3 EXECUTIVE OFFICE OF THE PRESIDENT 35 3 3 - 3% OFFICE OF MANAGEMENT AND BUDGET gagwse' WASHINGTON 0 0 20503 53 THE DIRECTOR January 3 201 1 M-1 1-08 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM Jacob J Lew Director SUBJECT Initial Assessments of Safeguarding and Counterintelligence Postures for Classi ed National Security Information in Automated Systems On November 28 2010 departments and agencies that handle classi ed national security information were directed to establish assessment teams to review their implementation of safeguarding procedures Office of Management and Budget Memorandum M-I 1-06 WikiLeaks - Mishandling of Classi ed Information November 28 2010 These assessments were intended to build upon the existing requirement in Executive Order 13526 Classi ed National Security Information for departments and agencies to establish and maintain ongoing self-inspection programs in furtherance of the Executive Branch s comprehensive and enduring effort to strengthen our safeguarding and counterintelligence postures to enhance the protection of classified national security information Please see the attached memorandum from the Director of the Information Security Oversight Of ce ISOO and the National Counterintelligence Executive within the Of ce of the Director of National Intelligence ODNI Their offices will consistent with their respective responsibilities under Executive Order 13526 and Section 1 102 of the National Security Act of 1947 as amended and in coordination with the Of ce of Management and Budget evaluate and assist agencies to comply with the assessment requirement and provide assistance to agency assessment teams Their support will include periodic on-site reviews of agency compliance where appropriate The attached memorandum calls for agency teams to complete their internal assessments by January 28 201 1 Thank you for your cooperation and compliance with the further directions attached to this memorandum Attachment MEMORANDUM FOR Senior Agency Officials Designated Under Section 5 4 d of Executive Order 13526 Classi ed National Security information FROM Robert M Bryant National Counterintelligenee Executixe WilliamJ Bosanko Director Information Security Oi ersight Office SUBJECT lnttial Assessments Pursuant to OffiCe of Management and Budget Memorandum M-l 1-06 WikiLeaks Mishandling of Classified Information November 28 REFERENCES A Office of Management and Budget h'lemorandum Initial Assessments of Safeguarding and Counterintelligence Postures for Classi ed National Security lnfonnation in Automated Systems This Date B Executive Order l3526 Classified NationalSeruritt lnjimnamm December 2009 C Counterintelligcnee Enhancement Act of 2002 as amended Strong and safeguarding postures are necessary to protect classilted national security information You have been charged with directing and administering the implementation of Executive Order 3526 Classi ed National Security lnfonnatitm n the head of your department or agency As such you also have a significant role regarding compliance by your department or agency with the of this memorandum On November 28 QOIO the Office of Management and Budget directed departments and agencies that handle classi ed national security information to establish assessment teams consisting of counterintelligence security and information assurance experts to review their implementation of safeguarding prt'tcedures ln furtherance ol that directive please nd attached a list of existing requirements and questions your department or agency assessment team should utilize as an initial step to assess the current state of your information systems seeurttv Initial Assessments Pursuant to Office of Management and Budget Memorandum WikiLeaks Misbandling ofClassil ted Information November 28 2010 Each Initial assessment should be completed by January le' l and should include the following with respect to the attached list of self-asseSsment questions Assess what your agency has done or plans to do to address any perceived vulnerabilities weaknesses or gaps on automated systems in the post-WikiLeaks environment Assess weakness or gaps with respect to the attached list of questions and fonnulate plans to resolve the issues or to shift or acquire resources to address those weaknesses or gaps Assess your agency's plans for changes and upgrades to current classi ed networks systems applications databases websites attd online collaboration environments as well as for all new classi ed networks systems applications databases websites or online collaboration environments that are in the planning implementation or testing phases in terms of the completeness and projected effectiveness at all types of security controls called for h applicable law and guidance including but limited to those issued by the National Security Staff the Committee on National Security Systems the National institute for Standards and Technology Assess all security counterintelligence and information assurance policy and regulatory documents that lune been established by and for your department or agency We look forward to working with you to implement this initial assessment and to ensure that your agency is best positioned to protect classi ed national security inl'onnation We is ill be in touch with agencies according to a prioritized risk-based schedule in order to schedule discussion of your initial assessments as well as to arrange for subsequent onsite inspections where appropriate We note that some agencies have also been asked to respond to an NCIX Request for Information on Classified Networks and Systems dated December It 2010 in support of National Security Staff tasking We wish to distinguish that request from the requirements of this memorandum Robert M Bryant ljbovk William J