sign in sign up
<<
Home , Behavioral Science Unit

VOLUME 1 · ISSUE 3

THE CYBERSECURITY EMERGENCY 20

SPOTTING INCIDENTS OF HUMAN TRAFFICKING — AND RESPONDING 16

THE FIRST RESPONDER SUICIDE & PTSD CRISIS 26

PROTECTING THE GRID AGAINST EMPS 32

VOLUME 1 | ISSUE 3 1 TABLE OF CONTENTS

COVER STORY 20 | The Cybersecurity Emergency VOLUME 1 · ISSUE 3

Official Magazine of

Working to Safeguard Chicago̕s Critical Infrastructure

Editorial Office:

4701 Midlothian Turnpike, Ste. 4 Crestwood, IL 60445 Group Information Security Leader Andrew Munger advises on Phone: 708-293-1430 | Fax: 708-293-1432 the current state of cybersecurity, how it’s evolving, and what you E-mail: [email protected] need to know to keep up. www.imamagazine.org IMA 16 | Spotting Incidents of Human The(ISSN Chicago 1553-5797) InfraGard Members Alliance Traffi cking — and Responding is published four times per year for

Fanning Communications by Special contributor Ingri Hartwig presents a report on 4701 Midlothian Turnpike, Ste. 4 the tragedy of human trafficking, exploring how to spot it Crestwood, IL 60445 and how to respond appropriately when you do. Publisherwww.fanningcommunications.comEditor/ Graphic Designer 26 | The First Responder Suicide & ̕ J��� J. F������ PTSD Crisis [email protected] D� A��� C���� [email protected] Writer

K��� J. P������� Susan DeGrane interviews Academic Sector Chief Dr. Editor/[email protected] M��� S����� Nancy Zarse on the subject of first-responder PTSD Graphic Designer [email protected] and suicide, and takes on on-the-ground look at dealing Programmer with the crisis with Fr. Dan Brandt of the Chicago Police Chaplains Ministry. M����� M. B������ [email protected] J����� N������� 32 | Protecting the Grid Against Accounting/[email protected] EMPs

Subscription rate is $49.99 per year inJ�� the UnitedK��� States and Canada; $110.00 per year in all [email protected] foreign countries. POSTMASTER: Send address changes to 4701 Midlothian Tpk., Ste. 4, Crestwood, IL 60445. All statements, including product claims, are those of the person or With the emerging threat of electromagnetic pulse (EMP) organization making the statement or claim. The publisher does not technology, it’s time for those who manufacture and adopt any such statements as its own, and any such statement or claim does not necessarily reflect the opinion of the publisher. protect America’s critical infrastructure to re-assess and © 2014 Fanning Communications, Inc. re-evaluate the priority of its defense.

2 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 3 3 TABLE OF CONTENTS

7 | President’s Message 9 | SAC’s Message

BOARD OF DIRECTORS 10 | Intelligence Briefing 12 | Obama Signs Order Creating

President New Cyber Sanctions Program Paul Sand 14 | Internet Outages Reveals Gaps AVP, Independent Security Officer, Federal Home Loan Bank of Chicago In U.S. Broadband Infrastructure Vice President Erik Hart 15 | Member Notes Director, Information Security Solutions, Leo Burnett and Arc Worldwide 25 | Most Wanted Programming Director 29 |Inmate Escapes From Eastern Jo Ann Ugolini Security and Investigations, Hillard Heintze Illinois Jail Treasurer/Membership Director Thomas Elward 30 | Shaping the Next Generation Infrastructure Protection, Exelon 35 | New Technology Secretary/ Communications Director John Fanning 36 | InfraGard Member Focus: President & CEO, Fanning Communications, Inc. Lizabeth Lehrkamp At-Large Director Bruce M. Bina Vice President of Product Development & She was honored with the 2014 Design, Adaptive Rescue Concepts, ARC LLC InfraGard Coordinator of the Year At-Large Director award, but there’s much more to Amy Bogac the Lizabeth Lehrkamp story. Director, IT Security Operations, Walgreens At-Large Director Erick Nickerson 39 | Industry Event Calendar Partner and Marketing Specialist, CCG Solutions, LLC. At-Large Director Jill Czerwinski Senior Manager, Crowe Horwath At-Large Director Edward Marchewka Information Security Manager, Chicago Public Schools IMA/FBI Liaison Kathy Hug Special Agent, Federal Bureau of Investigation

4 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 3 5 PRESIDENT’S MESSAGE

Greetings, Members:

Cybersecurity is the dominating topic for many enterprises today and thus is a timely and important topic for this magazine to consider.

The number of threat actors that desire to do us harm grows each and every day, and those actors are becoming increasingly better funded and more skilled. Nation-state-driven actors seek to gain economic and military advantage through intellectual property theft, competitive intelligence gathering, and preparedness to successfully attack critical infrastructure. Criminal actors seek to divert funds, defraud enterprises and consumers, and steal personal financial information. Such strong motivations coupled with available funding have developed a strong market for hacking tools that have Paul Sand, President lowered the bar for the skill level required to conduct attacks against us. More InfraGard Chicago attackers with better tools, rich resources and strong motivations make this a Members Alliance critical concern.

Enterprises are faced with increased spending to control the risk that the threat actors present to the livelihood of their businesses. This spending is growing without an end in sight. It challenges the economic viability of the enterprise and slows the cycle of innovation by making fewer resources available to build better and more efficient new products and services. New approaches to the management of cyberrisk must emerge.

The number of skilled, well-qualified cybersecurity professionals still lags behind the demand for the services they provide to U.S. companies. As a result, many information security departments are forced to operate with inadequate resources making them more vulnerable to attack today, and reducing the time available to innovate and prepare for the future.

I don't raise these topics to paint a bleak picture, but because I am optimistic that by focusing our attention on the right issues we can devise strong, economic cyberdefense capabilities. So, please read this issue, understand the significant challenges we face, and put your creativity to work to develop the solutions we need.

Thank you for your attention.

Sincerely, Paul Sand Paul Sand, President InfraGard Chicago Members Alliance

6 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 3 7 SAC’S MESSAGE

Greetings,

With this second edition of IMA magazine, InfraGard continues its mission of bringing insight and experience-tested knowledge to professionals engaged in the security of our nation’s critical infrastructure. This quarter’s issue focuses on several topics, but none more so than the ever-more-complex task of cybersecurity.

As our society grows increasingly dependent on the technologies that surround us every day, the methods of threat actors working to exploit vulnerabilities for profit or strategic advantage grow increasingly sophisticated. It isn’t enough to keep up with the mentality of the hackers here and abroad who would harm our infrastructure and economy — we Robert J. Holley, have to stay ahead of them. We do this by being proactive in our approach Special Agent in Charge to cybercrime and cyberterrorism; by rooting out our own vulnerabilities FBI Chicago Division before the enemy has the opportunity to exploit them. As Andrew Munger’s cover story points out, stopping crippling online breaches isn’t merely a matter of knowledge, but of a deliberate mindset bent on their prevention.

Of course, cybersecurity is far from the only concern facing security professionals today. Accordingly, you will find a number of other useful and informative features in this issue, from the alarming scenarios arising from possible electromagnetic pulse (EMP) events and attacks to managing the toll that first responders’ jobs can have on their mental and emotional wellbeing.

I encourage you, as a security professional, regardless of your sector of concern, to take a serious look at the content of this month’s IMA, and to share it with others in your profession. This is what IMA magazine is for: to share the information and best practices that help first responders and other security professionals to protect our critical infrastructure. RobertSincerely, J. Holley

Robert J. Holley Special Agent in Charge FBI Chicago Division

8 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 3 9 INTELLIGENCE BRIEFING

