July 2020 – Page 5 – Law Enforcement, Military, and Terrorism News

CISA RELEASES NEW STRATEGY TO IMPROVE INDUSTRIAL CONTROL SYSTEM CYBERSECURITY

The Cybersecurity and Infrastructure Security Agency (CISA) released a strategy to strengthen and unify industrial control systems (ICS) cybersecurity for a more aligned, proactive and collaborative approach to protect the essential services Americans use every day.

The strategy, Securing Industrial Control Systems: “A Unified Initiative is intended to help architects, owners and operators, vendors, integrators, researchers, and others in the ICS community build capabilities that lead to more secure ICS operations”.

Ultimately, it strives to move CISA and the ICS community beyond reactive measures to a more proactive ICS security focus.

“In recent years, we have seen industrial control systems around the world become a target for an increasing number of capable, imaginative adversaries aiming to disrupt essential services,” said Christopher Krebs, Director of CISA. “As attackers continue trying to exploit vulnerabilities in ICS, we need to make sure we’re staying ahead of them. Together with our partners in the ICS industry and the security community, this strategy will lead us to new, unified initiatives and security capabilities that will markedly improve the way we defend and secure ICS.”

Although ICS owners and operators manage their own security, CISA’s mission is to assist through delivery of a broad portfolio of ICS security products and services, especially when exploitation may threaten people or property or undermines confidence in critical infrastructure safety and reliability.

The CISA ICS initiative is a five-year plan that builds on the collaborative work already done and the existing support CISA provides to the community.

It also elevates ICS security as a priority within CISA, coalescing CISA’s organizational attention around the implementation of a unified, “One CISA” strategy.

The initiative organizes our efforts around four guiding pillars:

Pillar 1: Ask more of the ICS Community, deliver more to them.

Pillar 2: Develop and utilize technology to mature collective ICS cyber defense.

Pillar 3: Build “deep data” capabilities to analyze and deliver information that the ICS community can use to disrupt the ICS cyber kill chain.

Pillar 4: Enable informed and proactive security investments by understanding and anticipating ICS risk.

The CISA ICS Strategy can be found at www.cisa.gov/ICS.

Blogs to Follow:

Cisa.gov (July 2020) CISA RELEASES NEW STRATEGY TO IMPROVE INDUSTRIAL CONTROL SYSTEM CYBERSECURITY

Dismantling of an Encrypted Network Sends Shock Waves Through Organized Crime Groups Across Europe

At a joint press conference on July 2, 2020, French and Dutch law enforcement and judicial authorities, Europol and Eurojust have presented the impressive results of a joint investigation team to dismantle EncroChat, an encrypted phone network widely used by criminal networks.

Over the last months, the joint investigation made it possible to intercept, share and analyze millions of messages that were exchanged between criminals to plan serious crimes. For an important part, these messages were read by law enforcement in real time, over the shoulder of the unsuspecting senders.

The information has already been relevant in a large number of ongoing criminal investigations, resulting in the disruption of criminal activities including violent attacks, corruption, attempted murders and large-scale drug transports. Certain messages indicated plans to commit imminent violent crimes and triggered immediate action. The information will be further analyzed as a source of unique insight, giving access to unprecedented volumes of new evidence to profoundly tackle organized criminal networks.

In recent years, European countries have been increasingly affected by organized crime groups who are pervasive and highly adaptive, posing one of the most pressing security challenges faced by law enforcement and judicial authorities. In this regard, the abuse of the encrypted communication technologies is a key facilitator of their criminal activities.

Since 2017, the French Gendarmerie and judicial authorities have been investigating phones that used the secured communication tool EncroChat, after discovering that the phones were regularly found in operations against organized crime groups and that the company was operating from servers in France. Eventually, it was possible to put a technical device in place to go beyond the encryption technique and have access to the users’ correspondence.

In early 2020, EncroChat was one of the largest providers of encrypted digital communication with a very high share of users presumably engaged in criminal activity. User hot-spots were particularly present in source and destination countries for cocaine and cannabis trade, as well as in money laundering centers.

Given the widespread use of the encrypted telephone solution by EncroChat among international criminal networks around the world, French authorities decided to open a case at Eurojust, the EU Agency for Criminal Justice Cooperation, towards the Netherlands in 2019. Further developments in the investigations led to organizing the processing of the data, which was captured on the basis of the provisions of French law and with judicial authorization, through the frameworks for international judicial and law enforcement cooperation.

The data was in first instance shared with the Netherlands. Eurojust facilitated the creation of a joint investigation team (JIT) between the two countries and with the participation of Europol, the European Union Agency for Law Enforcement Cooperation, in April 2020.