Attachment As Stated UNCLASSIFIED Initial Agency Self-Assessment Program for User Access to Classified Information in Automated Systems Each department or agency that handles classified information should assess the agency's and its employees adherence to the policy issuances noted below the requirements to safeguard classified information with an emphasis on their application in automated systems and any process the agency has designed to detect purposeful misuse of information technology systems if your agency does not have any of the required programs processes listed you should establish them The initial Self Assessment items contained in this document pertain to security counterintelligence and information assurance disciplines with emphasis on their application in automated systems They are categorized as follows 1 Management Oversight 2 Counterintelligence 3 Safeguarding 4 Deter Detect and Defend Against Employee Unauthorized Disclosures S information Assurance Measures 6 Education Training 7 Personnel Security 8 Physical Technical Policy References The initial Self Assessment items are drawn from various policy documents listed here 10 11 12 13 0 12963 Access to Classi ed information EC 13526 Classi ed National Security information 32 CFR 2001 implementing Directive for 60 13526 Federal Information Security Management Act of 2002 0 12333 United States intelligence Activities Cou nterintelligence and Security Enhancements Act of 1994 Cou nterintelligence Enhancement Act of 2002 National Security Presidential Directive Security Presidential Directive Cybersecurity Policy Presidential Decision Directive NSC-75 U S Counterintelligence Effectiveness Counterintelligence for the 21st Century Presidential Decision Directive NSC-24 U S Counterintelligence Effectiveness 60 13231 Critical infrastructure Protection in the information Age Committee on National Security Systems Policy ii 26 National Policy on Reducing the Risk of Removable Media Committee on National Security Systems Policy #22 Information Assurance Risk Management Policy UNCLASSIFIED 1 UNCLASSIFIED 14 Committee on National Security Systems Instruction #1253 Security Categorization and Control Selection for National Security Systems dated October 2009 15 Section 1102 of National Security Act of 1947 16 National Security Directive - 42 National Policy for the Security of National Security Telecommunications and Information Systems UNCLASSIFIED 2 UNCLASSIFIED 1 Management 8 Oversight How does your agency ensure the self-inspection programs evaluate the adherence to the principles and requirements of the Executive Order 13526 the Order and 32 C F R Part 2001 the Directive relative to safeguarding of classified information in automated systems 0 Do required assessments cover the certification and accreditation of automated systems with respect to classified information 0 Do required assessments cover safeguarding of classified information speci c to automated systems 0 Are corrective actions developed as indicated in the results lessons-learned Are deficiencies tracked centrally to enable trend analysis 0 Are security education and training programs updated to reflect common deficiencies and lessons learned 0 Are agency policies reviewed regularly to address common deficiencies and lessons learned 0 Does your agency have sufficient measures in place to determine appropriate access for employees to classified information in automated systems 0 During initial account activation setup Periodically to determine if access is adequate to perform the assigned tasks or exceeds those necessary to perform assigned tasks and adjust them accordingly 0 When lT audit activities indicate that employees are exceeding or attempting to exceed their permissions 0 When lT audit activities indicate that removable media has been introduced and or data is being written to removable media and a When iT audit activities indicate that indicate preset thresholds have been exceeded or when employees push data over one-way transfer devices or when data- mining is indicated a How does your agency ensure that the performance contract or other system used to rate civilian or military personnel performance includes the designation and management of classified information as a critical element or item to be evaluated in the rating of all personnel whose duties signi cantly involve the creation or handling of classified information 0 Do supervisors evaluate employee's acceptance and adherence to the security rules for physical security counterintelligence information assurance IA and overall information protection Does this evaluation consider the issues specific to the use of automated systems UNCLASSIFIED 3 UNCLASSIFIED 2 Counterintellience Does your agency have a counterintelligence program if so 0 Describe its mission and functions 0 At what level is it funded annually 0 Are the Cl program personnel graduates of a counterintelligence training program for CI professionals at an intelligence Community lC -based training entity If not when are they scheduled to attend 0 Does the Cl program interface with the information assurance element of your agency 0 To what extent are anomalies that are discovered through your agency's information assurance processes brought to the attention of counterintelligence personnel To what extent has this occurred over the past twelve months Has your agency identi ed its high value information and processes that must be protected What process is in place to update and reevaluate these Describe what if any process your agency employs to regularly receive information to identify which of your agency's information or processes are of priority interest to adversary collectors Does your agency have a process in place to evaluate its contracts acquisitions