Uber data breach impacts 50,000 current and former drivers. violated the False Claims Act from September 2008 to second reactor and the power grid remain stable while the after carbon monoxide levels were reduced to a safe level March 2012 by originating and underwriting mortgage reactor idles until it is place back into service. Feb. 14. Uber determined in September 2014 that their internal loans insured by the Federal Housing Administration Man arrested after setting five cars ablaze (FHA) that did not meet underwriting requirements. Former EMT arrested for HEMSI station fire. database was breached in May without authorization by outside Ventura County Government Center. an unidentified third-party who accessed the information MetLife was allegedly aware of the accused violations of 50,000 former and current drivers, which included through its internal quality control measures and A former Huntsville Emergency Medical Services, Inc., names and driver’s license numbers. Uber changed access reportedly downgraded its sub-standard FHA loans to Police took a man into custody after he allegedly set (HEMSI) employee was arrested Feb. 10 in connection to protocols and locked down the database while continuing appear to have fewer issues. fire to five cars in the parking lot of the Ventura County starting a fire Feb. 7 that destroyed the HEMSI station in to investigate the incident. Ramnit botnet shut down. Government Center in California Feb. 21, rendering three Huntsville, Ala. The former employee was fired in February SEC halts Ponzi-like scheme by purported cars a total loss while a fourth had moderate damage. The 2014 and is also connected to other ambulance burglaries venture capital fund manager in Buffalo. suspect was found near the cars after setting them ablaze in the area and surrounding counties. Europol Cybercrime Centre (EC3) investigators, Microsoft, and hospitalized after California Highway Patrol officers Ex-CIA officer convicted of leaking secrets to spotted the fire, which impacted four cars belonging to the AnubisNetworks, and Symantec carried out an operation reporter. The U.S. Securities and Exchange Commission charged a to shut down the Ramnit botnet’s seven command and county. New York-based supposed venture capital fund manager control (C&C) servers and redirected traffic from 300 Accused Russian hacker to face charges in US Feb. 27 for allegedly using his firms Archipel Capital LLC domains used by the botnet. EC3 estimated that more court. A former CIA officer was convicted by a jury in Virginia and BIM Management LP to solicit money from investors than 3.2 million Windows computers have been infected Jan. 26 for leaking details of a covert mission regarding for the purchase of 230,000 pre-IPO Twitter shares, with the botnet via spam campaigns, phishing scams, and Iran’s nuclear program to a New York Times reporter, who of which he only purchased 80,000 shares, and using drive-by downloads that installed malicious code to grant A Russian national was extradited to the U.S. and charged published the leaks in a book in 2006. attackers access to banking credentials and other log-in three unrelated funds and Ponzi-like payments with fake Feb. 17 in New Jersey for his alleged involvement in an Chemical spill forces evacuation in documents to pay investors. information. international scheme that stole more than 160 million Waxahachie. Fall River wastewater plant fails, spills New DDoS attack and tools use Google Maps credit card numbers resulting in hundreds of millions of dollars in losses to consumers and financial institutions 600,000 gallons into Mount Hope Bay. plugin as proxy. including Dow Jones, 7-Eleven, Nasdaq, Visa, and JetBlue. Authorities are investigating after a 300-gallon container, The suspect, arrested in the Netherlands in 2012, allegedly dubbed a “tote,” was being moved at the hacked victims’ networks to gain access to usernames According to the Rhode Island Department of PLXsert security researchers discovered that attackers Magnablend Texas Liquid Facility in Waxahachie Jan. 26 and passwords, credit card and personal identifiable Environmental Management (DEM), a failed bleach are exploiting a known vulnerability in Joomla’s Google when a reaction occurred and caused the tote to rupture, information, and sold them to resellers around the world. pump at the Fall River Regional Wastewater Treatment in Maps plugin by spoofing the sources of requests, causing spilling sodium chlorite and prompting an evacuation of Massachusetts prompted the discharge of an estimated results to be sent from proxies to their denial of service Ongoing cyber attack on banks worldwide the facility. Responders cleared the scene and lifted an 600,000 gallons of non-disinfected wastewater Feb. 25. (DDoS) targets. Researchers identified more than 150,000 creates billion-dollar loss. evacuation order for all buildings within a half-mile radius The spill prompted the DEM to close both Mount Hope potential Joomla reflectors on the internet, many of which of the plant after the spill was contained. remain vulnerable to be used for this type of attack. Bay and Kickemuit River to shellfishing until March 5 after CDC: 115-case Salmonella outbreak linked to technicians rebooted the computer system and restarted Anthem says hack may affect more than 8.8 Kaspersky security researchers discovered that cyber bean sprouts is officially over. the pumps. million other BCBS members. criminals robbed over 100 financial institutions worldwide of up to $1 billion by using spear-phishing Arizona authorities probe vandalism that cut attacks exploiting two vulnerabilities in Microsoft Office The U.S. Centers for Disease Control and Prevention issued and one vulnerability in Microsoft Word to install malware off Internet, phones for hours. Anthem Inc., announced Feb. 24 that 8.8 million to 18.8 its final report into a Salmonella outbreak connected to and infiltrate institutions’ networks. The attackers cashed million members of other Blue Cross Blue Shield health Wonton Foods Inc. bean sprouts Jan. 23 and declared that in by instructing ATMs to dispense money at specific insurance plans may have been affected by a breach the outbreak was over after causing at least 115 illnesses Officials announced Feb. 26 that vandalism caused an times without payment cards, opening accounts with fake reported by the company in February. Anthem updated in 12 States in the Northeast region of the U.S. Wonton Internet, cellphone, and landline outage in northern balances, and artificially inflating account balances of the total number of records accessed in the database to Foods agreed in November 2014 to destroy remaining Arizona for more than six hours Feb. 25 after CenturyLink 78.8 million customers, including 14 million incomplete bank customers and then transferring the surplus to their employees and Phoenix police found a cut fiber-optic products while their facilities underwent a thorough records. accounts in China and the U.S. cable. Crews restored services that impacted a 100-mile cleaning and sanitization before the company resumed Valve leak shuts down Limerick nuke plant. More than 100 firefighters assist on shipping bean sprouts Nov. 29. area stretching between Phoenix to Flagstaff. Fitchburg CO incident. MetLife unit to pay $123.5 million for alleged mortgage fraud. One of two reactors at Exelon Nuclear’s Limerick Generating Station experienced an abrupt “hot shut-down” The EcoStar plastics production facility in Fitchburg, Wisc., Feb. 23 when a leak in a nitrogen supply line caused an was evacuated Feb. 13 due to elevated levels of carbon The U.S. Department of Justice announced Feb. 25 that Met unexpected closure of one of the main steam isolation monoxide that resulted from a chemical reaction inside Life Home Loans LLC will pay $123.5 million to resolve valves, sending steam to the unit’s electrical generator. a pellet storage bin. HAZMAT crews worked 17 hours to accusations that the company, doing business as MetLife The U.S. Nuclear Regulatory Commission was notified of remove about 7,000 pounds of hazardous materials and 10BankINFRAGARD at the time CHICAGO of the MEMBERSalleged infractions, ALLIANCE knowingly the unplanned scram, and officials stated that the plant’s plastic pellets from the area, and the building was cleared VOLUME 1 | ISSUE 3 11 “We are excited about this new tool that will allow us to for years. Major U.S. companies, including Target and expose and isolate those behind malicious cyberactivity,” Home Depot, have been the target of criminal hacking that said John Smith, who directs the Treasury Department put consumer information at risk. division that will administer the sanctions. Foreign intelligence services are probing and penetrating Obama said the sanctions would apply to those engaged critical infrastructure, including U.S. power grids, so that in malicious cyberactivity that aims to harm critical they can inflict damage in the event of a conflict, American infrastructure, damage computer systems and steal trade intelligence officials have said publicly. secrets or sensitive information. To be subject to sanctions, The sanctions, which would name the targets, seize their U.S. funds and ban them from the American finanical system, would also apply to "a corporation that knowingly profits from stolen trade secrets," the White House said.

the hacking would have to be deemed to have harmed the They have also alleges that hackers based in Russia and national security or the economic health of the U.S. China are engaging in a widespread pillaging of corporate trade secrets, some of it state-sponsored. Former National The sanctions, which would name the targets, seize their Security Agency director Keith Alexander has called that U.S. funds and ban them from the American financial the greatest illicit transfer of wealth in history. China and On April 1, President Barack Obama authorized a new U.S. government approach to deterring cyberattacks: financial sanctions against system, would also apply to “a corporation that knowingly Russia deny any role in the cyberthefts. malicious overseas hackers and companies that knowingly benefit from the fruits of cyberespionage. (AP Photo/Susan Walsh, File) profits from stolen trade secrets,” the White House said. U.S. intelligence and law enforcement officials have long Last May, the Justice Department issued criminal possessed evidence that state-owned companies in China indictments against five Chinese military hackers it and elsewhere are complicit in economic cyberespionage accused of cyberespionage against U.S. corporations for that targets the intellectual property of Western economic advantage. FBI director James Comey said at Obama Signs Order Creating companies, but they have largely been unable to act on it. the time the spying was to benefit Chinese companies, but he neither named the companies nor took formal action The administration has “really thought about how to make against them. this painful to the beneficiaries,” of cyberspying, said New Cyber Sanctions Program James Lewis, a cyber expert with the Center for Strategic U.S. officials say they have gotten better at tracing the and International Studies. “They’ve gotten away with this source of cyberattacks, a notoriously difficult thing to do, for a long time, so making them suffer a little for stealing is given that their origins can easily be disguised. a good idea.” The sanctions are “a new powerful tool that we intend By Ken Dilanian The announcement follows the Obama administration’s to use,” said John Carlin, assistant attorney general for AP Intelligence Writer allegations that North Korea was behind last year’s national security, who said the government is applying cyberattack on Sony Pictures. The U.S. did sanction several lessons “learned in our battle against terrorists and WASHINGTON (AP) — President Barack Obama on April 1 “Cyberthreats pose one of the most serious economic North Korean individuals in retaliation for the Sony hack, proliferators.” authorized a new U.S. government approach to deterring and national security challenges to the United States,” but they were not targeted specifically for their role in that cyberattacks: financial sanctions against malicious Obama said in a statement after signing an executive order incident. APHe Whiteadded, House “There correspondent is no free pass Julie in the Pace cyberarena.” contributed to this overseas hackers and companies that knowingly benefit creating the first sanctions program aimed at cyberattacks. report. from the fruits of cyberespionage. In February, James Clapper, the director of national The order was the latest attempt by his administration to intelligence, listed cyberattacks as the most pressing The latter category could include state-owned come up with options short of direct retaliation to deal danger facing the country, and he said the cyberthreat corporations in Russia, China and elsewhere, setting the with a growing cyberthreat coming from both nations from Russia “is more severe than we had previously stage for major diplomatic friction if the sanctions are and criminal groups. It gives the U.S. the authority to assessed.” employed in that way. levy sanctions on individuals and companies, though no 12 INFRAGARD CHICAGO MEMBERS ALLIANCE specific penalties were announced. U.S. officials have been warning of a growing cyberthreats VOLUME 1 | ISSUE 3 13 NEWS MEMBER NOTES

Donna Kobzaruk Founds Women in Security’s Lean In(to) Internet Outages Reveal WIS ASIS International’s Women in Security (WIS) Council has a new pilot program — Lean In(to) WIS — thanks to Donna Kobzaruk, vice-president Gaps in U.S. Broadband and Midwest regional security manager at JP Morgan Chase. The program is based on the Lean In Circles and through it, eight to 10 men and women will meet virtually to discuss topics based on suggested articles and Infrastructure videos to learn new skills and develop relationships among WIS members. Kobzaruk will coordinate the program. She introduced the pilot program as the first quarter speaker on Jan. 28 for the 2015 Ask a Mentor Series. Kobzaruk is on the ASIS WIS Committee Leadership & Management Practices Council. By Felicia Fonseca and David A. Lieb Associated Press Donna Kobzaruk, decades ago, the federal government has taken no steps to Midwest Region Security Manager, require Internet companies to have backup systems, even JP Morgan Chase as it has provided billions of dollars in subsidies to expand broadband Internet into unserved areas.

“Our first responsibility is to make sure that people actu- ally have service,” said Agriculture Secretary Tom Vilsack, co-chairman of President Barack Obama’s newly created Dr. Terry Donat Co-Presents Plenary Session at Orlando, Broadband Opportunity Council. Fla., Consortium

