2023: A Banner Year for NJOHSP; NJCCIC's 2023 Key Cybersecurity Takeaways; Interstate Threat Law Increasingly Used to Arrest Domestic Extremists

The New Jersey Office of Homeland Security and Preparedness closed out 2023, marking a banner year of progress, innovation and growth. Some of the agency's noteworthy and milestone accomplishments included: 

New Jersey Suspicious Activity Reporting:

• The Intelligence Management Bureau logged more than a 20-percent increase in suspicious activity reporting from this year to last. 
• NJOHSP's Counterterrorism Watch Desk, which the public can directly reach 24/7 at 866-4-SAFE-NJ or at tips@njohsp.gov, follows up on each and every report received. 

Interfaith Advisory Council:

• The IAC, already one of the largest networks of its kind in the nation, witnessed a participation upsurge this past year - from 4,000 to more than 6,000 members. The IAC provides a forum for collaboration between law enforcement and faith-based groups and is crucial to safeguarding houses of worship in one of the country's most diverse states.

Training:

• A predominant number of law enforcement and public employees completed an impressive 320,000 online courses by way of the Training and Exercise Bureau's NJ Learn portal in 2023.
• The bureau additionally coordinated upwards of 280 instructor-led exercises and courses this past year, much to the benefit of their more than 10,000 participants.

Operations:

• The Operations Bureau increased mission-area activity, completing more than 30 covert surveillance details and nearly 500 tripwire visits, the latter of which tests businesses' knowledge of and response to suspicious activity.

Cybersecurity:

• The New Jersey Cybersecurity and Communications Integration Cell responded to 545 cyber incident reports this past year. Of those reports, "unauthorized access" prevailed as the most commonly occurring incident. NJCCIC urges the public to continue to report cyber incidents to cyber.nj.gov.

Facility Risk Assessments:

• The Infrastructure Security Bureau rounded out the year with a total of 104 facility risk assessments. That sum represents a 73 percent increase when compared to the number of assessments conducted in 2022. Additionally, nonprofits made up approximately 75 percent of those 2023 assessments.

Grant Programs:

• Within its past cycle, NJOHSP administered $9 million for the New Jersey Nonprofit Security Grant Program, a $2 million increase from the previous cycle, and received a record 619 applications. This competitive grant program allows recipients to purchase target-hardening equipment and hire security personnel.
• NJOHSP also saw peak federal NSGP funding of $30.2 million for 2023, an increase of $11.3 million from the previous year. Similarly, a record number of 453 participants in New Jersey applied to the program. FEMA disseminates funding based on each state's risk, vulnerability and consequences. Nationally, New Jersey's funding levels ranked only second to New York's in 2023. The federal funding allows for the acquisition of target-hardening equipment, security personnel and training assets.

Human Resources:

• NJOHSP's Human Resources team was hard at work filling staffing positions across all divisions over the course of the year. In total, NJOHSP hired 23 full-time employees in 2023, adding manpower and fresh insights to its employee rosters.

Cyberattacks affected organizations and private residents in New Jersey throughout 2023, resulting in monetary loss, interruption of services, data exposure and more.

Geopolitical Tensions

As geopolitical tensions increased, nation-state threat actors carried out cyberattacks to advance their political and economic interests and influence. Russia-linked hacktivist groups launched distributed denial-of-service attacks across the U.S. as the Russia-Ukraine war entered its second year. In the fall, in response to the Israel-HAMAS conflict, CyberAv3ngers, an Iranian-backed advanced persistent threat group, allegedly targeted water and wastewater utilities nationwide.

Ransomware 

Ransomware attacks also underwent a notable evolution in 2023, demonstrating a higher level of sophistication and a more calculated approach by cybercriminals. Threat actors are increasingly leveraging vulnerabilities to gain initial access to targeted networks, and the New Jersey Cybersecurity and Communications Integration Cell observed patterns in which APT groups rapidly developed and deployed exploits for vulnerabilities, such as Citrix Bleed, to effectively target public and private New Jersey organizations.

Artificial Intelligence 

Lastly, artificial intelligence and machine learning became conversation starters. Cyber attackers harnessed AI and ML techniques to enhance attacks by automating tasks, adapting to evolving defenses and launching more sophisticated and targeted campaigns. Nation-states and non-governmental groups will increasingly embrace malicious use of AI, such as deepfake technology. Advancements have increased deepfakes' believability, making it more difficult for the general public to accurately distinguish between authentic and synthetic images and videos.

Key Takeaways 

The NJCCIC assesses with high confidence that New Jersey’s public and private institutions, critical infrastructure assets and residents will continue to face an array of cyberattacks. Staying informed, collaborating and prioritizing cybersecurity will be paramount in navigating these challenges in 2024. Visit the NJCCIC website for an in-depth review of its 2023 key cybersecurity takeaways.

In an unprecedented move, the U.S. Department of Justice is increasingly using a federal law, 18 U.S. Code § 875, to arrest ideologically motivated individuals for threatening another person. Between Nov. 20, 2023, and Dec. 20, 2023, the DOJ arrested 25 suspects under the statute, which makes it illegal to use electronic communications to threaten or extort an individual. These individuals include: a Utah man threatening a Palestinian rights organization; a Florida man wishing death on a Jewish organization; a transgender woman threatening to copycat the Nashville, Tennessee, shooter; and a New Hampshire man expressing his intent to kill everyone at a Republican presidential campaign event.

Some scholars attribute the increase in the use of code 875 to several factors:

• It is one of the few laws that can address the full range of domestic extremism ideologies - from the far right to the far left to single-issue extremists and everything in between. 
• As the number of open terrorism investigations continues to rise, the law provides a means to close a case much faster than a traditional domestic terrorism operation. A typical domestic terrorism investigation, not relying on code 875, takes weeks, months and sometimes years to arrive at an arrest.
• A convergence of multiple extremist ideologies makes traditional federal terrorism charges nearly impossible to argue in front of a jury.
• In the past few years, the vast majority of code 875 prosecutions ended with a guilty verdict or an individual pleading guilty before trial.