VOLUME 1 · ISSUE 1 Active Shooters: Can They Be Stopped? 20

Learning From Our Ebola Response Successes ... and Failures 12

Ensuring Protection of Electronic Health Records 16

Securing the Grid Against Copper Theft 18 VOLUME 1 | ISSUE 1 1 TABLE OF CONTENTS

COVER STORY 20 | Active Shooters: Can They

VOLUME 1 · ISSUE 1 Be Stopped?

Official Magazine of

Working to Safeguard Chicago̕s Critical Infrastructure

Editorial Office:

As the trend of school and workplace shootings in this country 4701 Midlothian Turnpike, Ste. 4 continues to escalate, what can the security community do to help Crestwood, IL 60445 the public at large identify the next active shooter and prevent him Phone: 708-293-1430 | Fax: 708-293-1432 E-mail: [email protected] or her from completing the walk down the path to violence? www.imamagazine.org IMA 12 | Learning From Our Ebola The(ISSN Chicago 1553-5797) InfraGard Members Alliance Response Outcomes is published four times per year for

Fanning Communications by Healthcare and Public Health Sector Chief Dr. Terry Donat examines 4701 Midlothian Turnpike, Ste. 4 what we’ve learned from the Ebola experience and how we can Crestwood, IL 60445 better secure our population against the threat of future — and Publisherwww.fanningcommunications.comEditor/ inevitable — epidemics. Graphic Designer ̕ John J. Fanning 16 | Ensuring Protection of [email protected] De Anna Clark [email protected] Writer Electronic Health Records Karl J. Paloucek Editor/[email protected] Mary Stroka Graphic Designer [email protected] Programmer How do we keep unprecedented volumes of highly sensitive data secure? Joseph F. Lindsay III [email protected] Joseph Neathawk Accounting/[email protected] 18 | Securing the Grid Against

Subscription rate is $49.99 per year Janin the KlosUnited States Copper Theft and Canada; $110.00 per year in all [email protected] foreign countries. POSTMASTER: Send address changes to 4701 Midlothian Tpk., Ste. 4, Crestwood, IL 60445. All statements, including product claims, are those of the person or organization making the statement or claim. The publisher does not adopt any such statements as its own, and any such statement Homeland Security Solutions Director Karl Perman describes or claim does not necessarily reflect the opinion of the publisher. © 2014 Fanning Communications, Inc. security experts’ response to the issue of copper pilfering and how we can reduce the vulnerability of infrastructure.

2 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 3 TABLE OF CONTENTS

7 | President’s Message

BOARD OF DIRECTORS 9 | SAC’s Message 10 | Intelligence Briefing

President 15 | Member Notes Paul Sand 25 | Most Wanted AVP, Independent Security Officer, Federal Home Loan Bank of Chicago 26 | WVU Students Help Vice President Develop Mobile Security Erik Hart Software Director, Information Security Solutions, Leo Burnett and Arc Worldwide 28 | Mishaps at Nuclear Programming Director Jo Ann Ugolini Repository Lead to $54M Security and Investigations, Hillard Heintze in Fines Treasurer/Membership Director Thomas Elward 30 | Judges Hear Arguments Infrastructure Protection, Exelon Over NSA Surveillance Secretary/ Communications Director 32 | Drones Could Soon Be a John Fanning President & CEO, Fanning Communications, Common Sight In the Inc. Skies At-Large Director Bruce M. Bina 33 | U.S. — Navy Engineer Tried Vice President of Product Development & to Steal Schematics Design, Adaptive Rescue Concepts, ARC LLC At-Large Director 35 | Artificial Intelligence Aids Amy Bogac First Responders Director, IT Security Operations, Walgreens At-Large Director 36 | InfraGard Member Focus: Erick Nickerson Henry Gralak Partner and Marketing Specialist, CCG Solutions, LLC. At-Large Director Jill Czerwinski We were honored to spend some time with Henry Gralak to discuss Senior Manager, Crowe Horwath his experiences in the security At-Large Director industry and are pleased be able Edward Marchewka to share them with the rest of the InfraGard membership. Information Security Manager, Chicago Public Schools IMA/FBI Liaison 39 | Industry Event Calendar Kathy Hug Special Agent, Federal Bureau of Investigation