In northern Arizona last month, tens of thousands of residents were without Internet service — some for up Terry Donat, MD, FACS, FICS, co-presented a closing plenary session to 15 hours — after vandals cut through an underground on March 23 at the 2015 Preparedness, Emergency Response and bundle of fiber-optic cables owned by CenturyLink. Cash Recovery Consortium (PERRC) in Orlando, Fla. Dr. Donat, a specialist FLAGSTAFF, Arizona (AP) — When vandals sliced a machines went down, stores couldn’t process credit cards in otolaryngology at CGH Medical Center and an IEMA-certified Illinois fiber-optic cable in the Arizona desert in March, they did and even emergency dispatch service was lost. professional emergency manager, and David Hunt, an independent more than time-warp thousands of people back to an era homeland security consultant, presented “Current and Emerging Threats before computers, credit cards or even phones. They ex- When an underwater fiber-optic cable became wrapped to Our Electrical Grid.” They addressed the short-term and long-term posed a glaring vulnerability in the U.S. Internet infrastruc- around a big rock and broke in 2013, some residents of challenges of catastrophes such as extreme space weather, cyberattack ture: no backup systems in many places. Washington state’s San Juan Islands were without Internet and high-altitude electromagnetic pulse attacks so attendees could and telephone service for 10 days. understand what critical contingent capabilities must be engaged and Because Internet service is largely unregulated by the fed- promulgated now. eral government and the states, decisions about network CenturyLink, the broadband provider in the Arizona and reliability are left to service providers. Industry analysts Washington outages, declined to make officials available One of the objectives of the session was learning about current and say these companies generally do not build alternative for an interview about its Internet infrastructure. But increasing threats to the North American electrical grid, especially routes, or redundancies, unless they believe it is worth- spokeswoman Linda Johnson said in an email that the regarding policy and procedure toward emergency management. Another while financially. company acts quickly to restore service and “is constantly was studying the most major immediate, short-term and long-term effects investing in its local network and strives to deliver new of various levels of electrical power grid disruption and how to best The result: While most major U.S. metropolitan areas have Dr. Terry Donat, services and build redundancy where possible.” address the problems within catastrophic scenarios. The consortium and Central DuPage Hospital backup systems, some smaller cities and many rural areas expo was held at the Caribe Royale All-Suite Hotel and Convention Center do not. Companies have been deploying more than 10 million from March 23-26. miles (16 million kilometers) of fiber annually in the U.S., “The more rural the location, the more likely that there’s increasing the risk of damage from backhoes, trench-dig- IMA Seeks Your Voice only one road in and out of that location,” said Sean gers and shovels, according to an analysis by a network re- Donelan, a former infrastructure security manager in the IMA eagerly seeks contributions from professionals in any of the 16 security sectors specified by InfraGard. Stories liability committee of the Alliance for Telecommunications may be submitted as ideas, drafts or in finished form. (We reserve the right to edit or reject submitted copy). Industry U.S. Homeland Security Department who now works for a Industry Solutions. The number of outages on high-capac- white-papers, press releases and suggestions for Member Notes content — including promotions, honors or activities cybersecurity firm. “If someone manages to cut that fiber, ity fiber-optic lines in the U.S. has more than doubled in within the profession — are all welcome and may be sent to: [email protected]. you’ll generally see a one- or two- or three-day outage.” recent years, from 221 in 2010 to 487 last year, the Federal Communications Commission says. 14DespiteINFRAGARD its own CHICAGO warnings MEMBERS about ALLIANCEsuch vulnerabilities two VOLUME 1 | ISSUE 3 15 able to recognize one, and to know how to appropriately Indicators of Juvenile Human Traffi cking respond. This article will focus on one specific area of human trafficking — child prostitution — which is defined The average entry age of prostituted teens is between 12 by the Federal Bureau of Investigation as the “act of and 16 years. According to the engaging or offering services of a child to perform sexual FBI, children who might be especially vulnerable to acts for money or other consideration.” recruitment into prostitution are those who: • Have experienced failure in school The prostitution of children is believed to have started in • Have a history of emotional, physical or sexual abuse ancient Greece and Rome, where prepubescent boys were • Have been neglected commonly sold in brothels.Additionally early Egyptian, • Regularly experience violence between their parents Chinese, and Indian cultures participated in the forced • Live in poverty prostitution of minors. In Paris, during the 1800s, minors • Are homeless consisted of half of all individuals involved in prostitution. • Are in frequent contact with the juvenile justice system • Lack for attention or aff ection In 1885, several articles written by William Thomas Stead, editor of the Pall Mall Gazette, brought to light an Individuals who engage in the prostitution of children extensive underground sex trafficking ring in London that often create a climate of fear to subdue their victims. An allegedly sold children to pedophiles. This investigation atmosphere of sexual abuse, verbal abuse, isolation, poor centered around 13-year-old Eliza Armstrong, who was working and living conditions, denial of adequate rest and medical care, use of alcohol, drugs or other intoxicants, sold by her mother for £5. Armstrong was then taken to and withholding of pay, are utilized to maintain order among a midwife and abortionist to attest to her virginity, and their victims. These tactics may result in a child appearing held at a brothel, where she was drugged with chloroform, “compliant” in their activities. People opposed to child sex trafficking rally outside of the Washington state Supreme Court in Olympia, Wash., last year. Internet awaiting the arrival of a purchaser. Stead, posing as a man technology has made the problem of human trafficking exponentially multi-layered (AP Photo/Rachel La Corte) interested in purchasing a child, paid for Armstrong, and Also note that even children who cooperate or participate chronicled the dark business involving the abduction, in their victimization legally cannot consent to the sexual sale, and purchase of children for the purposes of sex in activity, and have likely been subjected to several forms of France. His articles resulted in the passing of the Criminal brainwashing to gain their assent. Law Amendment Act of 1885, which raised the age of Stemming The Tide: consent and delineated the penalties for sexual offenses against women and minors. It also strengthened existing legislation against prostitution.

Human Traffi cking A 2009 UNODC report refers to human trafficking as a modern form of slavery.

In the United States, a national initiative targeting domestic child prostitution was implemented in 2003. At any given time, an estimated 2.5 million people mostly women and children are This initiative, known as the Innocence Lost National victims of human trafficking worldwide. What can be done to decrease this appalling Initiative, is jointly run by the Department of Justice Child Exploitation and Obscenity Section and the National statistic? Center for Missing and Exploited Children. NCMEC opened in 1984 to serve as the nation’s clearinghouse on issues By Ingri Hartwig related to missing and sexually exploited children. Today he United Nations Office on Drugs and Crime NCMEC is authorized by Congress to perform 22 programs currently approximates the number of human Most people, including law-enforcement officials, probably and services to assist law enforcement, families and the trafficking victims worldwide to be around 2.5 believe that human trafficking is limited to large cities professionals who serve them. The DOJ and NCMEC target million, with an estimated 100,000 to 300,000 minor where traffickers can hide from authorities, and they may organizations involved in child prostitution using the victims in the United States. assume that human trafficking victims are from other enterprise theory of investigation. countries. These beliefs are not completely true. In fact, Human trafficking is defined by UNODC as “the much evidence exists that human trafficking does take The Innocence Lost initiative is a victim-centered recruitment, transport, transfer, harboring place in suburban areas, and that victims are, in many approach with the goal is to recover child victims of or receipt of a person by such means as threat or use of cases, United States citizens. prostitution and prosecute those responsible for their force or other forms of coercion, of exploitation. The FBI works closely with its Office for Tabduction, of fraud or deception for the purpose of Although human trafficking cases aren’t common, it is Victims Assistance and non-governmental agencies that exploitation.” important for local police officers and investigators to be 16 INFRAGARD CHICAGO MEMBERS ALLIANCE focus on juvenile victims of prostitution to provide the VOLUME 1 | ISSUE 3 17 trafficking victims to get the help they need. Because it best services and assistance to those children who are computer records, phone records, or other documents A Survivor’s Perspective was so difficult for her to escape her situation, overcome recovered. supporting the victim’s testimony. her trauma and re-assimilate into a normal life, Frundt Tina Frundt survived the ordeal of human made the decision to be a part of the solution for those Federal law 18 U.S.C. Section 1591 prosecutes sex Victims of prostitution may tell inconsistent, fragmented, trafficking. Now she helps other young girls trapped in a life of sex slavery. In 2008, she started her own antislavery organization, Courtney’s House in trafficking of children by force, fraud, or coercion and or contradictory stories due to to escape this seemingly inescapable form of modern slavery. Washington, D.C., to provide young girls and women with carries a mandatory minimum sentence of 15 years in survival instinct, shame, fear, or even affection for a hope-filled destination and the support they need when prison. Indicators can fall into one of the three elements of their perpetrator, so it is important to utilize a forensic It was Tina Frundt’s 14th birthday when she was lured first fleeing their captors. Soon after, she established force, fraud, or coercion and include: interviewer for these victims whenever possible. away from her adopted family by “Tiger,” the man who Shae’s Place in northern Virginia, a long-term shelter and would be her pimp. That first night, she was raped aftercare facility for young trafficking victims. • Loss of free will If you do need to speak with a victim, refrain from repeatedly by Tiger’s associates and forced into a life of • No control over documents communicating any judgment or assumptions about the prostitution enforced by physical abuse. Through tortures But Frundt’s positive actions belie the stark realities about • No control over wages victimization, avoid using labels and avoid using blaming including myriad cigarette burns, fingers deliberately trafficking in this country. “What happened to me 15 • Unusual or unhealthy living conditions statements. slammed in doors and even an arm being broken with a years ago is still going on today,” she says. “I can see that it is not getting any better — it is only getting worse. We • Behavior indicators baseball bat, Tina was kept in servitude. see girls and young women every night being forced onto • Pimp-controlled prostitution There are many organizations that can help in your “I can’t count the number of times people have asked the streets, beaten and raped to make money for the • Runaways investigation and prosecution of these cases. The following me, ‘Why didn’t you just leave?’ ‘Couldn’t you escape?’” pimps. … To stop the problem, we have to understand • Tough home life are services available to help investigators and the victims Frundt says in an editorial for Women’s Funding and help make stronger laws to get these traffickers.” • Indifferent about future of human trafficking: Network. “To that, I simply say, ‘Do you ask a child that is kidnapped why they didn’t try to leave?’ No, we Illinois laws against human trafficking and juvenile National Human Trafficking Hotline: 1-888-373-7888 automatically say they are a victim; it wasn’t their fault. prostitution are similar (720 ILCS 5/10-9 and 5/11-14.4 Now I know it was not my fault that a pimp manipulated and 5/11-14.3). Knowledge of the age of the victim and National Center for Missing and Exploited Children: a child. Under federal law, a child under 18 years who is elements of force or coercion mirror the federal statutes. 1-800-THE-LOST (1-800-843-5678) commercially sexually abused is a victim of trafficking. Investigating and Beyond However, under local law, a child is charged with child prostitution.” National Children’s Advocacy Center: http://www. nationalcac.org/locator.html This presents the dilemma faced by hundreds of If you encounter a child prostitute, there are a few things thousands of children who are being trafficked in the to keep in mind: STOP-IT (Salvation Army — housing or essentials for United States today. When police discovered Frundt, Illinois law 720 ILCS 5/11-14(d) states that anyone victims}: 1-877-606-3158. You may also contact your she finally had the opportunity to escape the trauma of younger than 18 is immune from local FBI office at (312) 421-6700 and ask for the Violent being violated by up to 18 “customers” a day, but her prosecution for prostitution. If you suspect that you’re Crimes Against Children squad to report any cases of newfound freedom was far from ideal. Arrested and victimization. placed in juvenile detention, she received nothing in the dealing with a child prostitute, it is important to think of way of counseling in the wake of such an extreme ordeal. this child as a victim. The pimp should be the subject of the “I spent one year locked up and came out at the end investigation. with no referrals for services or assistance to rejoin a teenager’s life in America.” It is recommended that you do not interview the child yourself, but rather call your local It’s an incredibly difficult transition that’s made even more Child Advocacy Center. Local Child Advocacy Centers have challenging by the current popular culture. “The pimps forensic interviewers on staff who specialize in minor who are trafficking young women and girls have a great victim interviews, and are trained in the skills required marketing tool: the media,” Frundt asserts. “You can turn on the TV now and see pimps glamorized in TV shows, Tina Frundt survived her trafficking ordeal and went on to speak to children who have been the victim of sexual music videos and movies. Young people use ‘pimp’ in or physical abuse. It is key that while you may need to get to establish both Courtney’s House and Shae’s Place everyday conversation: ‘my ride is pimped out’; ‘your as places of refuge for young women and girls who are initial identifying information or basic facts from a minor clothes are pimping.’ They do not understand the reality victims of trafficking. who has been prostituted or sexually exploited, that you behind them.” contact a forensic interviewer as soon as possible. The best results often come from having the child recount Escape is made even more difficult by the fact that their experience with a single person and as few times children under 18 who are arrested and charged as possible. It is also preferable that these interviews be with prostitution receive no funding from the state for videotaped. counseling. Any treatment they pursue must come out of their own pocket. “There’s no money for it,” Frundt says.

