(U//FOUO) We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security. Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure. However, we assess that Russia’s threshold for conducting disruptive or destructive cyber attacks in the Homeland probably remains very high and we have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.

• (U) Russia’s cyber program is a key element of its broader view and military doctrine of “information confrontation”—a concept that values technical cyber operations and the psychological effects that can be achieved in an information environment, according to a 2021 NATO report. Moscow’s cyber operations are designed to provide flexible options that can be used in both peacetime and wartime to achieve desired end states. Russia almost certainly considers cyber attacks an acceptable option to respond to adversaries because it lacks symmetrical economic and diplomatic responses, according to the Intelligence Community’s 2021 Annual Threat Assessment.

• (U) Russia continues to target and gain access to critical infrastructure in the United States. During a campaign that started in March 2016, Russian Government cyber actors compromised US energy networks, conducting network reconnaissance and lateral movement, and collected information pertaining to industrial control systems, according to a Cybersecurity and Infrastructure Security Agency (CISA) alert.

(U//FOUO) In June of 2021, the Nevada High Intensity Drug Trafficking Area (HIDTA) Drug Enforcement Agency (DEA) Enforcement Group 3 arrested four members of a Drug Trafficking Money Laundering Organization (DTMLO) responsible for selling millions of dollars’ worth of cocaine on the dark web and transporting it through the United States Postal Services (USPS). Federal search warrants were executed at the DTMLO’s primary residences in Las Vegas as well as two stash locations which resulted in the seizure of approximately 12.6 kilograms of cocaine, 13 firearms, approximately $86,000 in bulk currency, 1 vehicle, and numerous luxury motorcycles valued at $450,000. At all locations, electronic devices such as phones, computers, and cryptocurrency devices were located as well as drug records, financial documents, and paperrecovery seeds. Subsequent to the search warrants, over 30 wallets were reconstituted
which allowed for the seizure of approximately $115,000 worth of cryptocurrency. The purpose of this product is to inform law enforcement partners on how to better recognize key indicators of dark web activity while executing search warrants. This includes information to assist law enforcement in positively identifying cryptocurrency devices, electronic applications, and recovery seeds, which is critical for seizing digital assets.

(U) Hardware Wallets and Devices

(U//FOUO) Hardware wallets are commonly used by cryptocurrency investors as well as dark web criminals and are considered the best method to store cryptocurrencies.

This report outlines ongoing work by the Department of Defense to address the threat posed by prohibited extremist activities. The Department of Defense has long prohibited Service members from actively engaging in extremist activities. Since 1969, the Department of Defense has provided policy guidance that enumerates the prohibition of specific activities, and has routinely updated its guidance to clarify prohibited activities, clarify the investigative authorities that commanders have at their disposal, and ensure that all military departments implement training on these policies.

Following a number of high-profile insider threat attacks in the early 2010s, the Department of Defense built a program to detect, deter, and mitigate such threats to the Department, its people, and its mission. In 2019, Congress directed the Department of Defense to review existing policies and capabilities with the aim of closing gaps in personnel security vetting. In 2020, the Army published a comprehensive revision of Army Command Policy (AR 600-20) which was the first of its kind to address the use of social media to support extremist activities and provided guidance to commanders for addressing prohibited activity that crosses the line into misconduct.

In February 2021, Secretary of Defense Lloyd J. Austin III directed a Department-wide stand down to educate Department of Defense personnel on the threat posed by extremist activity. In April 2021, following the stand down, Secretary Austin issued a second memorandum to implement immediate actions identified by subject-matter experts within the Department of Defense (and informed by the stand down), and directed the establishment of the Countering Extremist Activity Working Group (CEAWG) to implement these urgent steps and develop additional recommendations.

ATP 7-100.3 describes Chinese tactics for use in Army training, professional education, and leader development. This document is part of the ATP 7-100 series that addresses a nation-state’s military doctrine with a focus on army ground forces and tactical operations in offense, defense, and related mission sets. Other foundational topics include task organization, capabilities, and limitations related to military mission and support functions. ATP 7-100.3 serves as a foundation for understanding how Chinese ground forces think and act in tactical operations. This publication presents multiple examples of functional tactics in dynamic operational environment conditions. The tactics in this ATP are descriptive, and provide an orientation to tactics gathered from Chinese doctrine, translated literature, and observations from recent historical events.


1-1. China’s view of the strategic environment mirrors that of the United States in many ways. There are, however, key differences in both analysis of the strategic environment and the application of this analysis that underpin important differences in perspective between the two countries. Both the People’s Republic of China—commonly referred to as China—and the United States assess the key elements of the strategic environment discussed in paragraphs 1-2 through 1-9.

1-2. U.S. obligations to allies and partners in the Western Pacific will continue in perpetuity. Key U.S. allies include Japan, South Korea, Australia, New Zealand, and the Philippines.