4 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 5 PRESIDENT’S MESSAGE

Greetings, Members: IMA On behalf of the membership of the InfraGard Chicago Members Alliance IMA(IMA), I want to welcome you to the inaugural issue of magazine.

magazine has been brought to life as a result of much hard work put forth by many InfraGard volunteers. Through this publication, we hope to better inform our membership of emerging threats and identified best practices impacting security professionalsto and deliver first responders.information into the hands of first responders and security professionals in a timely and accurate manner; andThe missionin so doing, of this serve magazine to inform, is inspire and promote those professionals who protect American lives, liberty and critical infrastructure. Paul Sand, President InfraGard Chicago Members Alliance To ensure the accuracy of what we report, we have created an Editorial Board comprising tenured and respected professionals serving in the security industry. The Editorial Board shall review feature stories and submissions to determine their suitability, relevance and accuracy prior to publication within the magazine.

Our mission is critical. We know the threat is real and that IMAonly through vigilance and preparation may we defend against plans and/or respond to events coming from terrorist groups and rogue assailants. magazine will assist in such preparation.

As critical as our mission is, we also understand that without the support of our advertisers, we could not bring this publication forward. I want to thank each advertiser and sponsor for his or her belief in our mission andIMA support of our magazine. I also encourage our readers to show their support for the businesses and organizations who support our industry by using magazine to identify the suppliers and organizations they may require.

Thank you for your attention.

Sincerely, Paul Sand Paul Sand, President InfraGard Chicago Members Alliance

6 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 7 SAC’S MESSAGE

Greetings,

InfraGard was founded in 1996 by the FBI and is a government and private sector alliance. Although the program was developed to promote protection of U.S. critical information systems, it has evolved through the years into partnerships dedicated to sharing information and intelligence to prevent hostile acts against the United States. The FBI values these relationships more than ever before in today’s threat environment. With over 80 InfraGard Member Alliances (IMA) nationwide, the FBI is committed to sharing information concerningIMA various terrorism, intelligence, criminal and security matters with our partners. In response, the Chicago IMA has successfully created a forum, magazine, to strengthen and further promote the information-sharing process. Robert J. Holley, IMA Special Agent in Charge The vision of magazine is to inform readers of lessons learned and FBI Chicago Division best practices identified by both law enforcement and private sector security professionals. We are excited to be a part of this project. We hope this magazine will provide the readerIMA with information that may assist in protecting assets against cybercrime, counterterrorism, counterintelligence and other threats. Each issue of magazine will be peer-reviewed to ensure the accuracy of information and will focus on providing relevant security information across the various sectors InfraGard is designed to IMAprotect.

magazine is developed by — and for — the members of InfraGard to enhance our ability to protect our nation’s critical infrastructure. I look forward to our continued alliance and applaud your dedication to the information sharing-process. RobertSincerely, J. Holley