The victim’s testimony is the most important evidence in According to Frundt, it’s the lack of immediate, safe and a trafficking investigation, however, it alone is usually not appropriate shelter that’s the biggest hurdle for enabling enough for a conviction. It can be difficult to corroborate these cases, so it is important to look for unimpeachable 18sourcesINFRAGARD of verification, CHICAGO MEMBERSsuch as audio ALLIANCE or video recordings, VOLUME 1 | ISSUE 3 19 The Escalating Concern of Cyber intrusions and data breaches have become common national news headlines. Massive data breaches have Commercial Breaches plagued corporate giants such as Target, Home Depot, Sony Pictures and Anthem Insurance. Governments are With alarming frequency, major retailers have experienced under continual attack from activists and hostile nation- breaches to customers’ credit and debit card payment states. Even consumers are continuously targeted by information in recent years. Here are some of the largest malicious software (malware) such as CryptoLocker retail breaches to date: (which holds a user’s files for ransom) and Zeus (a banking Home Depot trojan that aims to steal money from personal bank Home Depot customers’ credit cards, debit cards and accounts). We are continually reminded by these headlines email addresses were taken in the spring and summer of that no one is immune from the myriad of hackers who are 2014. Hackers stole 53 million email addresses and 56 eager to take advantage of our interconnected, technology- million credit and debit cards. Home Depot was alerted reliant world. to the breach on September 2, 2014, and subsequently offered free identity protection services — including credit Despite the onslaught of frightening headlines, there monitoring — to any customer who used a payment card is a clear path to winning in the cyber arena. Focusing at a Home Depot store in 2014, and for any who do so on security basics that are commonly ignored such as through September 19, 2015. regular patching, user awareness training, password Michael’s management and secure network configurations will Arts and crafts retailer Michael’s experienced a data reduce the majority of cyberrisk by removing the “low breach that affected customers who used credit or debit hanging fruit.” Remember that you are not the only target cards between May 8, 2013, and January 27, 2014. More for a cyberthreat actor, and if you increase the effort it than 2.6 million payment cards at stores nationwide were takes for a cyberthreat to hack you, other targets will be affected. An additional 400,000 cards used between June more attractive and the potential attacker will choose the 26, 2013, and February 27, 2014, at subsidiary Aaron easier target. Think of it in terms of a physical threat: If a Brothers were affected. burglar is casing a neighborhood, the house with the open Neiman Marcus windows and unlocked door is much more appealing to Neiman Marcus customers experienced a data breach of the burglar than the house with the locked windows, dead- 1.1 million credit and debit cards. bolted doors and motion-sensor lighting. Payment data was stolen off of cards used from July 16, 2013, to Oct. 30, 2013. Hiring and empowering intelligent technical analysts, and guiding your efforts with threat intelligence are Staples also key to reducing cyberrisk. Cyberthreat intelligence Staples reported that malware deployed to 115 of its more is an information security discipline that is helping than 1,400 U.S. retail stores may have allowed access to many organizations combat increasing cyberthreats transaction data on approximately 1.16 million customer payment cards. The malware may have allowed access to through analysis of the cyberthreat landscape, system data for purchases made from August 10, 2014, through vulnerabilities, and attack likelihood. Cyberthreat September 16, 2014. At two stores, a breach occurred intelligence professionals use the traditional intelligence from July 20, 2014, through September 16, 2014. cycle of planning, collection, processing, analysis, Reducing Cyberrisk production and dissemination to produce an intelligence Target product that supports specific requirements. An effective Approximately 40 million credit and debit card accounts cyberthreat intelligence capability will both support used at Target between November 27 and December 15, intelligence-based decision-making at the strategic level as 2013, may have been impacted in a data breach. Target in a Dynamic Threat well as enable proactive cyberdefense at the operational also reported that the names, phone numbers, mailing addresses or e-mail addresses of an additional 70 million Currentlevel. Cyberthreat Landscape customers may have been stolen during the data breach. Environment Some customers may have belonged to both groups. As cyberthreats grow in number and sophistication, so does the Most cyberthreat models classify three major tiers need for cybersecurity professionals to become more nimble and of threat, ranging from novice hackers who hack proactive in their defense against attacks. for notoriety, thrill or activism, to sophisticated By Andrew Munger cybercriminals motivated by money, to nation-state actors who intrude into their adversaries’ networks(Continued to ongain page 22) political or economic advantage. 20 INFRAGARDINFRAGARD CHICAGOCHICAGO MEMBERSMEMBERS ALLIANCEALLIANCE VOLUME 1 | ISSUE 3 21 COVER STORY

The cyberthreat landscape is evolving, the barrier to even a hacker possessing the intent and capability to management track will enable continued technical cyberthreats, effectiveness is essential. Processes and entry to carry out effective hacks is consistently being breach your networks, without a vulnerability present to advancements. As cyberthreat intelligence professional procedures must be measurable and repeatable; you must lowered, and hackers continue to innovate and increase exploit, that missing leg of the tripod topples the threat. Bob Stasio recently told PraescientAnalytics.com, “High- know your data inside and out. Your information security in skill. Semi-automated commodity toolkits have Likewise, a vulnerability may exist on your systems and a end cybersecurity analysts are grown though intense strategy should be based on industry best practices, improved to a level where even a novice hacker can sophisticated nation-state hacker may certainly possess professional development, much like a physician. Both tailored threat and vulnerability analysis, and very compromise corporate and government systems. Highly the means to exploit it; however, the actor may not have fields require a significant amount of formalized education specific risk assessments relevant to your organization. organized global cybercrime groups have developed very the motive to target you and thereby does not present a — but when your education is finished, you must still An information security strategy must also evolve to be efficient data-theft rings, marketing identity information Howthreat. to Effectively Combat the Threat: A Proactive work under a master operator, (e.g. “attending doctor”) effective against changing cyberrisk. Actions must be or sensitive corporate data in online black markets. Defensive Strategy and Intelligence-Based Risk for on-the-job training. True cyberskill development repeatable in order to audit and measure effectiveness. Nation-states have devoted entire departments of their Reduction means actually doing the job and acquiring experience.” Measurements should be translated into metrics that are intelligence and security apparatus to conduct offensive Through education, practical implementation of skills, reviewed on a regular basis in order to focus time and cyber operations, implementing highly sophisticated and mentorship, information security operators will resources on the components of the strategy that have become highly skilled cyber “surgeons” who will defeat proved to work. 3.cyberthreats Intelligence: with the precision of a scalpel. Despite the onslaught of frightening headlines, there is a clear path Organizations that implement strong security basics, Many cutting-edge organizations are foster strong security analysts, guide their programs to winning in the cyber arena. taking a proactive approach to information security. based upon threat intelligence practices, and measure Traditional information security programs based effectiveness through repeatable processes will reduce almost solely on antivirus and firewalls are becoming their risk and “win” in the cyber arena when compared less effective in defending against current cyberthreats. with their peers. From consumers to global enterprises, Perimeter security and antivirus based on atomic we now realize the extent of the cyberthreats we face, and indicators such as known bad IP addresses or known we have the tools and skills to combat them. malware signatures is no doubt still an essential layer pieces of software customized to their targets. These are The most effective organizations are taking a proactive of a good defense-in-depth security model. However, to Cyberthreats are no longer science fiction, no longer a all signs that point toward a continued evolution of the approach to information security. Traditional information defeat a cyberthreat before it is able to do damage requires risk that may or may not be relevant to each and every cyberthreat landscape, and an increased need for very security programs based solely on preventative tools are a comprehensive strategy incorporating cyberthreat person and organization. Cyberthreats are undoubtedly a focused, relevant and calculated security practices to now much less effective in defending against cyberthreats. intelligence. Intelligence has been used for centuries very real and active risk to individuals, corporations and combat the growing threat. Effective organizations employ strong preventative to give an advantage on the battlefield, and these same nations. Technology, information on demand and global controls, but realize that despite best efforts motivated processes can be applied to cybersecurity very effectively. interconnectedness are great things that have enabled Remember that behind every cyberthreat you will find a attackers will eventually breach their security. Four main education, innovation and community beyond our dreams. human being who has his or her own particular motives 1.considerations Stick to the Basics: are the key to combating cyberthreat. It is important to understand what intelligence is. Use these gifts, but know your risks, and always weigh Currentfor action, State and ofa finite Information means with Security which to act. Intelligence is not merely raw information, but it is the Andrewconvenience Munger, and CISSP, privacy CISM, with CISA, potential leads risks.Group Information Security basics are key to enabling product resulting from the intelligence process — the key Security at Cyberthreat Intelligence in Schaumburg, Ill. the prevention, detection and response to cyberthreat steps of which are data collection, processing, analysis, actors. Patching workstations, servers and infrastructure production and dissemination. As described in a paper Andrew Swartwood contributed substantively to this story. To effectively combat cyberthreats, we must deeply is essential to the prevention of attacks. Most breaches titled “The Operational Levels of Cyber Intelligence” by understand our adversaries and how they operate. But involve the exploitation of a known, patchable the Intelligence and National Security Alliance, “When just as importantly, we must know ourselves and how our vulnerability in the victim’s systems. Controlling privileged analyzed and placed in context, information becomes vulnerabilities, paired with the right threat, create unique accounts and authentication is another core principle. intelligence; and it is intelligence that reduces uncertainty and specific risk. Many breaches — such as the Target breach in 2014 — and enables more timely, relevant and cost-effective involved the compromise of a privileged credential that policy, as well as high-quality operational and investment As stated earlier, cyberthreat can be understood by enabled an attacker to accomplish his objectives. Utilizing decisions.” framing the threat in traditional terms of motive, means properly configured antivirus, intrusion detection, file and opportunity. Motive, of course, meaning a hacker’s integrity monitoring, application whitelisting, and a SIEM Of course, having a cyberthreat intelligence program alone intent to act on a particular target. The means is the solution (Security Information and Event Management) is far from a silver bullet; however, when teamed with hacker’s capability to act on his or her motives. If a hacker enables an effective security team to face off against all functions such as perimeter defense, incident response, then has the motive and means to attack a particular 2.tiers Team of cyberthreats. Selection and Enablement: access control and security awareness, an information target, there must be a vulnerability to exploit — this is security organization can be highly effective at combating the opportunity. Hiring, coaching the cyberthreats we face. Cooperation across all of these and training intelligent security analysts is fundamental functions and development of repeatable processes create This threat model can be understood by thinking of a to a successful program. Think of analysts as surgeons 4.a force A Measurable multiplier andthat Repeatablegreatly enhances Program: effectiveness. tripod where motive, means and opportunity are the or medical practitioners — they need coaching, practice, legs. Atop this tripod rests a cyberthreat tailored to its and continuous training to be effective. Developing When target. You need all three legs in order to support the a technical track within your organization that is a implementing and managing an information security 22threat.INFRAGARD If one leg CHICAGO is missing, MEMBERS the threat ALLIANCE topples. As such, parallel and equally as-incentivized career path as a program that will win the fight against evolving VOLUME 1 | ISSUE 3 23 MOST WANTED Most Wanted: DANIEL ANDREAS SAN DIEGO