and procurements for foreign interest or involvement If so please describe the workings of that process 3 Safeguarding How does your agency ensure access to classified information in automated systems is limited to those persons who have received a favorable determination of eligibility from the agency head or their designee b have signed an approved non-disclosure agreement and have a need to know the information How does your agency ensure that procedures are in place to prevent classified information in removable media and other media back-up tapes etc is not removed from official premises without proper authorization How does your agency employ procedures to ensure that automated information systems including networks and telecommunications systems that collect create communicate compute disseminate process or store classified information prevent access by unauthorized persons and ensure the integrity of the information How does your agency employ controls to ensure classified information in an automated systems environment is used processed stored reproduced transmitted and destroyed removable and other media such as obsolete drives or back-up tapes under conditions that provide adequate protection and prevent access by unauthorized persons and which assure that access to classified information is provided only to UNCLASSIFIED 4 UNCLASSIFIED authorized persons and that the control measures are appropriate to the environment in which the access will occur and the nature and volume of the information How does your agency ensure that persons who transmit removable and other media back-up tapes etc or who use automated systems to transmit classified information are held responsible for ensuring that intended recipients are authorized persons with the capability to store classi ed information How does your agency ensure that classified information transmitted and received via automated systems or media is accomplished in a manner which precludes unauthorized access provides for inspection for evidence of tampering and confirmation of contents and ensures timely acknowledgment of the receipt by an authorized recipient How are need to-know determinations made in your agency reflected in your management of automated systems ls classified information that is electronically accessed processed stored or transmitted via automated systems protected in accordance with applicable national policy issuances identi ed in the Committee on National Security Systems CNSS guidance and 503 lC Information Technology Systems Security Risk management Certification and Accreditation Do you employ alternative measures to protect against loss or unauthorized disclosure specific to automated systems Does your agency allow the modified handling and transmission of foreign government information via automated systems If so how do you ensure suf cient safeguarding by using transmission methods approved for classified information unless the method is waived by the originating government How do you ensure that electronic and removable media are properly marked when they contain classified information Do your risk management strategies consider the use of means to identify electronic media that contain classified information How do you ensure that classified information is properly marked when used in the electronic environment Do you control media access devices and ports on your IT systems to prevent data ex ltration Have you instituted management measures to thwart deliberate bypass or circumventing the rules Does your department or agency have a system to ensure that badges clearances and accesses are terminated when an employee no longer requires access UNCLASSIFIED 5 UNCLASSIFIED 4 Deter Detect Defend Against Employee Unauthorized Disclosures - Do you have an insider threat program or the foundation for such a program a Are there efforts to fuse together disparate data sources such as personnel security and evaluation polygraph where applicable IT auditing or user activities and foreign contact foreign travel information to provide early warning indicators of insider threats Is there a collaborative effort between CI IA security Inspector General IG Office of General Counsel and Human Resources Are these established through formal agreements processes and procedures and or policies I What if anything have you implemented to detect behavioral changes in cleared employees who do not have access to automated systems a Are you practicing security sentinel or co-pilot policing practices 0 What metrics do you use to measure trustworthiness without alienating employees I Do you use and sociologist to measure 0 Relative happiness as a means to gauge trustworthiness Despondence and grumpiness as a means to gauge waning trustworthiness 5 InformationAssurance Measures Specific to national security systems NSS that process classified information How do you employ CNSS Policies lssuances Instruction and Advisory Memorandums to certify and accredit your systems I Do you perform Risk assessments and security categorizations in accordance with CNSS NIST and FIPS standards I What steps has your agency taken to implement the latest version of the NIST SP-SOO series guidance on Information Assurance Risk Management and Continuous Monitoring I Do you employ NSA and FIPS to protect classified data in motion and data at rest 0 Do you collaborate with IA security ISSM and ISSO for trends indicating misuse a buse a list of Privileged Users PU who have administrative access to systems and networks and a list of PU and General Users who have media-access read write removable media port privileges How does your agency examine N55 and evaluate their vulnerability to foreign interception and exploitation How do you assess the overall security posture of