Robert J. Holley Special Agent in Charge FBI Chicago Division

8 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 9 INTELLIGENCE BRIEFING

Cybercriminals testing new PoS malware, “Poslogr.” Dec. 2 caused a loss of power to the Frank Murphy Hall employees or connected to DEA employees. The report appears similar to the RedOctober campaign dubbed Cloud of Justice, Coleman A. Young Municipal Center, public found that some DEA personnel exercised poor judgment Atlas or Inception Framework that has been targeting the Dec. 1 — Researchers with Trend Micro detected a new, schools, the Joe Louis Arena, the City-County building, and in giving the man access to DEA personnel and facilities, Android, iOS and BlackBerry devices of specific users in multicomponent point-of-sale (PoS) malware dubbed several other commercial buildings. Detroit Public Schools and receiving gifts from the man. the government, finance, energy, military and engineering “TSPY_POSLOGR.K” that is under development and dismissed students early while The Detroit Historical “DeathRing” malware found preinstalled on sectors in several countries via spearphishing. The Museum and Detroit Institute of Arts closed as crews malware appears to be primarily designed to record phone yields similarities to a recently discovered variant of smartphones. the BlackPoS malware. Poslogr is designed to read the worked to restore power following the rescue of dozens of conversations and can also track locations, monitor text memory linked to specific processes and collect people from affected buildings. messages and read contact lists. payment card information, and researchers continue to New “LusyPOS” malware uses Tor for C&C Dec. 4 — Researchers with Lookout published a report Hackers breached payment solutions work towards identifying which processes are scanned by Communications. that found that low-cost and counterfeit smartphones provider CHARGE Anywhere — Undetected the malware. manufactured in Asia and Africa that come with a piece of since 2009. FIN4 attack group targets firms for stock pre-loaded malware known as “DeathRing” that originates market profit. Dec. 3 — CBTS researchers analyzed a new variant from China. The command and control server for the of malware dubbed “LusyPOS” that leverages the Tor malware appears to be offline, and the malware could be Dec. 9 — Electronic payment solutions provider CHARGE network to deploy a technique known as RAM scraping used for SMS or browser phishing. Anywhere stated Dec. 9 that attackers had gained access to Dec. 1 — FireEye researchers published a report on a to collect payment card data from infected systems. The Health insurance online threats revealed. its network as early as November 2009 using a previously group of attackers known as FIN4 that have targeted malware is similar to the ChewBacca variant which was unknown and undetected piece of malware and were able high-level figures at various financial services companies, used to steal payment data from several dozen retailers in to capture payment card data from some communications advisory firms, and regulators in order to obtain inside the U.S. and other countries. Dec. 5 — RiskIQ researchers found that websites hosted by that did not have encryption. The company discovered information on business decisions for possible use in stock Iranian CLEAVER hacks through airport third-party code libraries, external providers and excessive the compromise Sept. 22 and an investigation found that trading. The group has been active since mid-2013 and security, Cisco boxen. mobile app permissions represent the largest risk to users network traffic capture occurred between Aug. 17 and uses visual basic applications (VBA) macros in Microsoft of health insurance Web and mobile self-service tools, Sept. 24. Word documents and links to fake Outlook Web App login now that providers are investing in Web and mobile app Moldova: Seven arrested suspected of infrastructures to establish new customer touch points. pages in order to obtain user names and passwords. Dec. 3 — Researchers with Cylance published a report on uranium smuggling. OpenVPN versions released since 2005 a suspected Iranian hacking group that has compromised 19 hospitalized, thousands evacuated in affected by critical flaw. a variety of targets including government and military “intentional” gas leak at Rosemont hotel. systems, telecommunications companies, research Dec. 9 — Authorities in Moldova stated Dec. 9 that they facilities, airports, defense contractors, and utilities in arrested seven people for allegedly smuggling seven Dec. 2 — The developers of the open-source virtual private a campaign dubbed Operation Cleaver. The researchers Dec. 7 — An intentional chlorine gas leak left 19 people ounces of uranium-238 mixed with uranium-235 worth network software OpenVPN released a new version of stated that the group compromised critical infrastructure hospitalized with symptoms of nausea and dizziness, around $2 million. An investigation aided by the FBI found the software to address a critical denial of service (DoS) assets and Cisco networking equipment but did not engage and evacuated thousands of people for two hours from that the suspects were part of an alleged smuggling group vulnerability which could allow authenticated attackers in manipulation of those systems. the Hyatt hotel in Rosemont, Ill., Dec. 7, during an annual that had specialized knowledge of radioactive materials and how to cause servers to crash. The vulnerability affects all DNSimple suffers downtime due to 25 Gbps convention. Authorities found a substance consistent to prevent their detection while in transit from Russia. OpenVPN 2.x versions released since 2005 as well as DDoS attack. with powdered chlorine in a stairwell at the hotel and “Critical” security bugs dating back to decontaminated the area. OpenVPN Access Server versions prior to version 2.0.11. 