ALISASES: Yevgeniy Bogachev, Evgeniy Mikhaylovich Bogachev, “lucky12345,” “slavik,” “Pollingsoon”

WANTED FOR: Maliciously Damaging and Destroying, and Attempting to Destroy and Damage, by Means of Explosives, Buildings and Other Property; Possession of a Destructive Device During, in Relation to, and in Furtherance of a Crime of Violence

DESCRIPTION: Date(s) of Birth Used: February 9, 1978 Height: 6'0" Weight: 160 pounds Hair: Brown Eyes: Brown Sex: Male Race: White

REMARKS: San Diego has ties to animal rights extremist groups. He is known to follow a vegan diet, eating no meat or food containing animal products. In the past, he has worked as a computer network specialist and with the operating system LINUX. San Diego wears eyeglasses, is skilled at sailing, and has traveled internationally. He is known to possess a handgun.

REWARD: The FBI is offering a reward of up to $250,000 for information leading directly to the arrest of Daniel Andreas San Diego.

Daniel Andreas San Diego is wanted for his alleged involvement in two bombings in the San Francisco, California, area. On August 28, 2003, two bombs exploded approximately one hour apart on the campus of a biotechnology corporation in Emeryville. Then, on September 26, 2003, one bomb strapped with nails exploded at a nutritional products corporation in Pleasanton. San Diego was indicted in the United States District Court, Northern District of California, in July of 2004.

San Diego has ties to animal rights extremist groups. He is known to follow a vegan diet, eating no meat or food containing animal products. In the past, he has worked as a computer network specialist and with the operating system LINUX. San Diego wears eyeglasses, is skilled at sailing, and has traveled internationally. He is known to Source: FBI.gov possess a handgun.

24 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 3 25 whether or not the officer will be hurt or killed in the line a conference exploring the issue at the FBI Academy, of duty. Quantico, Va. As a result of this coming together of law enforcement officers, psychologists, attorneys, chaplains While police work is more hazardous than most other and employee-assistance professionals, the FBI’s BSU professions, there’s a reason why suicide tops the list of produced a reference book that remains accessible on the bad stuff for loved ones to expect. U.S. Department of Justice website and continues to serve as a resource for law enforcement agencies throughout the country.

“Most Chicago police officers see more awful things in a While many departments, large and small, have taken single shift than most people see in a lifetime — robberies, pains to address the issue of suicide among officers, a murders, shots fired,” says Brandt, who insists on driving major stumbling block to prevention has been that there and riding shotgun in a squad is a tendency of police to shy away from recognizing car“Most with a Chicago Chicago police officer police emotional officers problems see or mental more illness. awful “It’s pretty things much a in a single shift than most people see in a lifetime.” — Fr. Dan Brandt, Archdiocesan priest and director of Chicago Police Chaplains Ministry

on a weekly basis through culture of denial,” Zarse says. Chicago’s roughest neighborhoods during hours of peak gang activity. “It can be difficult for anyone to process.” A tendency toward stoicism or stonewalling may relate to Confronting Enemies Within: Brandt also provides on-the-scene support to officers the fact that the field of law enforcement remains male- during various traumatic events, including hostage dominated, she adds. situations. PTSD, Suicide The predominant demographic — white males between In 2014, 118 police officers in the United States were killed the ages of 24 and 65 — also skews totals for the group in the line of duty, according to Officer Down Memorial toward a greater propensity for suicide than the overall Exposure to trauma in a high-stress, high-risk profession like law enforcement Home Page. But far more officers likely took their own population. puts first responders at elevated risk of PTSD and the possibility of suicide. But the lives. In examining statistics published in the FBI’s report, know-how and the means are available to help reduce the risk. “A police officer is twice as likely to commit suicide as be researchers Michael G. Aamodt and Nicole A. Stalnaker By Susan DeGrane killed in the line of duty,” suggests Nancy Zarse, Ph.D., a asserted that the suicide rate for law enforcement officers was 18.1 per 100,000, as opposed to 11.4 in 100,000 among the general population, and that this could be attributed to the predominantly male demographic. They The Chicago Police Department holds two graduation Archdiocesan priest and director of the Chicago Police full professor in the Forensic Department at the Chicago also indicated that the law enforcement group, compared ceremonies for newly minted officers. One takes place at Chaplains Ministry, which serves the 12,000-member School of Professional Psychology, and Infragard Academia with the same age and gender demographic from the Chicago’s Navy Pier ballroom with plenty of fanfare as the Chicago Police Department, their families and 5,000 sector chief. Numerous sources, including the U.S. general population, actually had a slightly lower overall mayor and other dignitaries congratulate new officers, but retired officers. “For the next 15 minutes, well, it’s kind of suicide rate. the other — the star ceremony — is just for immediate a downer talk, to be honest. We tell the officers’ significant Department of Justice, indicate this. family. others about all the bad stuff they can expect.” Accurate and recent suicide numbers for law enforcement But regardless of whether the suicide rate for law The litany includes: suicide; post traumatic stress disorder remain elusive for various reasons, however. Many enforcement officers relates to demographics or hazards The star ceremony takes place in the Chicago Police (PTSD); alcoholism; depression; the reality of shift work law enforcement agencies are still reluctant to draw a of the profession, suicide prevention programs seem to be Academy gymnasium. Spouses or close family members — that officers may have to sleep all day due to working connection between job-related stress and suicide, so more readily accepted by police departments. come forward, one at a time, to pin new badges on the all night; that officers frequently will miss Thanksgiving many suicides go unrecognized as related to police work, officers’ uniforms. After department chaplains offer dinner and Christmas, and their kids’ dance recitals; that says Zarse, a licensed clinical psychologist. In January, the Chicago Police Memorial Foundation blessings, the officers leave the gymnasium to load up the family’s friendship circle may change — non-police sponsored an annual suicide awareness and prevention their service weapons at the onsite gun range. friends may drift away because officers often form close Even so, the problem of suicide among law enforcement seminar for law enforcement, underwritten(Continued by Motorolaon page 28) “This gives us a chance to talk to families without the bonds with officers they come to rely on in life-or-death officers was apparent long before September of 1999, 26officersINFRAGARD being there,”CHICAGO says MEMBERS Fr. Dan ALLIANCE Brandt, a Chicago situations. And, of course, there’s the uncertainty of when the FBI's Behavioral Science Unit (BSU) hosted VOLUME 1 | ISSUE 3 27 and co-hosted by McDonald’s, Hyatt Lodge of Oak Brook, I react? Do I tend to drink? Do I get on a motorcycle and and the Oak Brook Police Department. For several years, drive recklessly at high speeds? The idea is that you take the one-day event has attracted police brass from Chicago, care of yourself, so you can be there for other people.” suburban, county and Illinois state law departments, Positive coping strategies, which Zarse calls “buffers,” according to Brandt. include: rest; recreation; enjoyable hobbies; engagement in meaningful relationships; and an active spiritual Among this year’s featured speakers urging officers not life, whether participating in organized religion or just to become an unfortunate statistic was Kevin Gilmartin, spending time in nature. author of “The Emotional Survival for Law Enforcement: A Guide for Officers and Their Families.” With enough support from family and friends, with enough positive activities, some officers don’t develop PTSD Gilmartin’s book isn’t new and it isn’t the only one to and they may not need the assistance of a professional explore the connection between police work and PTSD. psychologist, but others do, says Zarse. Other popular titles include “Cop Shock” by Allen R. Kates, She adds that it’s very important for officers to do the and “I Love a Cop: What Police Families Need to Know” by following: Josh Osmanski, center, wears his former emplyer's uniform and badge to attempt to pass through a flight crew security line at the Ellen Kirschman, Ph.D. •Recognize the warning signs of PTSD — depression, Honolulu International Airport in Honolulu. Osmanski was sentenced April 2,2105, in federal court in Honolulu to Three years probation. anger, insomnia, risky behaviors, broken relationships or He pleaded guily last year to unlawfully entering the secure area of an airport. (Ap Photo/ U.S. Attorney's Office) So awareness has been spreading. But whether or not isolation. support is delivered by a trained psychologist through •Do not ignore suicidal thoughts. a department’s employee assistance program can •Ask for help. Man Wearing Pilot Uniform to Cut depend on many factors, says Zarse, adding that smaller departments may be at a disadvantage in terms of hiring Both Zarse and Brandt point out that beyond other first staff psychologists. In some cases they’ve begun to pool responders who must be willing to put themselves in Airport Line Gets Probation resources with other agencies. harm’s way to save and protect others, law enforcement By Jennifer Sinco Kelleher officers must bear another formidable stressor — the One positive trend among departments is the raising responsibility of using deadly force. of awareness that it’s OK to ask for help, says Zarse, a frequent presenter at law enforcement education “Without clarity about this, officers cannot be as effective,” HONOLULU (AP) — A pilot who was fired from Cathay workshops around the country. These same departments says Brandt, who teaches a class at the Chicago Police Pacific Airlines won’t go to jail for wearing his former The silent video later shows Osmanski standing in another also seem to realize that educating officers about PTSD Academy on the spiritual and ethical implications of employer’s uniform and badge to bypass security at line, speaking with Transportation Security Administration and precipitating factors for suicide is important. the use of deadly force. “Much of the officer’s training Honolulu International Airport. officers, and showing them a badge hanging from his neck is tactical, but my work is to bring understanding that on a lanyard. He’s seen wearing his shoes as he walks “With greater exposure to trauma, the greater the chances when they draw their weapons to protect themselves or Joshu Osmanski was sentenced Thursday in federal court through security, while other passengers go through full- of PTSD,” says Zarse. “But just because you are exposed someone else, this is not murder.” in Honolulu to three years’ probation. He pleaded guilty body scans, and fiddle with belts and shoes. to trauma doesn’t mean you’re going to develop PTSD. A last year to unlawfully entering the secure area of an lot depends on your coping strategies. If you’re turning to According to Brandt, those who resort to deadly force pay airport. What Osmanski did was more egregious because he’s alcohol and risky behavior, there’s a good chance you’re a high price. “Many are haunted by those they’ve injured or a licensed commercial pilot, Hino said, but prosecutors setting yourself up for PTSD. PTSD left unchecked can lead killed, regardless of the fact that they had no other choice,” Osmanski has said he wore the uniform and badge months didn’t seek jail time. to suicide, especially when alcohol factors in, lowering he says. after he was terminated so that he could “cut the line” and inhibitions.” not have to take off his shoes during security screening. He Defense attorney Birney Bervar, who asked for a sentence The Chicago Police Department supports officers in said he was traveling to a new job with another company. of one year on probation, said Osmanski’s “bizarre” actions Arming officers with more positive coping strategies is the wake of traumatic events by providing debriefings, could be attributed to a possible head injury from ejecting thought to help. “It’s no longer just a matter of R & R to set additional training, participation in group discussions and He apologized in court at his sentencing, saying he can’t from a plane in 2011 when he was a Navy fighter pilot. things right and recharge,” says Zarse, who suggests it’s counseling, Brandt says. explain what he did and that his actions embarrassed his more a matter of six Rs touted at recent law enforcement family, including his children. Osmanski is now a full-time student at Tulane University training workshop in Central Florida: 1) Responsibility 2) Citing an example of an officer who returned fire after in New Orleans who wants to go to dentistry school, Reflection 3) Relaxation 4) Relationship 5) Recreation and being wounded in the shoulder, Brandt says, “He did “I made a mistake and I don’t know why,” he said. “I don’t Bervar said. everything right. The man the officer shot had intended to know what I was thinking.” 6) Refueling. kill him. He had numerous offenses and had served time “I lost my career,” Osmanski said. “I may never fly again.” “The first R, responsibility to self, is a big part of in prison. He was estranged from his family. And yet, the Assistant U.S. Attorney Tracy Hino played surveillance U.S. District Judge Helen Gillmor noted that he wore his maintaining sound mental health,” Zarse says. “The notion family that hadn’t spoken to the guy in years suddenly video in court showing Osmanski in a pilot’s uniform uniform to bypass security more than once after being of responsibility is, you’re in control of your own actions hired an attorney and wanted to destroy the officer’s life. trying to go into a security line for flight crew. A screener fired from Cathay Pacific. She also noted that Osmanski is regardless of what others may be doing. The training Letters kept coming in the mailbox. Officers need someone directed him to another line because that line was only for gifted and intelligent, but his actions raise questions about encourages officers to examine their reactions to various to stand by them when those letters arrive.” crewmembers of domestic airlines, Hino said. his judgment. She said it’s rare to only get probation and 28situationsINFRAGARD by asking CHICAGO themselves, MEMBERS ALLIANCE if this happens, how do VOLUME 1 | ISSUE 3 29 year, a 14-year-old from Michigan spoke to other kids in industries for the better in the future and see that there an interactive presentation about how security concepts are things that need to be improved and better ways of relate to building safeguards in the video game “Minecraft.” doing things. And they can recognize it’s OK to evolve.” Schwartzberg and Wagner said this opportunity for children to learn from each other helps them develop Chicago Infragard sponsors the event. Members can confidence and skills, perhaps inspiring them to learn submit ideas for presentations and activity stations. more about a topic and be able to give a presentation the Hak4Kidz also welcomes volunteers to staff the event and next time. additional company sponsorships.

