roles supporting

command posts and investigations in response to the aforementioned incidents in addition to other

incidents and special events. The BRIC and JRIC will present best practices and success stories, areas for

improvement, steps taken to create an after action report, and ways in which we have prepared for

future critical incidents. The goal is for fusion center partners to be better positioned to assess ways in

which they can assist public safety efforts when a critical incident arises in their AOR.

C/A Fusion Center Participation in National Production Planning Beech

James Sung, DHS/I&A

Alex McClain, DHS I&A

Rick Smith, Greater Cincinnati Fusion Center

Jorhena Thomas, Washington Regional Threat Analysis Center

Kristina Bomba, Colorado Information Analysis Center

Samantha Korta, Wisconsin Statewide Information Center

o This talk/panel will discuss how fusion centers can take an active role in shaping, contributing to, and

participating in national-level intelligence production planning efforts. We will accomplish this through

a three-part session. 1) DHS/I&A/National Programs will describe the National Network of Fusion

Centers (NNFC) Compendium of Key Intelligence Questions effort, the value to the NNFC and DHS, how

centers can contribute, and the timeline for development. 2) DHS/I&A/Planning and Analytic

Standards will discuss how the NNFC questions are used in a national planning initiative, the Homeland

Security Intelligence Enterprise Program of Analysis (POA). DHS will describe the concept of the POA,

the purpose of the effort, and the process, including the participants and the timeline for development.

3) Fusion Center personnel who participated in this year's POA development effort will then engage in

a panel discussion to give their views of the experience, key takeaways, and how participation

benefited (or will benefit) them personally, their center, their region, and the fusion center network as

a whole. Fusion centers on the panel will include: Colorado, Greater Cincinnati, Washington DC, and

Wisconsin.

T/A Cyber In the Field – Operation Water Snake – Detect and Deter program Magnolia A and B

Devin King, Intelligence Officer, Louisiana State Analytical & Fusion Exchange


o Operation Water Snake:

Brief of the results, tactics and techniques used during Operation Water Snake, a joint endeavor

between the U.S. Coast Guard Sector New Orleans Intel (USCG) and the Louisiana State Analytical &

Fusion Exchange (LA-SAFE) that focused on identifying cyber wireless vulnerabilities with CIKR facilities

along the Mississippi River.

o Detect And Deter program:

Detect And Deter, a joint KCTEW/ FBI program is advancing the ability of fusion centers to work jointly

with their local federal partners to aid in the detection of persistent malware that may already reside in

CIKR private and SLTT systems. The presentation will show how a fusion center can use the program in

their AOR, increasing their analysis capability while contributing to the intelligence pool of the NNFC

and their federal partners.

O/R Beyond Outreach 101: Building on the Successes of Private Sector Walnut Information Sharing by Integrating Disaster Intelligence and all Public Safety Partners

Ashley Reichert, Critical Infrastructure Specialist, Illinois Statewide Terrorism and Intelligence Center

Alana Sorrentino, Emergency Management Intelligence Officer, Illinois State Police - Statewide

Terrorism & Intelligence Center

o The need for information sharing with the private sector has been recognized among fusion centers, but how to keep partners engaged and growing the program can be a process of trial and error. The Statewide Terrorism & Intelligence Center’s private sector information sharing program, Infrastructure Security Awareness (ISA), was formed in September 2004. The program was restructured in 2006 after receiving feedback from private sector members and was further enhanced in 2010 with the addition of a dedicated private sector program manager. In 2011, the private sector became integrated with the newly created Business Emergency Operations Center (BEOC). This session will address how the private sector program was developed, membership recruitment, developing trusted relationships, keeping members engaged and continued growth, as well as lessons learned and best practices for developing and maintaining a private sector program. Building on the successes of the private sector program, the STIC integrated cyber, disaster intelligence, emergency management, fire service, public health, and school safety partners for information sharing. The need for integration of other public safety partners was recognized after realizing the successes of information sharing with the private sector. The private sector and the fusion center have several other information needs that can be met by the exchange of data among other public outreach partners, as many of these information needs cross these program areas. The collaboration with the BEOC proved valuable, and disaster intelligence has become a crucial

part of information sharing with the private sector. The Emergency Management (EM) Intelligence Officer position was created in 2013 to ensure outreach to local emergency preparedness professionals. Partnerships including those established with the Illinois Emergency Management Agency, local emergency management associations, outreach program analysts, and disaster management officials will be addressed, as well as lessons learned and best practices. For continued program growth, new ways of sharing information have been developed and implemented across all outreach programs. The collaborative partnerships among the fusion center offer the ability to share information based on the total needs of the public outreach programs. Recent success has been found through utilization of the HSIN Connect Public Safety Room that is activated during disasters and available to all members from outreach programs. This dynamic field of information sharing and collaboration provides the forum for continued program growth.

12:15 p.m. – 2:00 p.m. Lunch and Plenary Session Plaza Ballroom

Power Session Presentation:

National Counter Intelligence and Security Center

Plenary Session Presentation:

Islamic State Social Media: Potential Indicators of Foreshadowing

Heather Perez, Intelligence Analyst, Central Florida Intelligence Exchange

2:00 p.m. – 2:15 p.m. Break Plaza and Upper Foyers

2:15 p.m. – 3:15 p.m. Break-Out Session #2

O/R ATF Investigations and Illicit Firearms Trafficking Magnolia C

Jose R. Vazquez, Deputy Chief, ATF - Criminal Intelligence Division

o Personnel from ATF’s Office of Strategic Intelligence and Information will present an overview about

how ATF employs intelligence techniques in order to investigate violations under ATF’s jurisdictional

purview that occur online.