1987 found in X Window. Low-risk cybersecurity issue found at nuclear New variant of Neverquest banking trojan plant. Dec. 3 — Florida-based DNS provider DNSimple reported targets North America. that it experienced a distributed denial of service (DDoS) Dec. 10 — The developers of the X Window System for attack Dec. 1 that peaked at 25 Gbps and lasted around 12 Linux and other Unix operating systems issued patches Dec. 2 — The operators of the PPL Susquehanna Steam hours, causing outages for the company and its customers. Dec. 8 — Researchers with IBM Trusteer reported Dec. 5 closing several vulnerabilities that could be exploited to nuclear power plant in Salem Township stated that The company stated that DNSimple was not targeted but that they have observed a new variant of the Neverquest crash the system or run malicious code as the root user they were in the process of correcting an undisclosed was affected by the DDoS attack after domains already banking trojan being used predominantly against financial after they were identified and reported by a researcher at cybersecurity issue at the plant identified by the U.S. under attack were delegated to the company. institutions in North America, with some additional IOActive. Nuclear Regulatory Commission (NRC). The issue was Investigation reveals how Florida man ripped targets in the media, gaming and social networking OphionLocker, the new ransomware on the industries. The malware has been distributed by drive-by described as a low-risk issue and interim measures were off DEA. block. put in place to address the vulnerability following the NRC downloads using exploit kits as well as by the Chaintor and inspection until the permanent measures are complete. Zemot trojan downloaders. Detroit goes dark: Massive power outage Dec. 3 — A report from the U.S. Department of Justice’s Red October cyberspy op goes mobile via Dec. 11 — Researchers with Trojan7Malware identified affects courthouse, schools and more. Office of the Inspector General found that a now-deceased spearphishing. a new piece of ransomware known as OphionLocker that Jacksonville man who ran the FEBG Bond Fund operated uses elliptic curve cryptography (ECC) to encrypt the data the fund as a Ponzi scheme that defrauded around 130 on victims’ systems and demand a ransom to decrypt the Dec. 2 — An electrical grid failure in downtown Detroit individuals of over $30 million, more than half of whom Dec. 10 — Researchers with Blue Coat and Kaspersky Lab files. The ransomware was observed in the wild being spread 10 INFRAGARD CHICAGO MEMBERS ALLIANCE were current or former Drug Enforcement Agency (DEA) identified and analyzed a cyber-espionage campaign that by the RIG exploit kit in drive-by downloadVOLUME attacks. 1 | ISSUE 1 11 “I think the biggest thing I think the CDC [Centers for armed forces medical intelligence center at Fort Dietrich. Disease Control and Prevention] learned is, you have to We have nothing like that in the private sector.” deal with the uncertainties,” Donat says. “You have to admit that they’re there, and let adults deal with the issues Nothing so formalized, in any case. What we do have to as they actually exist — not as you want to couch them. work with, Donat says, is a service called ProMED-mail Because as soon as there’s one exception, you look like (Program for Monitoring Emerging Diseases, you don’t know what you’re doing. Or that you’ve withheld ProMEDmail.org). ProMED-mail is an Internet-based it purposely.” Obviously, neither of these outcomes resource for reporting up-to-date information on any is desirable for management of a crisis of unknown situation with the potential to affect the health of a proportions. populace or the worldwide population, be it infectious disease, radiation or other toxic exposure. Say, for example, Donat is careful to caution about a fundamental difference that you witnessed peculiar, acute symptoms in a group separating Ebola from diseases that are much more of people in a particular location on any given day, for communicable, in particular, those that are spread via which you have no explanation. Testing has ruled out the (AP Photo/CDC, File) the respiratory system. “At the same time Ebola was most obvious problems, but you’re still without an answer happening, there was an enterovirus that was respiratory- and a treatment plan. By posting your observations to “The private sector, in healthcare especially, really has to see itself as part of Guarding Against the the security in this country. … They have to be at least aware and Next Ebola