The workshops, led by instructors and aides in a The event will be held on June 27 at the TechNexus office, structured class setting, are on topics such as robotics, located at 20 N. Wacker Drive, Suite #1200. Tickets are “Minecraft” and Linux. Schwartzberg noted that one of last $40 for children and $25 for chaperones, which includes a year’s presenters incorporated a slide that read, “Don’t catered meal, a T-shirt and prizes. For more information, learn to hack, hack to learn.” Wagner added, “At the end of visit www.hak4kidz.com, www.facebook.com/Hak4Kidz or the day, that’s what hacking is — figuring out how things twitter.com/Hak4Kidz. work.”

Activity stations, which are short hands-on labs, provide the children the freedom to immerse themselves with challenges. There are different levels for different ages on the various subjects, such as cryptography. The kids "0DDJ0BB" shows a child and his mother how to use the OSI Model in the Networking Playground Hak4Kidz 2014. Infagard will support can start out with decoding a message formed using basic this year's event June 27th at the Tech Nexus office in Chicago. substitution and continue to a code that uses Base64 if they want. One of the stations even allows children to build an AM radio. Shaping the Next Generation “How often do you get to sit in front of technology and explore it?” Wagner asked rhetorically. Parents protect the technology and there are basic rules and safety staff to Children gear up to take on ethical hacking and technology through Hak4Kidz. offer the kids protection with the materials, but ultimately, By Mary Stroka “we want [the kids] to feel like it’s their conference,” he said.

On the other hand, the conference also teaches parents how to talk with their kids about Internet safety and security, Wagner said. “[At last year’s event] the parents When Hak4Kidz president David Schwartzberg’s son, now technology as it’s evolving. It’s an event geared for children had about as much fun as the kids. Lots of adults 9, started to ask his father, a senior security engineer at ages 8 to 17, but younger children reading at a higher level were asking questions, including ones about Internet MobileIron, questions about how technology works, they may gain from it as well. He and Wagner are expecting networking.” took the step of writing a book together for children about at least 125 people (kids plus their parents) this year, up how computers work. The book, “Computers for Kids: from 100 people, including 38 kids, who came last year. Wagner remarked, “None of this is what the media Something In, Something Out,” published in 2011, helped considers hacking. It’s learning and questioning and children learn about computers, but Schwartzberg wanted The conference introduces children and their parents to becoming inquisitive about technology so you can be more to do more. a number of elements of cybersecurity, with the aim of informed and less susceptible to security threats.” allowing children to learn security and safety ethics, what He and Robert Wagner, a security engineer at Bromium security attacks look like in a safe environment, whether Schwartzberg added that introducing children to more Labs, met at conferences and it hit him — why not create a they might like to pursue a career in technology, as well technology and developing mentorship enables them technology conference for children? as basic technology skills that could even help them make to form new perspectives, even if they don’t pursue business decisions in the future. The event includes peer technology as a career. “Even if they’re not in technology, And so Hak4Kidz was born. “The inspiration came from presentations, workshops and activity stations, all of they can adopt the mental behavior [that comes with Kids explore the Technology Destruction Village at last year's my [three] kids, and they love it,” Schwartzberg said. which give the kids an opportunity to learn and explore. learning about technology and science] and look at things Hak4Kidz event. “They’re excited for this year’s conference.” differently. They might be more successful executives. … In the peer presentations, children from 8 to 26 years With the foundational core beliefs, they can help change On June 27, Hak4Kidz will host its second annual old have 25 minutes to deliver a message on something 30conferenceINFRAGARD in ChicagoCHICAGO for MEMBERS children ALLIANCE that teaches them security-related that they’re doing or have studied. Last VOLUME 1 | ISSUE 3 31 larger weapon detonated 80 kilometers above the Earth into a fully shielded vault.” will impact an area potentially two, two-and-a-half times the size of that circle. So it’s a very dramatic weapon. It has The defense against a geomagnetic storm or solar event specifically become a critical problem today because of the has a different dynamic. “It’s not going to have the same geopolitical change worldwide.” impact from a gigahertz perspective,” Pressman offers. “It’s actually going to cause a distortion in harmonics of the EMPs can also occur naturally, through space weather, electrical service. There are two ways to address it. One is including solar flares, solar radiation storms and to try to filter that out as the electrical service is coming geomagnetic storms. While these events may not have the into the user source. What we’ve done is a little bit simpler. immediate intensity of an HEMP attack — they can have We just treat that distortion as an aberrant component of extended duration times, lasting hours, days or longer, and the grid, and just shut down the entrance from the grid. So have the potential to cause brownouts, blackouts or even Examiningwe immediately the Cost/Benefitgo to onsite generation.” Ratio collapse, and can damage unprotected transformers.

In 1859, a massive solar storm produced immense solar flares — observed by British astronomer Richard Any way you look at it, building up the defense of our Carrington — which sent two coronal mass ejections electrical infrastructure against threat actors and solar (CMEs) through space. In what became known as the phenomenon is a costly prospect. The prospect of building “Carrington Event,” telegraph systems worldwide failed, shielded rooms to fit around major transformers, site- magnetic recorders went off their scales, and the Aurora specific internal power generators, server rooms, data Above: The interior of a room entirely shielded against an EMP attack. Stainless-steel plates are fused together to form the structure, Borealis illuminated the night skies as far south as centers — not to mention the complexities involved which is then essentially wrapped in a Faraday cage to protect everything inside against the electron bombardment of an EMP event. Panama. Smaller storms in 1989 and 2003 demonstrated in protecting hospitals and other locations critical to lesser impact but still raise the question of how long supporting the health and wellbeing of the citizenry — is Protectingbefore another Our Carrington-sized Utilities and Information event takes place. staggering to consider. But Pressman maintains that it’s not only necessary, but that the costs can be relatively Managing the EMP Threat easily absorbed. As we grow ever more dependent on electricity not just as an energy source, Between the fluid, unstable geopolitical unrest and the “It’s like the advent of airbags,” he says. “Originally, 20 but our primary means of communication and disseminating information, exponentially magnified implications of a Carrington Event years ago, there was a tremendous pushback from the in the 21st century, the thought of taking action to protect consumer to pay the cost of airbags. Obviously retrofitting it’s imperative that we plan ahead to guard against significant threats to the the grid and everything that’s dependent on it takes on existing automobiles with airbags was probably not nationwide power grid. a new urgency. But how do we protect against such an feasible. But obviously, over a period of 20 years, the insidious and instantaneous attack? design was basically fully incorporated into the design of By Karl J.Paloucek an automobile. It’s the same thing.” “It’s a different type of defense,” Pressman says. “When we’re looking at protecting against an HEMP or a related- At the same time, he issues his cautions about the costs It’s as real as the Cold War threat of nuclear warheads. And and what people in both the private and public sectors can type of man-made event, because it’s a nanosecond event, of not building up the protection for our grid. “From a not a lot younger. do about it. you basically have to shield completely from that massive, grid perspective, you’re looking at protecting the power very, very fast burst of electron activity. That really entails generation source,” he says. “One area that I’m very As early as 1963, at least a few U.S. physicists were aware “Specifically, what an EMP represents is a nanosecond complete shielding of the facility and a filtering of all concerned about is nuclear power plants. What happens of the threat of electromagnetic pulse (EMP)† to the gigahertz burst that creates a gigahertz impact of electrons incoming services.” in the control centers of a nuclear power plant if there’s a electrical and telecommunications grids. EMP technology that explode outward from the source of the EMP,” massive failure? How do you power down those facilities has been in development since that era, and over the Pressman explains. “From a weaponization perspective, Essentially, anything deemed absolutely critical must be gracefully? That’s a specific issue that the Exelons of the decades has become more affordable and accessible than or a true risk to the grid, what we’re really addressing is sealed in a room shielded by sealed plates of stainless steel world have to address.” ever. In November of last year, Admiral Michael Rogers what’s called an HEMP, or high-altitude electromagnetic surrounded by a Faraday cage. warned that China and a number of other nations now pulse. This is specifically a nanosecond burst that’s created Pressman is optimistic that the blue-chip companies will have the capability to successfully launch a cyberattack by a nuclear device. Depending on the size of the device “Think about a bank and a bank vault,” Pressman explains. take the lead in being proactive about protecting against that could shut down much of the electrical grid in this and its height above ground level, it will create a massive “A bank is a big institution. It could be multiple floors, tens the threat of an EMP event. “I think when major uses of country. With such an escalated risk of threat actors gigahertz burst over a large area.” of thousands of square feet. But there’s a specific area power, like, say, in Chicago, the United Airlines, or the carrying out an EMP attack, it’s vital for those in the where there is a vault. Maybe the vault is a foot of steel, Walgreens, or the Krafts, or the Abbots, who are buying security industry, regardless of sector, to become aware How big is a “large area”? Think about the scale of a 360 degrees. That is a small area within the bank. But that large amounts of power reach out to ComEd and say, ‘We and informed about the realities of EMP technology and its weather system. “For example, a 10-kiloton weapon 40 vault is obviously nearly impenetrable. It’s the same as want you to begin installing protected transformers,’ it can potential to impact our society. To that end, we spoke with kilometers above the Earth’s surface — let’s just say, for designing infrastructure for EMP. You have to look at what be done,” he says. “What ComEd will do,(Continued like any newon page build, 34) Jack Pressman, executive managing director at EMP GRID example, above Kansas City — will dramatically impact infrastructure absolutely must survive immediately — day 32services,INFRAGARD to learn CHICAGO exactly MEMBERS what the ALLIANCE danger from EMPs is, the grid all the way to Milwaukee,” Pressman suggests. “A one, day two, day 30 — and that you actually would put VOLUME 1 | ISSUE 3 33 NEW TECHNOLOGY