O/R Securing the Borders Terrace

Bill Chandler, Director, Minnesota Fusion Center

Dale Avant, Deputy Assistant Director, Texas Department of Public Safety

Robert Harris, Director, JTF-West

o This session will provide an overview of Texas, Federal, State and local law enforcement operations

implemented to deter Mexican Cartel drug and human smuggling operations and reduce the associated

transnational crime in our border communities, such as, home invasions, felony pursuits and stash

house-related extortions and kidnappings.

o The Minnesota Commissioner of Public Safety/HSA directed the Minnesota Fusion Center to conduct

an all-hazard but law enforcement centric assessment of the state’s northern border to address on-

going concerns. The Minnesota Fusion Center partnered with local, county, state, tribal and federal

partners and stakeholders to create an assessment addressing terrorism, criminal activity, all-hazard

information, critical resources and identifying gaps. Attendees will learn how the assessment outreach

and management has been conducted and the current state of the assessment involving over 30

partner agencies.

o This session will also inform attendees of the newly established DHS Southern Border and Approaches

Campaign / Joint Task Force West. The key objective of Joint Task Force-West (JTF-W) is to integrate

and align intelligence capabilities to achieve JTF-W missions. To achieve this goal the JTF-W

Headquarters actively supports the existing relationships of the JTF-W California, Arizona, New

Mexico/West Texas and South Texas Corridors with their respective State and Local Fusion Centers.

E/T Joint Terrorism Task Force Collaborative Efforts Beech

Lead Tactical Intelligence Analyst, Orange County Intelligence Assessment Center

Alberto Martinez, Deputy Director, Orange County Intelligence Assessment Center

FBI Representatives

o The FBI Orange County (California) Resident Agency Office, Joint Terrorism Task Force (JTTF) works

in collaboration with the Orange County Intelligence Assessment Center (OCIAC), California to

effectively coordinate the identification of individuals attempting to provide material support to a

Foreign Terrorist Organizations (FTO’s). The Orange County JTTF and OCIAC developed a model to

integrate information sharing by leveraging each organization’s strengths and capabilities to

identify on-line behavior of individuals possibly sympathizing with, inspired by and supporting

FTO’s. The trusting relationship established by the JTTF and fusion center integrated the strengths

of the fusion center by leveraging the OCIAC’s real-time open source monitoring analysis of data

openly available in the public domain, specifically the identification of extremist propaganda

impacting the homeland and southern California. The model serves as an effective example of the

merging of federal and local assets to create the partnerships necessary to successfully impact HVE

activity.

o This panel will discuss best practices in finding and analyzing intelligence for better collaboration

and dissemination. The discussion will also talk about various databases, access to systems, and

the different battle rhythms analysts follow to read through daily intelligence traffic.

T/A Open Source Tools for Forensics, Incident Response and Cyber Exercises (Red Teams) Magnolia A and B

Devin King, Intelligence Officer, Louisiana State Analytical & Fusion Exchange


o Open Source Tools for Forensics and Incident Response:

A case study overview utilizing open source tools to assist incident responders during a byer incident.

Tools to be discussed include Autopsy, The Sleuth Kit, Hashcat, John the Ripper and others.

o RED TEAMS – Cyber Exercise Support of Partner Agencies:

There are over 18,500 SLTT LE agencies in the US, most with minimal or no cyber security capability.

This session will show how the results from a spear phishing RED TEAM exercise led by the fusion

center can promote cyber safety, cyber threat awareness and encourage implementation of polices for

those partners while promoting the sharing of Cyber Intelligence from those agencies. The

presentation will show the process of proposing the EX, the steps involved with execution, how to

interpret the results, presentation of the results to the partner agency and discuss pitfalls to avoid.

3:15 p.m. – 4:00 p.m. Networking Break Plaza and Upper Foyers


C/A Digital Forensics Collection and Analysis: Trends, Tools and Best Practices Magnolia C

David Carabin, Director, Boston Regional Intelligence Center

Glenn Fueston, Associate Deputy Director Washington Baltimore HIDTA

Ben Lewis, Computer Crime Specialist, NWC3 Computer Crime Section

Glenn Hickok, President, MSAB

o The number of mobile device connections currently exceeds 7 billion globally and is growing

exponentially. This explosive growth and usage of mobile device connections and applications over

the past decade has led to creation of critical bodies of evidence associated with most crimes

committed globally, as well as information critical to threat analysis and assessment. Digital forensics

tools that extract and analyze data from mobile devices reveal information establishing location, intent,

actions and interactions of individuals. Moderated by Boston Regional Intelligence Center Director

David Carabin, this presentation focuses on commonly used tactics for effectively and efficiently

recovering and analyzing mobile device data, evolving innovations in technology, how digital forensics

collection and analysis is integral to the four Critical Operating Capabilities and legal and technical

trends currently shaping the role of digital forensics.

M/L Technology, Fusion Centers and P/CRCL: Managing the Risk and Terrace

Avoiding Public Meltdowns

Ayn Crawley – Director, Civil Rights and Civil Liberties Institute, DHS, Office for Civil Rights and Civil

Liberties

David Desmki, Law and Technology Analyst, Civil Rights and Civil Liberties Institute, DHS, Office for Civil

Rights and Civil Liberties

Annelsie Martin, Special Assistant to the Director, Civil Rights and Civil Liberties Institute, DHS, Office

for Civil Rights and Civil Liberties

o In many instances law and policy are far behind the emerging technologies for data collection and

information sharing that are potentially available to fusion centers. As fusion center directors, you are

charged with ensuring the privacy, civil rights and civil liberties considerations are well integrated into

your centers operations. This can be particularly challenging when considering some of the new

technologies. Where to begin? This session will provide a quick overview of many of the new (and not

so new) technologies with an examination of the potential P/CRCL red flags that should be taken into

consideration when acquiring or deploying new technology. We will also discuss strategies to mitigate

those risks. Use of biometric data – geolocation data (mobile phones/Stingray/Dirtbox/Wearables) -

LPR data (linked with other data - facial recognition) – unmanned aerial surveillance (many jurisdictions

are creating a range of innovative uses – data use considerations).