theoretically more able to respond than we [in public health] probably are.” Healthcare and Public Health Sector Chief Dr. Terry Donat examines what we’ve — Dr. Terry Donat, InfraGard Public Health and Healthcare Sector Chief learned from the Ebola experience and how we can better secure our population against the threat of future — and inevitable — epidemics. By Karl J. Paloucek spread [that ran] across this country — and actually killed the ProMED-mail site, you can ask an audience of tens of a lot more people,” he says. “I always looked at it this way thousands of professionals worldwide if the symptoms — two things: Number one, sometimes we focus on some match anything familiar in their experiences. things that are scarier at the loss of what may be more It’s been years since public health officials first warned is, and how much room for improvement remains. “I think important. The other thing is that if we had a respiratory- “Basically, you’re using distributed intelligence or intellect that a massive epidemic in America was all but inevitable. the few things that really mattered, the things they failed spread virus — the classic would be influenza — how far to bear on a problem,” Donat explains. “February and It hasn’t been a question of “if,” but of “when.” And upon, were, ‘How are we going to secure this country?’ and behind the eight ball would we really be? It would spread March is when they started to see Ebola, of last year — somehow, the general response to Ebola’s arrival was ‘How are we going to secure individuals that are dealing so rapidly. … They couldn’t get ahead of it. … Say it had well ahead of all the crowdsourcing that proved that Ebola predictable: Alarm. Fear. Uncertainty. A lack of public with this?’” he argues. “I would have thought that in the only 10-percent mortality, not 50 or 90 — they wouldn’t was coming.” understanding. Unsure government reaction. The last 10 years, they would have put together huge pdf and Informationbe able to do it.”and Prevention Are the Key international Ebola crisis isn’t over by any means, but video packages that, if something like this happened, In tandem with the dissemination of information, swift even with the relatively low initial casualty rate inside our they would have just emailed all of the people in all the and effective vaccination will be of critical importance in borders, is there an acute need for those on the frontlines hospitals and cities these large information packages, as Organizations like the CDC and the National Institute for preventing the spread of viruses. “That’s going to be the of health and public safety to re-evaluate its methods and opposed to spitting it out on an ad hoc basis.” Occupational Safety and Health (NIOSH) represent only key for Ebola,” Donat says, “because we have no direct revise its procedures? roughly 20 percent of the healthcare system nationwide. Howtreatment.” Do We Proceed? In a crisis marked by high anxiety, managing the fear The overwhelming majority of healthcare industry is in the According to professionals in the field, including Dr. Terry surrounding the contagion is paramount. Accurate private sector. This is why, Donat asserts, it’s so important Donat — InfraGard Public Health and Healthcare Sector and timely information is the most effective weapon that individuals and institutions in the private sector begin Immediacy of information is one of Pro-MED-mail’s WhatChief — Could the answer We Have is aDone resounding Better? yes. in combating both the unknown variables that are the to adjust their perspectives with regard to their roles in strongest assets that it offers to those in the field. From source of people’s fears, as well as for preventing the preserving the security of the population. “They haven’t the minute a post identifies a trouble spot on the globe, spread of disease. By not directly addressing people’s really seen themselves as the response,” he suggests. those concerned with issues of public health at any level Donat suggests that although casualties from the fears regarding communicability, means of transmission, “Number one, the private sector, in healthcare especially, can begin an analysis of the potential risks and begin to initial incursion of the Ebola virus into America were common symptoms and how to respond in case of really has to see itself as part of the security in this develop immediate strategies aimed at containment and comparatively low, we shouldn’t be too proud of our a possible infection, the fear of the unknown grows. country. Apart from just providing healthcare, they have to minimizing exposure. And even with that advantage, it’s overall response. Our lack of situational awareness with With it grows the probability of misinformation and, be at least aware and theoretically more able to respond still a daunting problem with dimensions(continued and dynamics on page 14) regard to this disease and how to cope with it upon its consequently, more widespread infection. than we [in public health] probably are. The second thing I 12arrivalINFRAGARD illustrate CHICAGO just how MEMBERS vulnerable ALLIANCE the existing system think is, the need to have information. The military has an VOLUME 1 | ISSUE 1 13 NEWS MEMBER NOTES

