U.S. Official Threat Source Operating Picture
The next stage of WARLOCK-INDEX should treat official U.S. threat coverage as a structured source system. The corpus already has strong defense and IC baselines for major foreign adversar...
Classification: UNCLASSIFIED//OPEN SOURCE
Handling: Public open-source research.
Product ID: WI-ASMT-HOMELAND-2026-0002
Prepared UTC: 2026-06-13T05:58:00Z
Information cutoff UTC: 2026-06-13T05:58:00Z
Scope: Strategic operating picture for official U.S. public threat-source coverage across intelligence, homeland security, law enforcement, sanctions, cyber, border, maritime, counterterrorism, counternarcotics, WMD, and geospatial reference sources.
Exclusions: This product does not provide recommendations, targeting support, collection tasking, investigative direction, enforcement guidance, operational planning, surveillance guidance, tactical instructions, exploit steps, route selection, or domestic political profiling.
Source base: ODNI, CIA, FBI, NCTC, DHS, CISA, NSA, State, Treasury, DEA, ATF, CBP, Coast Guard, DOJ, NGA public source families, and existing WARLOCK-INDEX official-source registers and assessments.
Analytic confidence: High for the source architecture and agency-source roles. Moderate for current document recency across dynamic public agency pages because some product URLs change or block automated verification.
Bottom Line
The next stage of WARLOCK-INDEX should treat official U.S. threat coverage as a structured source system. The corpus already has strong defense and IC baselines for major foreign adversaries. The gap is a wider, indexed source architecture for CIA, FBI, DHS, CISA, NSA, State, Treasury, DEA, ATF, CBP, Coast Guard, DOJ, and NGA public products so readers can understand which agency source family supports which threat category.
The operating picture must remain non-prescriptive. It should organize official public sources about adversarial states, terrorist organizations, nonstate armed networks, transnational criminal organizations, cyber actors, illicit finance, border and maritime threat vectors, WMD concerns, and domestic terrorism or domestic violent extremism as legally and publicly defined categories. It should not turn domestic politics, dissent, protected speech, identity, religion, nationality, journalism, protest, or association into threat labels.
Key Judgments
- ODNI remains the top-level threat baseline. Annual Threat Assessment products provide the public IC-wide frame and should remain the first source anchor for global actor, cyber, terrorism, WMD, regional, and homeland relevance.
- CIA sources are best used for reference, not threat labeling. CIA World Leaders is a current weekly foreign government reference. The World Factbook is now legacy after its 2026 sunset notice and should not carry current country claims without refresh through other official sources.
- FBI and DHS sources define the domestic legal-security lane. FBI terrorism, cyber, counterintelligence, WMD, and TCO pages plus DHS homeland threat products should organize public domestic and homeland security categories. Civil liberties and protected activity boundaries must remain explicit.
- CISA, NSA, FBI, Treasury, and DOJ should anchor cyber threat coverage. Their public advisories and reports can support defensive strategic trend analysis, but WARLOCK-INDEX must avoid exploit, evasion, malware, scanning, or targeting detail.
- Treasury, State, DOJ, DEA, ATF, CBP, and Coast Guard extend the threat map beyond state actors. Illicit finance, sanctions, terrorism finance, narcotics, firearms trafficking, border statistics, maritime security, and public national security cases are source families that connect foreign and domestic effects without requiring operational detail.
- Maps should orient, not enable. CIA legacy maps, CIA World Leaders, State country pages, NGA public references, Coast Guard region sources, and public command maps can help readers understand geography. They should not be converted into targeting maps, vulnerability maps, patrol maps, or live movement products.
Source Architecture
| Source layer | Agencies | Strategic use | Boundary |
|---|---|---|---|
| IC-wide threat baseline | ODNI | Global actor and threat-family frame | Public assessment only; no classified inference |
| Foreign government and map reference | CIA, State, NGA, DoD | Leadership, government, country, theater, and map context | No personal dossiers or targeting maps |
| Domestic law-enforcement threat categories | FBI, DHS, DOJ | Terrorism, cybercrime, CI, WMD, TCO, violent crime source lanes | No political profiling or investigative guidance |
| Cyber defense and threat advisories | CISA, NSA, FBI, ODNI, Treasury | Defensive strategic cyber trend analysis | No exploit steps or operational cyber instruction |
| Designations and illicit finance | State, Treasury, DOJ | FTO, sanctions, terrorist finance, narcotics finance, proliferation finance | No evasion or compliance circumvention |
| Border and maritime threat vectors | DHS, CBP, Coast Guard, DEA, Treasury | Aggregate border, port, maritime, seizure, and transnational crime analysis | No route, patrol, or interdiction detail |
| WMD and proliferation | FBI, State, Treasury, ODNI, DoD, DHS | Strategic WMD risk and nonproliferation source lane | No materials, methods, or vulnerability detail |
Domestic Threat Boundary
WARLOCK-INDEX may cover domestic terrorism and domestic violent extremism only as official public legal and security categories tied to violence or criminal conduct. The source base should emphasize:
- FBI and DHS public definitions.
- DOJ public cases and legal records.
- Treasury risk assessments where they explicitly address terrorist financing or domestic violent extremism financing.
- Civil liberties boundaries, including the distinction between protected speech and criminal violence.
- Aggregate patterns, not personal or community targeting.
WARLOCK-INDEX must not:
- Label lawful political opponents as enemies.
- Treat ideology, religion, ethnicity, nationality, journalism, protest, or association as a threat by itself.
- Produce dossiers on private persons.
- Recommend enforcement, surveillance, disruption, or intelligence activity.
- Reproduce operational guidance from extremist, criminal, or agency sources.
Priority Expansion Lanes
| Lane | Why it matters | First products |
|---|---|---|
| CIA/State/NGA foreign reference | Replaces legacy Factbook dependence with current leadership and geography sources | Foreign government reference source packet |
| FBI/DHS domestic-security source lane | Defines terrorism, cyber, CI, WMD, TCO, and DVE boundaries | FBI/DHS threat source packet |
| CISA/NSA/FBI cyber lane | Adds official defensive cyber source depth | Cyber advisory source packet and tracker |
| Treasury/State/DOJ designations lane | Connects FTOs, sanctions, illicit finance, cyber, narcotics, and proliferation | Sanctions and designations source matrix |
| DEA/ATF/CBP/Coast Guard TCO lane | Expands TCO, border, firearms, narcotics, and maritime sources | TCO source packet and tracker |
| Map and geospatial reference lane | Adds strategic maps and official geospatial references without operational misuse | Map source register and theater map index |
Information Gaps
- DHS, DEA, ATF, CBP, and CISA products sometimes require manual verification because automated checks can be blocked by public web protections.
- The CIA World Factbook should be treated as legacy after its February 2026 sunset notice.
- Official agency pages are not neutral outside analyses; they express public mission, law-enforcement, intelligence, diplomatic, or policy perspectives.
- Public sources do not reveal sensitive collection, classified intelligence, investigative methods, or operational detail.
- Domestic threat categorization requires recurring civil liberties review.