O/R TLO Program Coordination Beech

James Lopey, Nevada Threat Analysis Center

Chris Kusayanagi, Terrorism Liaison Officer, Program Manager, Joint Regional Intelligence Center in Los

Angeles

Remon Girgis, Deputy Sheriff, Los Angeles County Sheriff’s Department

Ervin Engelhardt, Terrorism Liaison Officer, Assistant Program Manager, Central California Intelligence

Center

o California has six DHS-designated fusion centers: four regional centers, known as Regional Threat

Assessment Centers (RTACs), covering the entire territory in the State, one urban area center, the

Orange County Intelligence Assessment Center (OCIAC), and the State Threat Assessment Center

(STAC). Terrorism Liaison Officer (TLO) programs are operated in each of the RTACs and the OCIAC and

are managed at the regional and local level. The individual RTAC TLO programs regularly coordinate

with the STAC and also receive leads, as appropriate. In an effort to develop consistency among TLO

programs in each of these regional and local centers, a working group was formed among the TLO

managers from each of the centers to develop minimum standards. As a result, a common

understanding and minimum requirements now exists among all TLOs across the State. This

presentation will highlight the best practices identified during the development of the California Fusion

Center’s TLO Program, provide details on how the TLO working group collaborates on developing new

courses and maintains a clear and consistent training program, and will also include the obstacles and

challenges the program has endured and how we have overcome them.

o Forming sustained and effective fusion liaison officer and critical infrastructure programs in rural areas

can be challenging. However costs can be kept at a minimum while traveling and forming important

relationships with federal, state, city, county and tribal agencies. NTAC has been able to deliver

consistent and effective fusion liaison related training in nearly every venue within the state, while at

the same time forging important relationships with health, police, fire, emergency medical, the military

and private sector, while maintaining a network of statewide FLOs. At the same time outreach with the

tribal areas has been very meaningful and productive as well. The presentation will share some lessons

learned and will outline some of the things that have worked in our area of operation. Included in the

presentation is an overview of TLO/FLO Training courses that have proven to be time-tested and cost

effective.

E/T Building Blocks of a State ISE Magnolia A and B

James Sheehan, Program Manager, Northern NJ-Newark/Jersey City UASI

Kshemendra Paul, Program Manager, Information Sharing Environment

Tom O’Reilly, Director, The Police Institute, School of Criminal Justice, Rutgers University

Al Ponenti, Director, New Jersey Regional Operations Intelligence Center

o For the past 2 years the State of NJ has been working towards the establishment of a State Information

Sharing Environment. The effort includes already built components, new projects, policy modifications

and enhancements, and most significantly; a collaborative effort between local, state and federal

partners, along with vendors and service providers. This has not been a jump up and down success

story, in fact it has been, and continues to be an arduous and difficult journey, and that story has value

for the network. Many of the gaps that became evident during this process have resulted in

enhancements such as the establishment of a Real Time Crime Center as a subsidiary of the ROIC. The

Fusion Center has been the focal point of the effort, but the components cross jurisdictions,

organizations and disciplines, as do the obstacles. This presentation will highlight both success and

failure, with an emphasis on the value of effort.

5:30 p.m. – 8:00 p.m. Reception Plaza and Upper Foyers

Wednesday, November 4

7:00 a.m. – 5:00 p.m. Registration Pan Am Foyer

8:00 a.m. – 8:30 a.m. Exhibit Area Open Plaza and Upper Foyers

8:30 a.m. – 10:30 a.m. Plenary Session Plaza Ballroom

The Honorable James Comey, Director—Federal Bureau

of Investigation


Nlets—The International Justice and Public Safety Network

Opportunities for Fusion Centers to Participate in the Maritime Domain

Overview of El Paso Intelligence Center's IT Capabilities

FBI Showcasing Office of the Director of National Intelligence Online Course

Introduction to the ISACs and the NCCIC

Domestic Highway Enforcement Strategy and Information Sharing HIDTA Strategy

Regional Information Sharing Systems

10:30 a.m. – 11:15 a.m. Networking Break Plaza and Upper Foyers

11:15 a.m. – 12:15 p.m. Break-Out Session #4

C/A Violent Extremism Special Briefing - 2014 Las Vegas Police Ambush Magnolia C

Dori Koren, Sergeant, LVMPD Counterterrorism Unit

Bill Brewer, Detective, LVMPD Counterterrorism Unit

o In June 2014, a pair of violent extremists assassinated two police officers as they were eating lunch at a

local cafe in Las Vegas. Immediately upon executing the officers, the suspects declared a revolution

against the US government, and then proceeded to a nearby Walmart, where they continued their

attack. While motivated by a different ideology, the two shooters were radicalized and mobilized to

violence for many of the same reasons that fuel foreign-inspired homegrown violent extremists.

Following the attack, the Las Vegas Metropolitan Police Department (LVMPD) Counterterrorism (CT)

Unit launched a secondary investigation to identify and learn from the personal, sociological, and

political factors that drove this couple to violence. In conjunction with the LVMPD Homicide and Critical

Incident Response Team, the CT unit evaluated large amounts of evidence, interviewed a number of

associates, and retraced the history of both subjects. This briefing will highlight the terrorism-related

findings of this effort, with a particular focus on the concepts of radicalization and mobilization. The

shooters, who self-identified as terrorists, expressed an interest to martyr themselves for what they

believed to be a greater cause. The factors that caused the subjects' to transition from extremism to

violent extremism, as well as the role of social networks, propaganda, counter-messaging, tactics, and

group dynamics will be discussed. Providing this briefing will be Sergeant Dori Koren and Detective Bill

Brewer, who were intricately involved in the investigation and the prevention efforts that followed.