(U//FOUO) We assess that Iran likely will continue to rely primarily on proxy news websites and affiliated social media accounts to attempt sustained influence against US audiences, while we expect intermittent, issue-specific influence attempts via other means (e.g., e-mails). We base this assessment on Iran’s actions since at least 2008 to build and maintain vast malign influence networks anchored by proxy websites, as well as Iran’s attempts to find new avenues to re-launch established malign influence networks after suspension. Tehran employs a network of proxy social media accounts and news websites that typically launder Iranian state media stories (stripped of attribution), plagiarize articles from Western wire services, and occasionally pay US persons to write articles to appear more legitimate to US audiences.

• (U) The American Herald Tribune (AHT)—an Iranian Government proxy website established in 2015 that purported to be a genuine media outlet—was seized by the US Government on 4 November 2020 for attempting to covertly influence United States policy and public opinion, according to a DOJ press release. However, AHT by at least 16 November 2020 resurfaced on a Canada-based domain, according to AHT’s website. AHT is also known to pay unwitting US persons to contribute to its disinformation campaigns, according to the same website.

• (U) The International Union of Virtual Media (IUVM) since at least August 2018 has maintained a network of proxy accounts and websites posing as news sources that attempted to insert Iranian Government narratives into Western target audiences and to denigrate the United States, Western governments, and other regional adversaries, according to reports from a research institute and a social media analysis firm.

This Handbook focuses on the legal matters pertaining to providing assistance to domestic civil authorities, also known as DSCA. Circumstances involving the exercise of homeland defense authority and capabilities, i.e. “countering air and maritime attacks and preventing terrorist attacks on the homeland,” are beyond the scope of this handbook. Nonetheless, it should be kept in mind that actions taken within the homeland defense function may directly impact the DoD’s DSCA mission once an event has occurred. Likewise, for ongoing events or continuing attacks, DSCA actions may affect homeland defense capabilities.

U.S. military resources include specialized personnel, equipment, facilities, and training that may be useful to civilian law enforcement agencies. The provision of DoD resources, however, must be consistent with the limits Congress placed on military support to civilian law enforcement through the Posse Comitatus Act (PCA) and other laws. Judge advocates must also weigh and advise on the political sensitivity of employing U.S. military forces in law enforcement roles involving U.S. civilians.

This chapter begins with a discussion of the PCA. It then discusses the applicable provisions of the U.S. Code addressing military support to civilian law enforcement and the DoD regulations that implement this guidance. Information relating specifically to counterdrug support is discussed separately in the Chapter 7 due to the size and complexity of this DoD mission.

ATP 3-39.10 provides guidance for commanders and staffs on police operations and is aligned with FM 3-39, the keystone military police field manual. This manual addresses police operations across the range of military operations. Police operations support decisive action tasks (offensive, defensive, and stability or defense support of civil authorities [DSCA]). This manual emphasizes policing capabilities necessary to establish order and subsequent law enforcement activities that enable successful establishment, maintenance, or restoration of the rule of law. While this manual focuses on the police operations discipline and its associated tasks and principles, it also emphasizes the foundational role that police operations, in general, play in the military police approach to missions and support to commanders.

Police operations have historically been understood to comprise of law enforcement missions supporting United States (U.S.) military commanders and efforts to police military personnel, civilians, and family members working and residing on U.S. military bases and base camps. Police operations support to the operational commander and the capabilities inherent within law enforcement organizations will continue to grow in relevance in support of Army operations. Future conflicts and the nature of the threat within the operational environment will increase the relevance of police operations and the need for law enforcement capabilities in support of Army operations. Police operations plays vital role in countering hybrid threats, reducing crime, establishing order, preserving readiness, and enforcing the rule of law.

(U) Criminals and violent extremists continue to seek ways to acquire firearms through the production of privately made firearms (PMFs). PMFs can be easily made using readily available instructions and commonly available tools, require no background check or firearms registration (serial number) under federal law, and their parts have become more accessible and affordable. This, combined with the increase in law enforcement recoveries of nonserialized and counterfeit firearms in criminal investigations, will most likely create increasing challenges in law enforcement investigations, including weapon accountability access and tracking. PMF awareness and identification can aid PMF recovery, prevention of illicit activities including terrorism, and overall first responder and public safety.

(U) NOTE: Many of the activities described herein may involve Constitutionally protected activities and may be insignificant on their own. Action should not be taken solely based on the exercise of Constitutionally protected rights.

(U) PMF-RELATED OBSERVABLE INDICATORS: The following observable indicators may be related to PMF manufacturing and awareness of these indicators by law enforcement and security personnel will increase recognition of possible suspicious PMF use. This awareness, coupled with other factors, may enable the detection and prevention of unlawful violent activity. It is important to note that by themselves, some of the following indicators are lawful and Constitutionally protected and taken alone, would not warrant law enforcement action or additional investigation.