Europol has been actively involved in the investigations led by France and the Netherlands since 2018, relating to the provision and use of encrypted communication services by organized crime groups. Through its role as an information hub and its extensive analytical and technical support system, Europol was able to create and provide a unique and global insight on the scale and functioning of organized crime, as a result of this investigation. This will help law enforcement to combat organized crime in the future more successfully. Europol’s support from the early stages of this JIT included: promoting and arranging international cooperation, providing extensive analytical and financial support, technical expertise and a secured platform for the exchange of information between the countries involved. A large dedicated team at Europol investigated in real time millions of messages and data that it received from the JIT partners during the investigation, cross-checked and analyzed the data, and provided and coordinated with the JIT partners the information exchange to concerned countries.

A large number of suspects have also been arrested in several countries which were not participating in the JIT but particularly affected by the illegal use of these phones by individuals active in organized crime, including in the UK, Sweden and Norway. Many of these investigations were connected with international drug trafficking and violent criminal activities.

At the same time, numerous operational meetings for the daily coordination between the law enforcement entities of the JIT partners and other countries took place at Europol, partly during COVID-19.

Eurojust intensively facilitated the judicial cooperation, during the extensive use of European judicial cooperation instruments such as European Investigation Orders. Throughout the investigation, the JIT members organized five coordination meetings at Eurojust to bring all involved parties together in a secure environment, identify parallel or linked investigations, decide on the most suitable framework for cooperation and solve potential conflicts of jurisdiction.

In France, where the operation takes place under the code name “Emma 95”, the Gendarmerie has set-up a Taskforce since March 2020. With more than 60 officers, the Gendarmerie leads the investigations targeting the EncroChat encrypted telephone solution under the supervision of the magistrates of the JIRS of Lille. The Taskforce has been monitoring the communications of thousands of criminals, leading to the opening of a wide range of incidental proceedings. France does not wish to communicate further on these on-going investigations nor on the results obtained. The considerable resources deployed demonstrate the importance of these investigations and the importance attached to their success in France.

In the Netherlands, where the operation went under the code name “Lemont”, hundreds of investigators have, with authorization of the examining magistrate, followed the communications of thousands of criminals day and night since the operation began to unravel and act on the intercepted data stream. The criminal investigation has been led by prosecutors from the Dutch National Public Prosecution Service and the information has been made available to about a hundred ongoing criminal investigations. The investigation has so far led to the arrest of more than 100 suspects, the seizure of drugs (more than 8 000 kilo cocaine and 1 200 kilo crystal meth), the dismantling of 19 synthetic drugs labs, the seizure of dozens of (automatic) fire weapons, expensive watches and 25 cars, including vehicles with hidden compartments, and almost EUR 20 million in cash. The expectation is that information will be made available in more than 300 investigations. In a number of cases, more arrests are very likely to follow in the coming period.

The interception of EncroChat messages came to an end on 13 June 2020, when the company realized that a public authority had penetrated the platform. EncroChat then sent a warning to all its users with the advice to immediately throw away the phones.

While the activities on EncroChat have been stopped, this complex operation shows the global scope of serious and organized crime and the connectivity of criminal networks who use advanced technologies to cooperate on a national and international level. The effects of the operation will continue to echo in criminal circles for many years to come, as the information has been provided to hundreds of ongoing investigations and, at the same time, is triggering a very large number of new criminal investigations of organized crime across the European continent and beyond.

WHAT IS ENCROCHAT?

EncroChat phones were presented to customers as guaranteeing perfect anonymity (no device or SIM card association on the customer’s account, acquisition under conditions guaranteeing the absence of traceability) and perfect discretion both of the encrypted interface (dual operating system, the encrypted interface being hidden so as not to be detectable) and the terminal itself (removal of the camera, microphone, GPS and USB port). It also had functions intended to ensure the ‘impunity’ of users (automatic deletion of messages on the terminals of their recipients, specific PIN code intended for the immediate deletion of all data on the device, deletion of all data in the event of consecutive entries of a wrong password), functions that apparently were specially developed to make it possible to quickly erase compromising messages, for example at the time of arrest by the police. In addition, the device could be erased from a distance by the reseller/helpdesk.

EncroChat sold the cryptotelephones (at a cost of around EUR 1 000 each) at international scale and offered subscriptions with a worldwide coverage, at a cost of 1 500 EUR for a six-month period, with 24/7 support.

Blogs to Follow:

Europol.europa.eu (July 2020) DISMANTLING OF AN ENCRYPTED NETWORK SENDS SHOCKWAVES THROUGH ORGANISED CRIME GROUPS ACROSS EUROPE

Berkeley County woman admits to willful retention of top secret national defense documents and international parental kidnapping

Elizabeth Jo Shirley, of Hedgesville, West Virginia, has admitted to unlawfully retaining a document containing national defense information and committing international parental kidnapping, Assistant Attorney General John C. Demers and U.S. Attorney William J. Powell for the Northern District of West Virginia announced.