T/A Building Cyber Capabilities Through Collaboration Terrace

Brett Paradis, Intelligence Analyst, Connecticut Intelligence Center

Craig Dziedzic, General Manager, Bay Area UASI

Brian Rodrigues, Northern California Regional Intelligence Center

o In May 2013, the CA Bay Area’s fusion center, the Northern California Regional Intelligence Center

(NCRIC), established a Cyber Unit to collect and share cyber information as well as to provide

intelligence, analysis, and defense. In August of that same year, the Bay Area’s regional governing body

allocated over $400,000 in Urban Areas Security Initiative (UASI) grant funds to support the hiring of

cyber unit analyst positions for a twelve month period. Deliverables of the unit included providing

assessments and strategic analysis of cyber threats to the region and developing and providing end

user training to the NCRIC’s regional partners. Since then, the NCRIC has conducted outreach and

offered assessments and analysis to any of the region’s jurisdictions that make a request. Response

was slow at first, but when a story appeared in the Bay Area UASI newsletter, a number of other

jurisdictions requested their services. In addition end user trainings began. A simple, one hour

PowerPoint presentation for end users was developed and presented to the four Hub areas of the Bay

Area. This project has been viewed as a best practice within the Bay Area region as the fusion center

acted in partnership with the 12 county Bay Area region to provide information sharing across all

disciplines and levels of government. Moreover, the outreach conducted by the Bay Area UASI

provided the fusion center with an opportunity to work with key stakeholders from around the region.

This presentation will include speakers from both the Bay Area UASI and the NCRIC to discuss how the

project was developed and the challenges faced.

o This session will also cover the Connecticut Intelligence Center's Cyber Analysis Program. Some topics

will include, discussions of the CT Cyber Organizations that the Fusion Center interacts with, shares

information with, and receives information from. The day to day activities and practices utilized by the

Fusion Center in responding to Cyber related incidents. The session will also discuss some lessons

learned, and best practices. Finally the session will cover brief examples of COC1 Receive, COC2

Analysis, COC3 Dissemination, and COC4 Gather.

C/A Analytic Approach to investigating Shootings Beech

Joseph Brennan, Detective Sergeant, New Jersey State Police

Mike Dunn, Wynyard Group

o The Newark Regional Real Time Crime Center has a piloted an analytical program to identify gun

traffickers and purchasers within the CorrStat focus area of the Newark-Jersey City Urban Area. The

program utilizes data from NIBN E Trace Arrests shootings and seizures to connect disparate data

points to provide an actionable analysis of "Straw Purchasers" and the distribution of crime guns in

some of America's most violent cities.

C/A Vetting possible Pro-Foreign Terrorist Organization social media accounts Magnolia A and B

Lead Tactical Analyst for the Orange County Intelligence Assessment Center (OCIAC)

o This presentation will focus on effective and efficient efforts by a combination of fusion centers at

countering online activity of violent extremists, both at the tactical level to support investigations, as

well as working with partner fusion centers to providing strategic context of the threat for state-level

decision makers. OCIAC Tactical Analysis unit will focus on best practices on how to identify and vet

indicators of pro-Foreign Terrorist Organization online activity and possible mobilization to violence in

support of those organizations, focusing on tools and techniques used to identify possible accounts in

the local AoR or accounts advocating violence toward targets at the local level. This will include a

discussion of best practices on how to analyze and disseminate information to develop actionable

intelligence with partner agencies, while adhering to legal, civil rights, and privacy-related issues.

C/A Tactical Analysis Units: A Vital Component for All Fusion Centers Walnut

Jane Chung, JRIC Tactical Analysis Unit Supervisor

Melinda Gottesman, JRIC Tactical Analysis Unit Senior Intelligence Analyst

o The JRIC Tactical Analysis Unit (TAU) is a well-integrated HIDTA/Homeland, local/federal, sworn/civilian,

departmental/contractor staffed team with storied backgrounds and diverse expertise. This

presentation from TAU will highlight best practices of fusing intelligence and law enforcement

tradecraft in order to provide analytical case support to law enforcement investigators, and make the

case that all Fusion Centers should have a highly trained tactical unit; both to better understand the

crimes affecting their community, as well as to be able to support major criminal or terrorist events as

they occur. Presenters will discuss how JRIC TAU adds value to criminal and terrorism investigations;

working hand-in-hand with investigators to locate fugitives, provide detailed pattern of life analyses,

comprehensive takedown packages for field operations, and uncover criminal conspiracies. Presenters

will also discuss the value of leveraging HIDTA ISS and Fusion Center networks to enhance

investigations, forward-deploying tactical analysts to command posts, and creative exploitation of

social media analytics tools.

12:15 p.m. – 2:00 p.m. Lunch, Speaker, and Awards Plaza Ballroom


FBI e-Guardian Overview

DoD CIO's GMAP Pilot and Partnership with State and Urban Fusion Centers and the

National Fusion Center Association

The Honorable Francis X. Taylor, Under Secretary,

Intelligence and Analysis, U.S. Department of Homeland Security

2:00 p.m. – 2:15 p.m. Break Plaza and Upper Foyers


C/A Threats of Violence Targeting Law Enforcement and Military Magnolia C

Robin Liberto, Senior Intelligence Analyst, Virginia Fusion Center

Megan Molnar, Virginia Fusion Center

Joshua Franklin, Virginia Fusion Center

o This presentation, followed by a panel discussion, will look at the threats of violence targeting law

enforcement and military perpetrated by foreign terrorist organizations such as ISIL as well as those

threats conveyed by gangs against law enforcement and military personnel. The goal of this discussion

will be to address some of the driving factors influencing this threat stream including the prevalence of

social media as a major platform for threatening communications, the enticement and influence of

propaganda, and some of the psychological factors impacting the targeting of individuals based on

their occupation or organizational affiliation. Fusion Center personnel need to be able to recognize and

stay abreast of the factors influencing the current threats against law enforcement and the military as

well as be able to capture and collect that information when it is present in online platforms.

Regarding the four Enabling Capabilities, this topic impacts the first capability of privacy, civil rights,

and civil liberties protections, in addition to the second enabling capability of a sustainment strategy

for long-term growth of the National Network. Any discussion regarding threats directed at individuals

has to consider privacy and civil rights for what investigative measures and follow up are appropriate.