is they’ll pass that cost back to the consumer over a certain period of time.”

“Now, again, like airbags, it’s an expense, but it’s not a new technology,” Pressman continues, “and it’s not like traveling at the speed of light. It’s a very, very well-vetted technology. And the cost, though not trivial, isn’t earth- shattering. What does that mean? I can only guess, but maybe an increase in costs of maybe 5 to 8 percent of those new transformers. That’s not trivial — because if we’re talking about a $40 million transformer, we’re talking about $1 million to $1.6 million additional cost — Cloudsbut that’s Gathering the cost to on begin the Horizon to fully protect our grid.” EMP SIG Tabletop Exercise Kit Even as the tumult concerning our negotiations with Iran Now Available over its nuclear program continues, the threat to our nation’s critical infrastructure and citizenry grows. More Good news from the enthusiastic folks who make up the and more of the highly volatile nation states are gaining InfraGard Electromagnetic Pulse Special Interest Group nuclear capabilities, putting the threat of an HEMP attack (EMP SIG): The fi rst Tabletop Exercise Kit enabling anyone to learn about and begin planning for EMP events or within relatively easy reach. “The resources required to HEMP attacks is now available. The InfraGard EMP SIG launch an HEMP — you need a trawler; you need a Scud; was formed in 2011 in conjunction with the FBI to assess you need a small, 10-20-kiloton weapon,” Pressman the threat of EMP events and to develop defenses against TITUS Classifi cation for Mobile™ says. “And all of those components are all now, certainly, them. available to a number of countries who are directly or indirectly sponsoring global terrorism. The Tabletop Exercise Kit explores a dynamic variety of threat scenarios, including extreme space weather, Elevates Security Standards “On the other hand, our country has it,” he continues. cyber attacks and physical attacks on the grid, HEMP “It’s very well developed. The Israelis have it. The South attacks, and other possibilities. Included in the kit are videos of vetted experts providing a specifi c, fact-based Koreans are developing it rapidly. I’m sure the Indians are Capability Overview: background presentation that aims to provide the most Mobile Data Security and Governance TITUS Classification very, very motivated to develop it. You’re seeing that arms current and relevant factual material to federal, state and for Mobile is an easy-to-use email- and document-security • Ability to classify emails sent from mobile devices race. In a sense, it’s a niche component of the arms race — municipal government offi cials, security professionals in • Prevention of mobile data loss designer weaponry, if you will.” both the public and private sectors, the States’ National solution for mobile devices that prevents data loss and • Protect business data in a secure container Guard forces, and interested private citizens. Read-ahead ensures that only approved users have access to the • Control data sharing via upload, email, print, copy, or Pressman is also encouraged by the shift in perception materials are also provided. correct information. Through it, users can classify email sent from mobile devices, raising user security awareness, opening into other Apps aided by changes coming from Washington. “I was so • Access Microsoft® SharePoint and Cloud storage from According to Dr. Terry Donat, Healthcare and Public Health enabling protection based on data sensitivity, and ensuring pleased with the amendment to the Critical Infrastructure one secure app Sector Chief for InfraGard, the exercise provides “realistic Protection Act that the U.S. Senate passed unanimously … compliance with document-marking standards. • Extend Microsoft RMS® to mobile devices catastrophic scenario impacts that would or are fully and I believe the president will sign. There’s no funding expected to occur in these events, most of which are not TITUS Classification for Mobile provides a secure and to it — fair enough. But it really begins to set the tenor of very pretty.” System Requirements: what we need to do as a country if the risk is clear and we separate container for business data. The interface TITUS Classifi cation for Mobile comprises two apps — need to start making some investments.” The Tabletop Exercise Kit is available free to any InfraGard provides direct access to corporate email, SharePoint® TITUS Mail & TITUS Docs chapter or member, to all 338 higher-education Homeland libraries and common file-sharing services, guaranteeing But time is not on our side, Pressman suggests. “We have Security programs and the 1,400 educators in the that downloaded files are managed according to corporate Mobile OS: iOS 7.1 or aboveAndroid 4.1 or above University and Agency Partnership Initiative (UAPI) through policy. Administrators are able to leverage document to move,” he says. “We have a huge economy. We have a Email Server: Microsoft Exchange® Server 2010 and 2013, the Naval Postgraduate School Center for Homeland classifications to enable fine-grained control over a user’s multi-, multi-, multi-trillion-dollar economy. We are not and Offi ce 365 SharePoint: Microsoft SharePoint 2010 or Defense and Security. talking about trillions of dollars to defend against this. We ability to email, print, copy, upload and open files into 2013 can begin rapidly to gain resiliency without an enormous third-party apps. Additional data protection is provided by For more information or to request the Tabletop Exercise extending Microsoft Rights Management Services (RMS) investment. It’s not going to happen overnight. [But] if you Kit, email [email protected]. do the investments on new infrastructure and on upgrades to mobile devices, allowing users to access or protect data — five, six, seven or eight years later, we’re at a whole level using Microsoft RMS. Whether deployed independently of† William resiliency.” J. Broad, Science, Vol. 212, May 29, 1981. or with an MDM solution, TITUS Classification for Mobile strikes a balance between protecting corporate data and 34 INFRAGARD CHICAGO MEMBERS ALLIANCE empowering an efficient mobile workforce. VOLUME 1 | ISSUE 3 35 MEMBER NEWS

Lizabeth Lehrkamp:

I’m a mechanical engineer. I lived in the is, they saw us as the people that walked in with a subpoena Bay Area of California, and my husband and I decided that we or a search warrant. They saw us in the black suits and the wanted to move back to the Midwest. When we got back here, I unsmiling faces. And they weren’t going to call us voluntarily was looking for a job and I went to a career fair. While waiting when they had an issue. Private industry owns 80-85 percent to talk to a booth in the corner, I was waiting in a line, and I of the country’s infrastructure. So the government can only happened to be standing in front of the FBI booth. And the control a small portion of it. And that would be all the DoD and agent there that does recruiting started up a conversation, as all the agencies. Past that, if there’s an issue, there’s no law. … is his job, and it started off kind of rocky, like “Hey, I’m here for I mean they’re working on it, but there’s no law that says you an engineering job, what do you guys want — you don’t want have to tell me anything. engineers.” “Obviously I’m here at an engineering career fair, so we do want engineers.” The more people bringing that out, the more chances you’re going to have, you can look for the bad things happening I had never considered being an agent or in law enforcement because we can tell you. By bringing it to us, we’re kind of at all, so this came as kind of a surprise to me. So I chatted with a neutral party here. I’m not your competitor, and I’m not him for a little bit, and the final thing he said, and this always going to tell the newspaper. All I’m going to do is take out makes me laugh, is that, “You’ve obviously got time on your the important information and say, here’s the known bads. hands, so you may as well go online and apply.” It makes me Here is what to look for in your network. That’s it. And it laugh because he was right, I was job hunting at the time, so I doesn’t matter what industry it is, because the known bads went home and I applied online. are crossing industries. Don’t get me wrong — some of them specifically want banking information. That’s true. But it’s That was 10 years ago. I ended up going to Newark, and I never bad to look for it, because guess how much information worked two and a half years in Italian organized crime. And can lead to your account that your employer has. So even if then I cross-trained over to cyber because we wanted to get you’re not a financial institution, if someone wants banking back to Minnesota, and the joke was “I’m not going to get there information, if they hack your employer, they’re going to get all with Italian organized crime because there are no Italians in the stuff they need to start breaking into your bank account. Minnesota.” So I needed something that Minnesota would want. Through training I positioned myself to get over to the squad. About six months into the job, I was asked to take over as So that’s when a little more of the cybersecurity and IT security InfraGard coordinator. I just melded the two jobs together came into it. because InfraGard is all about the community outreach, the ability for the FBI to correspond with our private sector and I started out with what we consider “low-end” work, Internet back. So when I stand up in front of a group at an InfraGard crimes. I also did some intellectual property rights, so I did meeting, my job is to represent my organization and to, again, work with the movie studios for a lot of the movie piracy. make them comfortable, knowing that I’m not going to spread Special Agent Lizabeth Lehrkamp receives the 2014 InfraGard Coordinator of the Year award from FBI Director James Comey at the InfraGard Annual Congress in Leesburg, Va. That was back in 2007, 2008. There were multiple takedowns their information everywhere but use it in a manner that is around that time. And then I started moving over and doing a helpful. And they also need to trust me. So I spend a lot of time little more of the intrusion work, which is higher end, where working on that trust, so that phone call does happen, or the somebody is actually intruding into somebody’s network. email occurs. While doing that, it became clear that a lot of companies weren’t doing enough to protect themselves. We are a law And this way, it also gives me a secure location, because you’re InfraGard Member Focus: enforcement agency, which means that after the bad things familiar with the portal that’s secured and all the members happen, we will come and investigate and try to put the bad have a background check, so if there’s information I need to guys in jail. But when it comes to these types of crimes, if the get out to the community, I have a secured method to get that Lizabeth Lehrkamp due diligence was a little higher, they wouldn’t have been hit to information out. And that’s hugely important, because, as of By Mary Stroka begin with. four years ago, we didn’t really have that great of a way to do it.