systems and disseminate information on threats to and vulnerabilities UNCLASSIFIED 6 UNCLASSIFIED Does your agency review at least annually existing risk management processes to ensure compliance with CNSS policy What steps does your agency take to ensure risk assessments are conducted from an enterprise perspective conducting top down assessments and analyzing the compilation of risks by individual information system owners Does your agency require a formal enterprise-level Plan of Actions and Milestones containing systemic information systems and organizational security weaknesses and de ciencies ii risks relating to the identi ed weaknesses and deficiencies requiring further mitigation speci c actions to mitigate identi ed risks What criteria has your agency esta blished and how are they enforced for using removable media with your if your agency permits the use of removable media what safeguards are employed and how are they promulgated and trained How are you complying with if your agency permits the use of removable media 0 How does your agency evaluate the effectiveness for implementing its policy on the use of removable media in national security systems 0 Does your agency share lessons learned and best practices with respect to its use of removable media What actions does your agency undertake to ensure that resources are available to implement its removable media policy incorporating the content of removable media policy into user training and awareness programs publishing and implementing incident response procedures 0 How has it limited the use of removable media on N55 to those operational environments that require these media to achieve mission success and not simply for convenience a What efforts has your agency undertaken to avoid the use of removable media by making maximum use of properly configured and secured network shares web portals or cross domain solutions to transfer data from one location to another What risk management policies has your agency crafted promulgated and implemented to reduce risks to How do you verify their implementation Does the agency restrict use to removable media that are USG-owned and that have been purchased or acquired from authorized and trusted sources 3 Does the agency scan removable media for malicious software using a department or agency-approved method before introducing the media into any operational systems 0 Does the agency prohibit automatic execution of any content by removable media unless Speci cally authorized by the Chief Info Security Officer Are spot checks conducted or how is compliance veri ed Does the agency implement access controls read write protections for removable media How are those controls implemented 3 Does the agency data on removable media using as a minimum the Federal Information Processing Standard FIPS 140-2 UNCLASSIFIED 7 UNCLASSIFIED 0 Does the agency prohibit use of removable media for data transfer from the destination network back to the source network or to any other network unless the media have been erased reformatted and rescanned How do you verify this 0 Does your agency limit the use of removable media to authorized personnel with appropriate training What training is conducted When How is the adequacy of training evaluated 0 Does your agency implement a program to track account for and safeguard all acquired removable media as well as to track and audit all data transfers How are discrepancies handled What discrepancies have occurred within CY 2010 0 Does your agency conduct both scheduled and random inspections to ensure compliance with department agency-promulgated guidance regarding the use of removable media What is the frequency What are the results 0 Does your agency sanitize destroy and or dispose of removable media that have been used in National Security Systems NSS in accordance with a department or agency-approved method when the media are no longer required What double-check or verification procedures exist 6 Education and Training I How does your agency ensure that every person who has access to classified information via automated systems has received contemporaneous training on the safeguarding of classified information How does your agency implement security education and training programls that ensure employees who create process or handle classified information in automated systems have a satisfactory knowledge and understanding of safeguarding policies and procedures specific to automated systems 0 What initial refresher or specialized training is provided to your personnel specific to automated systems and appropriate to their duties and responsibilities 0 What are the methods of delivery your organization uses to provide education training and awareness programs for CI and IA to users of automated systems New hire orientation semi-annual annual courses computer based training Is Cl security information security information systems security social networking incident and or suspicious activity reporting all covered a How does your agency ensure that persons who have access to classi ed information understand their responsibility to report any actual or possible compromise or disclosure of classified information to an unauthorized personls to an official designated for this purpose a Are users of automated systems made aware of confirmed violations of the stated security policy and the rami cations of those actions in order to demonstrate the organization's commitment to its security policies UNCLASSIFIED 8 UNCLASSIFIED Does your training address need to know decisions specific to automated systems Does your training include the penalties for providing false or incomplete information to security investigators during background checks or special security investigations What organizations