Additionally, in order to sustain long term growth, fusion centers need to have the capability to detect

and investigate evolving threats, especially as social media continues to be a platform for

communicating these threats and fostering propaganda eliciting support for terrorist organizations and

the promotion of criminal gang activity.

O/R Active Shooter: Three Years of Progress Terrace

Katherine Schweit, Section Chief, Federal Bureau of Investigation

o After the tragedy at Sandy Hook, the White House announced its Now is the Time Initiative, a multi-

agency effort aimed at reducing gun violence. In support of the this effort, the FBI has dedicated a staff

to work with other federal agencies, the White House, and state and local law enforcement on finding

ways to better prevent and recover from active shooter incidents. It is our goal to train law

enforcement officers and other first responders on the best practices to prevent and reduce harm in

active shooter incidents. This presentation will cover our most recent efforts and what we have learned

over the past three years working on this initiative. Chief among lessons learned is that no single

agency, no matter how big, has all of the resources and skills needed to address and respond to active

shooter events. Each agency has a unique role to play and collaboration is vital to these efforts. In this

way, fusion centers are essential to this process as they have become a focal point for gathering and

sharing information as well as strengthening and building new relationships among all law

enforcement.

E/T Persistent Monitoring Feed of Critical Infrastructure Assets Beech

P.J. Davis, Intelligence Analyst, Critical Infrastructure Protection, Orange County Intelligence

Assessment Center

Andrew Carlson, Critical Infrastructure Assessor, Joint Regional Intelligence Center

Nathaniel Watson, Intelligence Analyst, Joint Regional Intelligence Center

o Currently most fusion centers operate with a particular focus on countering acts of terror or major

criminal incidents within their jurisdiction. While appropriate, this “present day” perspective, if not

balanced with a longer-term view, may inordinately constrain critical infrastructure protection efforts.

The threat landscape of the 21st Century will not mimic that of the last three decades. Rather,

America’s geopolitical situation increasingly points to a future characterized by competition, if not

confrontation, with nation-state actors across the globe. For infrastructure owners responsible for

capital investment related to security, protecting against today’s threat may prove insufficient in 5-20

years. CIP in the 21st century must expand its perspective to consider the threat posed by possible

nation-state adversaries.

o The Persistent Monitoring Feed is an automatic search and results storing technique created utilizing

Palantir. The Feed automatically collects data from multiple sources using specific search terms,

Boolean search methodologies, and geographically demarcated spaces. We were motivated to create

the Persistent Monitoring Feed in order to ease the querying of information of activity around critical

infrastructure sites and provide data for analysis in studies. Currently, data that the Feed captures is

available within Palantir; however, specific queries must be created to capture this data on a case-by-

case basis. Personnel assigned to the Joint Regional Intelligence Center, working in collaboration with

Los Angeles Sheriff Department and Palantir developed the Persistent Monitoring Feed to create a

query engine specifically focused on critical infrastructure sites. The Feed presents information on a

scheduled basis as an email document that can be quickly scanned for information of importance to

personnel assigned critical infrastructure duties. We collect information to establish a baseline of

activity and track changes in activity. As we move forward, we will be adding additional sites and

examining search results. Adding sites and creating detailed exclusions and allowances will be the most

time intensive. The results of our efforts will provide a historical description of specific events

pertaining to critical infrastructure and provide a database where data is compared and contrasted

across sectors of critical infrastructure within Los Angeles County. In conclusion, we have come a long

way in developing the concept, creating the Persistent Feed Monitor system, and are now refining our

approach to the continuous search parameters. We believe this work can be replicated using available

information systems currently in use within the fusion centers nationwide.

O/R Fusion Center Collaboration Leads to Successful Public Health Integration Magnolia A and B

Cara Barnett, Public Health Intelligence Officer, Illinois’ Statewide Terrorism & Intelligence Center

Phillip Perez, Weapons of Mass Destruction (WMD) Medical Intelligence Analyst, Joint Regional

Intelligence Center

Heather Brown, Medical and Public Health Readiness Coordinator, State and Local Initiatives Branch,

Department of Homeland Security

o This session will discuss the process for developing the Public Health Information Sharing (PHIS)

program at the Statewide Terrorism and Intelligence Center (STIC) in Illinois. The program was initiated

in September 2014 and designed as a cooperative engagement to share vital, for official use only

(FOUO) information and ensure the timely dissemination of emerging public health and medical

information and intelligence to those with a need to know. The PHIS Program is an information

exchange and communications platform for public health stakeholders to share information regarding

infectious and communicable diseases, bioterrorism, environmental health, drug trends, emergency

preparedness and response, and other topics associated with health promotion and protection. It will

explain how the PHIS Program was developed through the integration of public health into the fusion

center, the recruitment of key public stakeholders, daily operations, and how it is able to disseminate

pertinent information to its partners. This session will demonstrate how the PHIS program has matured

and expanded all within its first year. Peer-to-peer collaboration among national network partners can

provide support to fusion centers that are building public health partnerships so that information

exchange and communication between partners occurs not just after a new public health crisis has

emerged but on a routine, everyday basis.

C/A Cyber Threats to SLTT Governments Walnut

Richard J. Licht, Vice President, Integrated Intelligence Center, Security Operations, Center for Internet

Security

o State, local, tribal, and territorial (SLTT) governments represent a substantial portion of the cyber

security posture of the United States, encompassing more than 38,000 government entities. The Multi-

State Information Sharing and Analysis Center (MS-ISAC) will share its situational awareness of the

current cyber threat environment in state, local, tribal and territorial (SLTT) governments, with a focus

on the wide variety of cyber threat actors targeting SLTT governments, the most common targets, and

the prevalent cybercrime techniques as observed by MS-ISAC and the federal government. This

presentation will then look at where SLTT government cyber operations are heading and some of the

best and most interesting uses of new technologies in traditional operations.