Shirley, 46, pled guilty to one count of “Willful Retention of National Defense Information” and one count of “International Parental Kidnapping.”

Shirley admitted to unlawfully retaining a National Security Agency (NSA) document containing information classified at the TOP SECRET/SECRET COMPARTMENTED INFORMATION (“TS/SCI”) level relating to the national defense that outlines intelligence information regarding a foreign government’s military and political issues.

Shirley also admitted to removing her child, of whom she was the non-custodial parent, to Mexico with the intent to obstruct the lawful exercise of the custodial father’s parental rights.

“When Shirley took classified information from her work with the Intelligence Community and later fled to Mexico, she violated the confidence placed in her by the American people,” said Assistant Attorney General for National Security John C. Demers. “She doubled down on this betrayal when she sought to offer classified information to the Russian government. We are grateful for our law enforcement partners’ timely work to locate and arrest the defendant in Mexico. Given Shirley’s troubling conduct after fleeing the United States, the damage to national security could have been far greater had law enforcement not acted swiftly. Shirley will now be held accountable for betraying the trust of the American people.”

“High level security clearance requires a commensurate level of trust. Shirley breached that trust and attempted to put our country at risk. National security is one of our highest priorities and always will be. Shirley will now face the consequences of her actions,” said William J. Powell.

“Federal government employees and contractors with high level security clearances pledge to protect classified information from foreign adversaries. It’s an essential responsibility in guarding our country’s national security,” said FBI Pittsburgh Special Agent in Charge Michael Christman. “Ms. Shirley had a duty to safeguard classified information. Instead, she chose to break the law and trust placed in her and made plans to pass national defense information to Russian officials, which could have put our citizens at risk. The FBI does not take these violations lightly and will work to hold wrongdoers accountable to keep our country safe.”

Shirley served on active duty with the United States Air Force, and in August 1994, the Air Force granted Shirley her first TS/SCI security clearance.

After leaving active duty, Shirley served in the United States Air Force Reserves and later in the United States Navy Reserves.

While serving in the Air Force, she worked on assignments with the NSA.

From May 2001 to August 2012, Shirley held various positions with the United States Navy’s Office of Naval Intelligence, the Department of Defense, the Department of Energy, the National Cyber Investigative Joint Task Force, and at least five different cleared defense contractors.

In connection with these positions, Shirley held TOP SECRET/SCI security clearances at various times.

In July 2019, Shirley took her six-year-old daughter to Mexico with the intent to make contact with representatives of the Government of Russia to request resettlement in a country that would not extradite her to the United States.

Shirley took with her to Mexico national defense information, which she had unlawfully retained.

While in Mexico, Shirley prepared a written message to Russian Government officials, referencing “an urgent need” to have “items shipped from the USA related to [her] life’s work before they are seized and destroyed.”

On Aug. 13, 2019, the United States Marshals Service and Mexican law enforcement located Shirley and her daughter at a hotel in Mexico City. Mexican authorities arrested Shirley pursuant to an arrest warrant the West Virginia State Police (WVSP) had obtained on a charge of concealment of a minor from a custodian.

The Federal Bureau of Investigation (FBI) subsequently executed search warrants on numerous of Shirley’s electronic devices, including devices she took to Mexico in July 2019 and devices the FBI seized from her Martinsburg storage unit in August 2019.

Pursuant to the search of the storage unit, the FBI located the NSA document underlying the Willful Retention of National Defense Information offense.

In addition, pursuant to searches of the electronic devices, the FBI found an Office of Naval Intelligence PowerPoint presentation containing information classified at the SECRET level and messages Shirley had drafted to Russian Government officials while in Mexico, the latter of which the Central Intelligence Agency has determined to include information classified at the SECRET level.

Shirley faces up to ten years of incarceration and a fine of up to $250,000 for the national security charge and up to three years of incarceration and fine of up to $250,000 for the kidnapping charge.

Under the Federal Sentencing Guidelines, the actual sentence imposed will be based upon the seriousness of the offenses and the prior criminal history, if any, of the defendant.

Assistant U.S. Attorneys Jarod J. Douglas and Lara K. Omps-Botteicher and Trial Attorney Evan N. Turgeon with the Department of Justice’s Counterintelligence and Export Control Section, National Security Division, are prosecuting the case on behalf of the government.

The FBI and WVSP investigated. The Webster County Prosecuting Attorney’s Office cooperated in the investigation and prosecution of the case.

U.S. Magistrate Judge Robert W. Trumble presided.