And then I got my transfer to Minneapolis in 2010. When I It’s just interesting because I used to be very technical. And got here, they had a new squad, called the human intelligence it turns out that that’s not what we needed. People are still Special Agent Lizabeth Lehrkamp of the FBI’s Minneapolis, she is now serving the FBI on its white collar crime squad in IMA:squad. So how were you able to help? clicking on links. It drives me out of my gourd when you see Minn., field office received the 2014 Infragard Coordinator of Minneapolis, Minn. some of these breaches that are very big and when you trace it the Year award on Sept. 8 from FBI Director James Comey at LL: back, somebody clicked on a link in an email. And that’s what the InfraGard Annual Congress in Leesburg, Va. Lehrkamp, We were honored to speak with Lizabeth to discuss her started the whole thing. I’m like, “Really? Really? A link? You prior coordinator of the Minnesota, North Dakota and South accomplishments throughout her time with the FBI and are When I came in, I was requested by the Assistant Special clicked on a link? And now your company’s out of millions of Dakota InfraGard chapters, was one of 15 Special Agent pleased to relay to the InfraGard membership the experiences Agent in Charge (ASAC) in charge of my squad that we needed IMA:dollars. So Butyou’re that’s still the working thing, that’s with prettythe companies common. and their coordinators nominated nationwide. The award recognizes she has had as a conveyer of knowledge of the security to go and have relationships with our local companies for IT IT? these coordinators who aid in the advancement of InfraGard by industry, a builder of public-private relationships and a special security. There’s a lot of solid businesses here. I mean we darn presenting to members on various threats in order to review IMA:agent How with did a focus you onget cyber started and with IT security. your career with the FBI near own the medical device industry. St. Jude and Medtronic LL: their experiences and best practices. Lizabeth began her career and develop your interest in security? are headquartered here. Boston Scientific is not headquartered (Continued on page 38) with the FBI in 2005 as a Special Agent in Newark, NJ, and here but has thousands of employees. So we have a really, Actually, as of two weeks ago, I switched over to white 36 INFRAGARD CHICAGO MEMBERS ALLIANCE really good and fairly technical work community. The problem VOLUME 1 | ISSUE 3 37 MEMBER NEWS INDUSTRY EVENT CALENDAR

Start making plans today to attend the knowledge-sharing events impacting the security collar. I have a couple of pet projects that my boss has allowed IMA:news; Do we’re you not have going any to interesting put you on stories trial — you you’re can a share victim. with industry in the coming months: IMA:me to What do. kinds of things are you working on in white us? INTERPOL World 2015 CNP Expo 2015 collar? April 14-16, 2015 May 18-21, 2015 LL: LL: Italian organized crimes, talk about interesting stories. Sands Expo & Convention Centre - 10 Bayfront Ave., Singapore Caribe Royale Orlando White collar is financial fraud. Financial institution fraud I worked an eight-and-a-half month wire out in New Jersey. Internationalwww.interpol-world.com Security Conference & Expo West 8101 World Center Dr., Orlando, FL and healthcare fraud are the two main, but we also do some At the end of the wire, I wasn’t allowed to go out on any of April 14-17, 2015 cardnotpresent.comSecureWorld Expo 2015 - Atlanta, GA trade secret cases. the arrests because I was pregnant. I ended up working the Sands Expo and Convention Center - 201 Sands Ave., Las May 27-28, 2015 command post. And you’re talking about a two-year agent. Vegas, NV There’s something that’s kind of crossing over between my old That’s a baby agent. It was me and one other person that www.iscwest.com job and my new job. I consider it a type of accounting fraud and worked the command post, and we were the people keeping Cobb Galleria Centre (Ballroom) 2 Galleria Pkwy SE, Atlanta, GA there’s a lot of information out there but it’s still not getting it all running and in line. There were 144 law enforcement Global Food Security Symposium www.secureworldexpo.com out. Basically, somebody in an accounting department will get personnel involved in the searches and subsequent arrests April 16, 2015 BITS Emerging Payments Forum an email that looks like it’s coming from someone higher up after that. Eight different law enforcement agencies were June 2-3, 2015 in the company, that says to change the wiring information or involved — several state and local. It was an interesting thing wire money to this account. And then they wire the money into to do because we had 20 arrests and 22 searches going on Ronald Reagan Building - 1300 Pennsylvania Ave. NW, that account because it’s like a payable thing. Well, they find that morning, and actually through that afternoon depending Washington, DC Westin City Center - 1400 M Street NW, Washington, D.C. out later that the person who sent the email is not the CFO, on how big the search was. So for a new agent, that’s kind of www.thechicagocouncil.org/event/healthy-food-healthy-world- www.bits.org/events/UDT 2015 (Undersea Defence Technology) June 3-5, 2015 CEO, whoever they thought it was. It’s our bad guy, who has an interesting thing. You have to work out the logistics on it. RSAleveraging-agriculture-and-food-improve-global-nutrition Conference done one of a couple different things, but the whole point is, I’d say, especially being so new, it’s one of the cool things they April 20-24, 2015 this person just took their word for it via email. And in some had me do then. I’m an engineer, so logistics and organizing, Ahoy Rotterdam cases, wired millions of dollars. This is happening across the IMA:spreadsheets, So you think are kind that of your my engineeringthing. background Ahoy-weg 10, 3084 BA Rotterdam, Netherlands Moscone Center country. You have got to warn accounts payable about this. definitely helped prepare you for the FBI? www.udt-global.comGartner Security & Risk Management Summit There need to be better controls in place. Because if you’re 747 Howard St., San Francisco, CA June 8-11, 2015 www.rsaconference.comBorder Security Expo 2015 IMA:paying So attention, you have then pet projects,you’re not or going is that to classified?lose your money. LL: April 21-22, 2015 LL: Yeah! If you think of what engineers do, we’re problem Gaylord National Resort & Convention Center 201 Waterfront St., National Harbor, MD solvers. It’s a lot of what engineers do. My job, because I Phoenix Convention Center www.gartner.com/technology/summits/na/security I like to talk to kids a lot. Especially as a member of Society have a manufacturing background, what often would be is, 100 N. 3rd St., Phoenix, AZ Nuclear Energy Institute’s National Nuclear Security of Women Engineers, I like to work with teenage girls to talk something’s wrong on the line, something’s not working. Conference Bigwww.bordersecurityexpo.com Data Symposium about their career opportunities, whether it’s in engineering or Figure out the problem, fix it, and make sure it doesn’t June 9-11, 2015 April 30-May 1, 2015 law enforcement. These teenagers girls — somebody I spoke happen again. It’s an investigation. The idea is, you do the with at their office, they asked me to go speak with their kid’s logical, scientific thought process. You bring the same thing to Loews Royal Pacific Hotel - 6300 Hollywood Way, Orlando, FL school. One girl asked me a question — “My dad doesn’t think IMA:investigation. So you’re planning to retire soon? Or just from that Holiday Inn Rosslyn at Key Bridge - 1900 N. Fort Myer Drive, www.nei.org/Conferences/National-Nuclear-Security-Conference that engineering or law enforcement is a girl’s job. How do position? Arlington, VA National Homeland Security Conference June 9-11, 2015 I make him change his mind?” I’m like, “Not sure I can help Suitswww.bigdataevent.net and Spooks London you with that, but perhaps become an engineer!” So I work LL: May 6-7, 2015 with kids groups whenever I get the opportunity. There’s an Henry B. Gonzalez Convention Center - 200 East Market St., San explorers group that looks at engineering and IT. And I do a No, no, no just the job itself. … Have you ever seen a Antonio, TX little case with them, and what we did is we split them up into quarterback who tries to hold on too long? So I’ve done what I TechUK - 10 St Bride St., London, EC4A 4AD nationaluasi.com/dru/SecureWorld Expo 2015 - Portland, OR two groups and they had to solve the case. It’s just a fun thing IMA:can here; Do you it’s havetime toany move other on. interests I still have or 10 hobbies more years. you’re Disasterwww.suitsandspooks.com/#!london-2015/cco8 Forum Conference 2015 June 17, 2015 to do with teenagers to get them involved and understanding doing that you’d like to talk about? May 11-14, 2015 IMA:what Whatdoes law are enforcement some things do. that We’re you notare whatespecially you see proud on TV. of over the course of your career with the FBI? LL: DoubleTree by Hilton - Portland Banff Centre - 107 Tunnel Mountain Dr, Banff, AB T1L 1H5, 1000 NE Multnomah St., Portland, OR LL: I have a 625-square-foot garden. It’s one of the good things Canada Electronicwww.secureworldexpo.com Security Expo 2015 about the move from New Jersey; I didn’t have that option back www.disasterforum.caSecureWorld Expo 2015 - Houston, TX June 24-26, 2015 May 13, 2015 In the last four and a half years, I have created a network IMA:there. So That do youwould grow be mymostly outside flowers hobby. or …? of people in the Twin Cities that are willing to call the FBI Baltimore Convention Center not just on IT security but on anything. They’re reaching out LL: Norris Conference Centers Houston/CityCentre 1 W. Pratt St., Baltimore, MD to us versus us reaching out to them. So I’ve created a trust 816 Town & Country St. #210, Houston, TX www.esxweb.com within a large portion of our private industry that we’re not Oh no, no, no — all vegetables. I grow tomatoes, peppers, www.secureworldexpo.com 2nd International Conference on Global Food Security the scary, black-suited, come-to-take-your-computers [people], all sorts of things … and we can and freeze. Beans. I’m a October 11-14, 2015 but we actually would like to be a little more proactive and frustrated farmer, I think. I’d love to own acres and grow help you. From my time in the Twin Cities, that’s really the big massive amounts of food, but I have a full-time job. One that I Cornell University - 144 East Ave., Ithaca, NY accomplishment — getting organizations to trust that what like, don’t get me wrong. Also, my husband and I both cook. We Care to have your event included in a future Industry Event Calendar? Email your event details to [email protected]. they tell us is secure and we’re not going to go and prosecute joke that when I retire, we’re going to have a food truck. www.globalfoodsecurityconference.com 38something.INFRAGARD When CHICAGO you’re aMEMBERS victim, we’re ALLIANCE not going to tell the VOLUME 1 | ISSUE 3 39 40 INFRAGARD CHICAGO MEMBERS ALLIANCE