O/R Human Trafficking: Sharing Information to Better Understand the Threat Magnolia C

Jessica Garcia, Intelligence Analyst, Texas Department of Public Safety

Ramona Carey, Senior Intelligence Analyst, Human Smuggling and Trafficking Center

Teresa Collier, Intelligence Analyst, Alabama Fusion Center

Jay Moseley, Director, Alabama Fusion Center

o The panel will discuss what the federal government is doing to combat human trafficking as well as talk

about the efforts states are doing to combat the threat. The panel will discuss how fusion centers can

work with federal partners as well as discuss how federal agencies can work with their state partners.

The panel will discuss challenges they face within their geographical areas such as sharing information,

creating and sustaining human trafficking task forces along with examples of how fusion centers can

collaborate between one another.

M/L Social Media Analysis Terrace

Dan Mahoney, Deputy Director, Northern California Regional Intelligence Center

Star Cazador, Northern California Regional Intelligence Center

o Fusion centers are increasingly asked to leverage emerging social media technology during large scale

events with the expectation it will be a security force multiplier. Often, analysts are provided out-of-

the-box media monitoring solutions with little to no formal training or tradecraft experience. The risk

to fusion centers in this arena is they will be held responsible for collecting vast troves of useless

information or even worse, miss critical information. As the social media world accelerates forward, so

too must the role of fusion centers in social media monitoring tradecraft.

o This session will cover the use of different social media monitoring and analysis tools during Special

Event support. The presentation will cover the work done by the NFCA Social Media Working Group,

policy guidelines, P/CRCL issues, and case studies of how Social Media Analysis has aided Law

Enforcement.

C/A Location-Based Analysis of Telecommunication Records Magnolia A and B

Diana White, Lead Intelligence Analyst, Northern California HIDTA

Al Meger, Uncharted Software

o When working on complex investigations, analysts are tasked with connecting the dots between people

and events. Location awareness is critical in developing the big picture, and telephones are a rich

source of location data. Specifically, Call Detail Records (CDRs) and live pings can be used to produce a

visual representation of phone location data that is easy for analysts and investigators to understand.

These records can also be used to develop a timeline showing a sequence of events or a subject’s

pattern of life. Traditionally, event timelines and telecommunication analysis were performed

separately, but new technology can provide a detailed, animated view of where and when events are

taking place. This presentation will begin with a brief explanation of how telephone networks work, an

overview of methods and best practices in analyzing phone location data, and examples of products

generated from successful phone analysis cases. Then, the presenters will discuss how analyzing Call

Detail Records using animation and 3-D visualization enhances law enforcement investigations. This

will be demonstrated using the GeoTime software and the Call Records Tool plugin.

C/A JRIC Threat Prioritization Process Best Practices Walnut

Alex Carillo, Lead Strategic Intelligence Analyst, Orange County Intelligence Assessment Center

Natalya Garber, Strategic Intelligence Analyst, Joint Regional Intelligence Center, Los Angeles

Meredith Young, Strategic Analysis Branch Manager, Joint Regional Intelligence Center

o The threat prioritization process (TPP) prioritizes threat topics to identify information gaps and align

internal resource allocation. This process was developed and used to determine major threats as

identified by partner agencies in the Joint Regional Intelligence Center (JRIC) area of responsibility

(AOR), arrive at a comprehensive threat picture for the region, and align the JRIC's products and

services. Information was derived from 18 months of external data collection (e.g., surveys, focus

groups), internal data analysis (e.g., requests for information), and focus group meetings with local law

enforcement, military, fire, public health, critical infrastructure, and private sector partners. The TPP

was adapted from and intended to complement the FBI’s Threat Review Process (TRP) and the Major

City Chief’s Association’s Criminal Intelligence Enterprise (CIE). This session will highlight the best

practices identified while executing the first iteration of the TPP, how each fusion center can scale the

JRIC’s TPP to accommodate their own capabilities and needs, and how this process benefits each fusion

center as well as the overarching fusion center network. The presentation will detail the process

involved in setting up, executing, and analyzing data from each of the three TPP phases (surveys,

internal data, and focus groups), including how the JRIC worked with the Orange County Intelligence

Assessment Center (OCIAC) to host one of the focus group meetings and how the OCIAC adapted the

TPP to meet their needs.

6:00 p.m. – 10:00 p.m. Dinner Options in Old Town Alexandria

Thursday, November 5

8:00 a.m. Exhibit Area Opens Plaza and Upper Foyers

8:30 a.m. – 10:30 a.m. Plenary Session Plaza Ballroom


Overview of the Terrorist Screening Center

Mobile BATS (mBATS) –The Real-time National Reporting of Arson and Explosives

Incidents for the U.S.

Fusion Center Participation in DHS Watchlisting

Private Sector/COAE Update

ONDI - IC Analytic Standards

Fusion Center / CIS Cyber Pilot Overview

Homeland Security Information Network

10:20 a.m. – 11:00 a.m. Networking Break Plaza and Upper Foyers

11:00 a.m. – 11:30 a.m. Break-Out Session #7a (first half-hour)

E/T The Emerging Threat of a Complex Attack Magnolia C

Kathleen Stanley, Battalion Chief, Fairfax County Fire and Rescue

o This presentation will examine complex attacks that have occurred on US soil and compare that to the

current active shooter planning. We will review one case in detail, Santa Monica College attack, and

examine the current elements of an attack. Discussed during the presentation will be the elements of a

complex attack, recent thwarted attacks, and possible countermeasures for first responders during an

attack. Attendees will receive products developed to enhance awareness and training on complex

attacks.