Blogs to Follow:

Justice.gov (July 2020) Berkeley County woman admits to willful retention of top secret national defense documents and international parental kidnapping

USSF field command structure reduces command layers, focuses on space warfighter needs

U.S. Space Force organizes, trains, and equips space forces in order to protect and defend U.S. and allied interests in space and to provide space capabilities to the joint force.

The Department of the Air Force and the United States Space Force have finalized the new service’s organizational structure for echelons below the headquarters, reflecting the newest branch of the armed forces’ guiding principles of being a lean, agile and mission-focused organization.

The USSF field organization will consist of three echelons of command, where the Air Force currently is organized into five echelons. USSF’s organizational structure will initially consolidate and align all organize, train and equip mission execution from former Air Force space-related units.

“This is the most significant restructuring of space units undertaken by the United States since the establishment of Air Force Space Command in 1982,” said Secretary of the Air Force Barbara Barrett. “Innovation and efficiency are driving our mission as we position the Space Force to respond with agility to protect our nation’s space capabilities and the American way of life.”

In order of hierarchy, the USSF field echelons are named field commands, deltas and squadrons. There will be three field commands aligned with specific mission focuses: Space Operations Command, Space Systems Command, and Space Training and Readiness Command. SpOC and SSC will be led by three-star general officers, and STARCOM will be led by a two-star general.

Deltas will be O-6 led and will be organized around a specific function – operations, installation support, training, etc.

Within the deltas will be squadrons focused on specific tactics. When the field command structure is fully implemented, it will eliminate one general officer echelon and one O-6 echelon of command. Functions formerly performed at the eliminated echelons will be realigned where appropriate within the USSF.

“This is an historic opportunity to launch the Space Force on the right trajectory to deliver the capabilities needed to ensure freedom of movement and deter aggression in, from and to space,” said Gen. Jay Raymond, USSF chief of space operations. “How we organize the Space Force will have a lasting impact on our ability to respond with speed and agility to emerging threats in support of the National Defense Strategy and Space Strategy.”

SpOC will be the primary force provider of space forces and capabilities for combatant commanders, coalition partners, the joint force and the nation.

The staff and operations elements of USSF at Peterson Air Force Base, Colorado, which is also the former AFSPC, will become the headquarters SpOC.

There is an existing unit at Vandenberg AFB, California, named Space Operations Command, which will be renamed upon activation of the field command SpOC.

SSC will be responsible for developing, acquiring, and fielding lethal and resilient space capabilities for war-fighters.

Additionally, SSC will be responsible for launch, developmental testing, on-orbit checkout, and sustainment and maintenance of USSF space systems, as well as oversight of USSF science and technology activities.

Acquisition and development organizations to include the Space and Missile Systems Center, the Commercial Satellite Communications Office, and program offices of space systems transferring to USSF from other DoD organizations will form the building blocks of the new command, which will be built out in the months to come.

STARCOM will train and educate space professionals, and develop combat-ready space forces to address the challenges of the war-fighting domain of space. Complete stand up of STARCOM is scheduled for 2021.

In the interim, a provisional Space Training and Readiness Delta, led by an O-6, will be established in July at Peterson AFB. This unit will serve as the parent organization for a number of education, training, and operational test and evaluation units transferring to the Space Force in summer 2020.

The next activities to stand up USSF field organizations include activation of SpOC, SSC and deltas beginning later in summer.

Blogs to Follow:

Spaceforce.mil (July 2020) USSF field command structure reduces command layers, focuses on space warfighter needs

People’s Republic of China Military Exercises in the South China Sea

The Department of Defense (DOD) is concerned about the People’s Republic of China (PRC) decision to conduct military exercises around the Paracel Islands in the South China Sea on July 1-5.

The designated areas where the exercises are due to take place encompass contested waters and territory.

Conducting military exercises over disputed territory in the South China Sea is counterproductive to efforts at easing tensions and maintaining stability.

The PRC’s actions will further destabilize the situation in the South China Sea.

Such exercises also violate PRC commitments under the 2002 Declaration on the Conduct of Parties in the South China Sea to avoid activities that would complicate or escalate disputes and affect peace and stability.

The military exercises are the latest in a long string of PRC actions to assert unlawful maritime claims and disadvantage its Southeast Asian neighbors in the South China Sea.

The PRC’s actions stand in contrast to its pledge to not militarize the South China Sea and the United States’ vision of a free and open Indo-Pacific region, in which all nations, large and small, are secure in their sovereignty, free from coercion, and able to pursue economic growth consistent with accepted international rules and norms.

The Department of Defense will continue to monitor the situation with the expectation that the PRC will reduce its militarization and coercion of its neighbors in the South China Sea.

We urge all parties to exercise restraint and not undertake military activities that might aggravate disputes in the South China Sea.

Blogs to Follow:

Defense.gov (July 2020) People’s Republic of China Military Exercises in the South China Sea