within your agency manage the security education and training programs for users of automated systems CI Security Is the training separate or combined into an integrated comprehensive and structured CI Security and IA program Are CI Security and IA training materials current and consolidated into a single electronic site for ease of reference Are Rules of Behavior Acceptable Use agreements signed by individuals before they are given facility and network access that acknowledge they understand the information that was presented to them during the training Are the ramifications for violations of security policies and procedures discussed In addition to General User Acceptable Use Agreements referenced above are Privileged User Roles and Responsibilities Acknowledgment Agreements signed Privileged User Network Administrators Network Security Engineers Database Administrators Software Developers etc Have you instituted an insider threat detection awareness education and training programaffected employee performance or participation in security programs How do you follow CNSSI 4000 series with regard to IA Education and awareness training for lnfosec professionals Senior System Managers Systems administrators Systems Certi ers and Risk How do you ensure personnel are informed of CNSS Advisory Memorandums regarding Insider Threats to USG Information Systems 0 Web Browser Security Vulnerabilities 0 00000 Firewall Guard protection methods The IA Approach to Incident Management 7 Personnel Security Have you established a comprehensive personnel security program If so please describe your investigative adjudicative and continuous evaluation processes Do you train your adjudicators to look for insider threat indicators Have you conducted a trend analysis of indicators and activities of the employee population which may indicate risky habits or cultural and societal differences other UNCLASSIFIED 9 UNCLASSIFIED than those expected for candidates to include current employees for security clearances Do you have a foreign travel contacts reporting process or system that identi es unusually high occurrences of foreign travel contacts or foreign preference in the investigative subject pool 0 Does your CI organization have access to the information 0 Do you have mandatory pre-and post-travel briefings for government and contractors 0 Does your agency have a program to control foreign visitors Do you require reporting of official and non-of cial travel contacts 0 Under what circumstances are employees not required to report foreign contacts 0 If you don't have a foreign travel reporting process do you plan to establish one What is the timefra me 0 Do you capture higher than usual occurrence of unauthorized disclosures or security violations 0 Do you track circumstances whereby certain employee candidates have applied to multiple departments or agencies seeking employment with access to classified information 0 Do you capture evidence of pre-employment and or post-employment activities or participation in on-Iine media data mining sites like WikiLeaks or Open Leaks Do you receive regularly updated threat and vulnerability reports that support 0 Your risk management decisions Your training and educations program and o- Your personnel and physical technical security programs Do you collaborate among the counterintelligence personnel security and polygraph programs for indications of Cl activities both targeted at your agency and from within Do you have access to 1 Facility and IA certification and accreditation reports and 1 Facility and IA Plans of Action and Milestones for resolving known identified de ciencies How and to what extent does your agency interface with the FBI of foreign intelligence concerns Is your agency familiar with reporting requirements to the FBI under section 811 of the Counterintelligence and Security Act of 1994 Has your agency field an 811 report to the FBI in the previous twelve months Is your department or agency familiar with the Department of Justice CES requirements relative to media leaks Are you conducting liaison with internal and external investigative activities related to employee security or suitability issues 1 Monitoring FBI investigations subsequent to 811 referrals and 0PM for deba rment removal actions of employees subsequent to wrongful acts Are all employees required to report their contacts with the media UNCLASSIFIED 10 UNCLASSIFIED 8 Physical Technical Security Has your agency developed annual reports of the status and welfare of the secure facilities that Support the protection of classified information and mission accomplishment Has your agency conducted a trend analysis for activities and events affecting information protection at any particular site or a group of sites Do you look for unscheduled maintenance or unusual failures of security hardware which might indicate end-of life deficiencies or insider manipulation Are Technical Surveillance Countermeasures employed in areas where sensitive information is discussed UNCLASSIFIED 11 OFFICIAL USE ONLY FEDERAL BUREAU OF INTELLIGENCE BULLETIN Directorate of lntelligence Cyber Intelligence Section 14 September 2011 Anonymous Participation in Day of Rage Protest May Coincide with Cyber Attack The FBI assesses that the hacktivist group Anonymous is likely to participate in the Day of Rage protest scheduled for 17 September 20 in New York City s nancial district While the extent of group members participation in the event is unknown in late August 201 1 Anonymous endorsed the event through propaganda consisting of a video posted on YouTube and a campaign poster as well as references in their Twitter accounts l UNCLASSIFIED in the past Anonymous has been Involved in physical protests that coincided with planned cyber attacks This