C/A Use of Investigative Tools and Vehicle Data to Capture Criminals Terrace

David Mohr, Sergeant, Prince George’s County Police Department

o This session will illustrate how Prince George’s County Police Department has used mobile application

devices, vehicle databases, and VIN tracking investigative tools to capture criminals committing auto

theft, homicide, robbery, and gang/drug related crimes. They've had great success in

implementing/developing these tools for their Police Department and for “W.A.V.E.” The Washington

Area Vehicle Enforcement Task Force. These tools are now being implemented by Fusion Centers

affording them access to two nationwide databases and vehicle investigative tracking tools; thereby

enhancing their critical baseline capabilities of providing analyst support to a wide variety of criminal

investigations. Based on the use of these tools, Prince George’s County Police Department and W.A.V.E

have recovered in several million dollars in vehicle recoveries over the past 2 years. Additionally, on

multiple occasions these recoveries have also led to other investigations and the recovery of

contraband to include drugs, guns and monies used in illicit activities. The presenter will provide

several case studies of how these tools were successfully implemented by his Police Department and

by W.A.V.E and describe newly developed techniques they’re using to more efficiently capture

criminals.

O/R Homeland Security: Seeing the Big Picture Beech

Chris Dishman, South Central Region Director, I&A, Department of Homeland Security

o Discussion of the current state of homeland security in the United States. The session will highlight the

similarities and differences between homeland security in America and other countries who address

similar threats. The workshop will also discuss the history which led to the country's current HLS

structure and pose questions regarding its strengths and weaknesses.

O/R Interagency Collaboration and Intelligence Sharing Magnolia A and B

Joe Morras, Federal Bureau of Investigation

Dan Engelhardt, Lieutenant, New Jersey State Police

Mike Cooper, Operation Intelligence Branch Chief, NCTC

Shanna Edwards, NCTC

Sean Evans, Senior Intelligence Officer, ODNI

o Representatives from FBI, DHS, and NCTC will provide an overview of their respective agency

responsibilities and engagement with SLTT and Fusion Centers to include; inter-agency collaboration,

product development, and distribution. The panel will also provide examples of their product lines.

11:40 a.m. – 12:10 p.m. Break-Out Session #7b (second half-hour)

O/R Can Your Information Save A Life? Enhanced Communication Magnolia C

and Officer Safety

o RISS will provide insight into the latest trends in information sharing. Topics will include: Federated

Search with RISS, HSIN, LEEP and Intelink; De-confliction; Multi-Agency Intelligence Sharing; Personal

Identification V-I Authentication.

O/R Countering Violent Extremism and Active Shooter Resource Awareness Terrace

Eric Hall, DHS CVE-AS Program Manager

o To counter violent extremism and prevent active shooter events, the Department of Homeland Security

(DHS) is working with a broad range of government, law enforcement, and civilian partners to gain a

better understanding of the behaviors, tactics and other indicators that could point to potential violent

and/or terrorist activity, and the best ways to mitigate or prevent that activity. One of the venues

utilized by DHS to promote information and intelligence sharing on a broad range of topics is joint DHS

and FBI Countering Violent Extremism and Active Shooter (CVE-AS) web portals on DHS’s Homeland

Security Information Network (HSIN). These portals provide a well-organized listing of topics so users

can quickly locate and access the information relevant to their interests. They provide videos and

training resources as well as a document library with intelligence, federal, academia, outreach

materials, and other resources covering numerous CVE and AS topics. The CVE-AS Fed/LE Portal

provides a forum for the exchange of Unclassified For Official Use Only (FOUO), Sensitive But

Unclassified (SBU) and Law Enforcement Sensitive (LES) information to sworn, full-time, Federal, State

and Local law enforcement officers; federal employees; and military personnel. The Main CVE-AS Portal

shares Unclassified FOUO information with private sector partners, civilian security personnel,

corporate executives, educational institutions/academia, international federal and Law Enforcement

partners, community leaders, and other State and Local partners, as appropriate. Federal and Law

Enforcement users automatically have access to both Portals. In addition to resources, the portals

include information on outreach initiatives, subject matter experts and forums to provide feedback,

share products, and ask questions.

O/R Utilizing Partnerships among Strategic and Tactical Fusion Center Beech

Cecila Garcia, Senior Cyber Intelligence Analyst, Orange County Intelligence Assessment Center

o Both the California State Threat Assessment Center (STAC) and the Orange County Intelligence

Assessment Center’s (OCIAC) operate within the California State Threat Assessment System (STAS), the

award-winning network of California fusion centers. The STAC is a multi-discipline fusion center

focusing largely on strategic threat intelligence in relation to all threats and all hazards facing the state

of California. The OCIAC is a tactical fusion center, focusing on outreach to local stakeholders and

intelligence collection via incident response and case support. The partnership among the OCIAC and

the STAC implements an innovative cyber capabilities function with three defining characteristics: local

reporting, intra-center integration, and inter-center integration. Together, these three distinctive

characteristics constitute a system whose results demonstrate its effectiveness. This arrangement

offers a framework by which small fusion centers with limited cyber capability can lean on the strategic

capabilities of other fusion centers as a means to communicate intelligence. Likewise, the STAC/OCIAC

relationship demonstrates a model by which strategic fusion centers can better integrate regional

reporting into products, acting as a force multiplier given the increased open communication within the

regional intelligence sector. The presentation will identify potential opportunities or best practices for

National Fusion Center partners, and welcome discussion pertinent to areas for improvement across

the FC Network. This presentation will review various UNCLASSIFIED//FOR OFFICIAL USE ONLY

(U//FOUO) case studies that demonstrate both the distinctive characteristics of the OCIAC and STAC’s

Cyber Units, and the centers critical operational capabilities (receive, analyze, disseminate, and gather).

C/A Radicalization, Ideology and Terrorism in the Middle East Magnolia A and B

Ghada Wahdan, Lead Criminal Intelligence Analyst, Colorado Information Analysis Center

o This presentation is intended to provide an introduction to the radical ideology that exists in the Middle

East and its nexus to terrorism, to include an understanding of radical Islam, sectarian division, the

ideology of Jihad in Islam, and social disorganization that leads to destabilization, such as the Arab

Spring. The presentation will also explore the underlying ideology of certain Foreign Terrorist

Organizations (FTOs) and radical organizations such as the Islamic State (IS), Hamas, Hezbollah, Boko

Haram, Al Shabab and the Muslim Brotherhood. Lastly, the presentation will examine the radicalization

process for both domestic and foreign-born extremists, and how propaganda, social media and other

non-traditional forms of messaging are influencing the next generation of terrorists.