could indicate an intention to conduct a cyber attack in conjunction with the Day of Rage protest in August 20 1 Anonymous planned multiple protests against San Francisco s Bay Area Rapid Transit BART These physical protests which became violent and resulted in numerous arrests were combined with cyber intrusions that defaced Web sites and compromised the personal information of BART police officers 2 Anonymous planned to conduct a distributed denial of service attack on I Quantico facilities on 20 March 201 to coincide with the physical protests at the base - - nrnmun uni against the incarceration of Private First Class um mm - Bradley Manning 3 While a physical protest did occur there was no successful attack U Propaganda poster used by Anonymous to endorsc the Day of Rage protest U Anonymous plans to release a new tool to the public called RefRef in September 201 1 according to open source reporting Anonymous has tested this tool with successful attacks on WikiLeaks Pastebinb and 4chan org 4 Currently it is unknown if the release date U A distributed denial of service is a type ol'attaek that floods a network with so many requests for in formation that regular service is slowed or interrupted U Pastebin is a Web application that allows users to post portions of text for public viewing OFFICIAL USE ONLY OR OFFICIAL USE ONLY will correspond with the Day of Rage protest U Day of Rage Protest U The Day of Rage is a physical protest against US capitalism that is being organized by several activist groups Open source reporting claims that non-violent civil disobedience will occur during this event on l7 September 201 in New York City s nancial district Similar protests may take place in cities around the world such as Tokyo London Frankfurt Madrid Sydney and Toronto to coincide with the Manhattan protest UNCLASSIFIED U Memo to Volunteers from the Day of Rage Organizers On September 17 we want to see 20 000 people ood into lower Manhattan set up tents kitchens peaceful barricades and occupy Wall Street for a few months Once there we shall incessantly repeat our one simple demand until Barack Obama capitulates is a very real danger that if we naively put our cards on the table and rally around the overthrow of capitalism or some equally ouhvorn utopian slogan then our 'l'ahrirll moment will quickly nle into another inconsequential ultra-lefty spectacle soon forgotten But if we have the canning to come up with a deceptively simple Trojan Horse See you on Wall St Sept 17 Bring Tent is an Arabic word meaning liberation and may refer to the January EDI Tahrir Square protest in Cairo Egypt U Exammercom Beunue the US 'day ofrage' September National Conservative Examiner com exam Iner I U Outlook and Implications The FBI judges based on the outcomes of other physical protests that Anonymous has been involved in such as group s endorsement of the Day of Rage protest could increase media attention and attendance for this event The reported release of RefRef on 17 September 2011 may lead to cyber attacks such as attacks in addition to the physical protests scheduled for this date The potential for cyber attacks could lead to a disruption of service or a release of sensitive information Since these protests are focused on nancial services if a cyber attack were to occur nancial institutions could be targeted This intelligence bulletin addresses the FBI lntelligence Collection Requirements for Cyber Intrusions l-lacktivists l U This product has been prepared by the Domestic Threats Cy ber Intelligence Unit of the FBI Comments and queries may be addressed to the Unit Chiefat U 4chan org is an onlinc Web site where individuals can hold conversations by posting messages and images OFFICIAL USE ONLY 2 OR OFFICIAL USE ONLY U Endnotes I U Onlinc Article Dave Neal 25 August 201 l Anonymous Sets its Sights on Wall Street last accessed 8 September 201 l 2 U Onlinc Article Vivian Ho 22 August 20 l Anonymous Planning Another BART Protest station last accessed 12 September 2011 3 U Online Article CBC News l0 March 20 l Pro-WikiLeaks Activists Target Base Holding Bradley Manning last accessed 13 September 201 4 U Online Article Steve Regan I September 201 l WikiLcaks Knocked Of ine by Anonymous Rchel' due Sept last accessed 8 September 20 l 5 U Onlinc Article Anthony Martin 21 August 201 1 Beware the US Day of Rage September 17 7 last accessed 8 September 201 l OR OFFICIAL USE ONLY 3 OR OFFICIAL USE ONLY Distribution FBI Intranet Sl LEO LNI OR OFFICIAL USE ONLY 4 OFFICIAL USE ONLY FBI Customer Satisfaction Survey Please take a moment to complete this survey and help evaluate the quality value and relevance of our intelligence product Your response will help us serve you more effectively and ef ciently in the future Thank you for your cooperation and assistance Please return to Federal Bureau of Investigation Editorial Review Unit 935 Ave NW Room 11079C Washington DC 20535 Customer and Product Information Intelligence Product Title Anonymous Participation in Day of Rage Protest May Coincide with Cyber Attack Dated i4 September 20 i Customer Agency Relevance to Your Intelligence Needs l The product increased my knowledge of an issue or topic Check one 5 Strongly Agree 4 Somewhat Agree Neither Agree or Disagree 2 Somewhat Disagree i Strongly Disagree Actionable Value 2 The product helped me decide on a course of action Check one 5 Strongly Agree 4 Somewhat Agree 3 Neither Agree or Disagree 2 Somewhat Disagree 1 Strongly Disagree Timeliness Value Somewhat Disagree Strongly Disagree 3 The product was timely to my intelligence needs Check one Strongly Agree 4 Somewhat Agree 3 Neither Agree or Disagree 2 i ERU INTERNAL USE ONLY Product Tracking _lB 1393 Return To Comments please use reverse or attach separate page if needed OFFICIAL USE ONLY 5