12:10 p.m. – 2:00 p.m. Lunch and Speaker Plaza Ballroom

Plenary Presentation:

No Gun Left Behind - New Jersey State Police

The Honorable Suzanne Spaulding, Under Secretary, National Protection and

Programs Directorate , Department of Homeland Security

2:00 p.m. – 2:15 p.m. Break Plaza and Upper Foyers 2:15 p.m. – 3:15 p.m. Break-Out Sessions #8

C/A Joint Assessment Methodology and Challenges Terrace

Lindsay Hovis, Intelligence Analyst Supervisor, Pennsylvania Criminal Intelligence Center

o This presentation will cover the process used to put together the Bakken Crude Oil Trains Joint

Assessment that was released in December 2014, as well as the challenges faced in collaborating with

multiple fusion centers and the private sector (railroads). Eleven fusion centers were involved in the

assessment where Pennsylvania was the primary.

O/R Utilizing Fusion Center Websites to Collaborate with Partners Beech

Dave Hall, Director, Missouri Information Analysis Center

o Presentation of www.MIACX.org and the specialized portals within the website

A. Six regionalized LEO information sharing groups consist of local, state & federal law

enforcement officers.

B. Statewide Intelligence Liaison Officers group consists of members of public safety and

private industry.

C. Statewide organized retail crime group made up of law enforcement officers and retail

investigators.

D. Statewide financial crimes group made up of law enforcement officers and financial crime

investigators.

o This process allows members to share information in a timely manner and, in the case of law

enforcement, better prepare cases for their prosecutor. These projects have provided a bridge

between the intelligence community and other public safety agencies, as well as private partners. It

provides a mechanism for the sharing of information to targeted audiences within specific areas of the

state, as well bordering counties in bordering states. All levels of law enforcement communicate and

participate in the regional intel projects. Retail and financial investigators have better communication

with law enforcement. First responders are provided pertinent information on various items to include

terrorism, making their work safer.

O/R Crime Gun Intelligence Magnolia A and B

Mitchell Ross, Milwaukee Police, Intelligence Fusion Center

Shannon Kail, Crime Analyst, Milwaukee Police, Intelligence Fusion Center

o As of August 2015, the City of Milwaukee experienced a total of 102 Homicides (83 by use of firearm)

and 354 non-fatal shootings. From January to August 2015, the Crime Gun Intelligence Center (CGIC)

provided valuable information on 157 NIBIN Cases (violent firearms) connected to 267 shooting

incidents, with 18 NIBIN cases that involve a 2015 homicide. The Milwaukee IFC established a CGIC in

September 2014 with a more formalized process in March 2015. The CGIC consists of a NIBIN program

& technicians, eTrace/firearm expert, Shotspotter manager, crime analysts, MPD detectives and

officers, ATF Agents, representatives from DOC and probation/parole, district attorney, and supporting

agencies. As a team we utilize the forensics data, technical data, and network analysis to help the

Milwaukee Police Department prioritize cases, areas, and individuals to investigate. Along with above

we have added Training and Outreach for FFL Dealers. This training was developed by the Milwaukee

Fusion Center with the help of other Police Jurisdictions as well as WI. DOJ, ATF, CIB, U S Attorney's

Office, and National Shooting Sports Foundation. This program is a true Fusion Center Outreach and

incorporates NSI-SAR'S, S4 (See Something Say Something") and signs of Criminal Activity /terrorism. It

has been one of several well received outreach programs that help build a relationship between our LE

Partners (at all levels) and Public / Private Sector in order to reduce gun violence and reduce the

number of illegal guns by focusing on “Straw Purchase” education.

C/A Understanding Information Sharing and Analysis Centers (ISAC’s) Walnut

Joe Viens, Director, Enterprise Business Continuity and Crisis Management, Time Warner Cable

Fred Hintermister, Manager, ES-ISAC, NERC

Andy Jabbour, Managing Director, RE-ISAC

Denise Anderson, Executive Director, National Health Information Sharing and Analysis Center

Charles Egli, Lead Analyst, Water Information Sharing and Analysis Center

Michael Arceneaux, Managing Director, Water Information Sharing and Analysis Center

Joshua Poster, Principal Analyst and public Liaison, Surface Transportation and Public Transportation

ISACs

o Building off last year’s ISAC overview presentation, this year, the NFCA has assembled a panel of ISAC’s

representing both lifeline and commercial interests. We will be joined by a panel with representation

from WaterISAC, Electricity Sector ISAC (ES-ISAC), Communications ISAC / NCC, Surface Transportation

& Public Transportation (ST / PT) ISACs and the Financial Services ISAC (FS-ISAC) and moderated by the

Real Estate ISAC (RE-ISAC). The panel will provide overviews of their individual ISAC’s, discuss their

operations, how they partner with government and ways they are or may be able to contribute to and

benefit from the Nation's Fusion Centers. The ISAC’s and their respective members maintain interests

throughout the critical infrastructure environment and work across on all-hazards environment, with

varying levels of focus on cyber threats, terrorism, health and natural hazards.


3:30 p.m. – 5:30 p.m. Closing Plenary Plaza Ballroom

Kerry Sleeper, Assistant Director, Federal Bureau of Investigation

Kshemendra Paul, Program Manager, Information Sharing Environment

Kurt Reuther, Acting Principal Deputy Under Secretary for Intelligence and Analysis, Department of Homeland Security Closing Keynote:

The Honorable Alejandro Mayorkas, Deputy Secretary, Department of Homeland Security Closing Comments:

Mike Sena, President, NFCA

Friday, November 6 8:00 a.m. – 1:30 p.m. Directors-Only Session and Lunch

Documents

2015 National Fusion Center Association Annual Training Event