Edward Marchewka Moderates Panel at Chicago Leadership Forum that are nearly impossible to grasp completely, especially contagious diseases worldwide and to be remain open and when you consider that it’s not just those in the public or up front about the threats posed by any of them so that private sectors of the healthcare industry, but businesses healthcare as a whole can — hopefully — stay ahead of the In November, serving in his capacity as Information Security Manager and travelers of every sort who may come into contact next Ebola, whatever it may be. of Chicago Public Schools, Edward Marchewka moderated a panel at with those who are at risk. the 2014 Chief Information Security Officer (CISO) Leadership Forum in Chicago, as part of the Argyle Executive Forum. The InfraGard At- “What you have to do is say, ‘Where does [the outbreak Large Director, along with the panel that included Greg Bee (CISO, of contagion] exist? What are the means that it gets Country Insurance & Financial Services), Rich Campagna (Vice President transmitted?” Donat offers. “And, ‘Do I or any of the of Products, Bitglass), Tony Coppa (Vice President of Engineering, activities that I have with my employees or family or AvePoint), John Johnson (Global Security Strategist, John Deere) and anyone cross paths?’ I think while many people in security Fred Kwong (Head of Privilege Access Control, Farmers Insurance have not looked at those things before, they certainly do Update: The Saline Shortage Group of Companies), addressed a robust program of issues confronting when it comes to criminals, or their supply lines, or their information security professionals today. resource lines, or physical access to buildings. It’s sort of underutilized [in healthcare].” One of the ongoing concerns for the healthcare industry in the U.S. is the continued shortage of The discussion, “Securing the Organization While Embracing New Edward Marchewka, Innovations,” examined emerging technologies and their likely impact on Information Security Manager of A case study: According to the CDC, on March 30, 2014, saline. For a country facing a possible epidemic outbreak of Ebola, this is potentially cataclysmic. business for the coming year, the many-textured pros and cons of cloud Chicago Public Schools Liberia’s Ministry of Health and Social Welfare reported to computing, data storage and collaboration, and the current best practices Firestone officials the first known case of the Ebola virus “The reason people die in the 50-to-90 percentile over there [in Africa] is that they mostly die from to implement for successful incident response. Other compelling, forward- inside the company’s Liberian rubber tree plantation. thinking topics explored the questions of whether or not IT security Firestone Liberia took immediate action to prevent further dehydration,” Donat explains. “If you had to look at a confluence of bad things … if your fluid for should be a business enabler, and how IT security can foster a culture of spread of the disease among its workers and the local security within a given organization. population. They set up an incident management system, rehydration and mixing medicines and irrigating established procedures for recognizing those with Ebola wounds is at a low, and you were to get [a viral Robert Reyes appointed as the new Incident Response epidemic] at the same time where your basic source symptoms and immediately isolated them. By enforcing Lead to HALOCK strict adherence to Ebola infection guideline standards, of making saline is down, you’ve got a major, major and offering variable levels of management for those problem.” who had come into contact with the infected based on New InfraGard member Robert Reyes was recently appointed as the new For example, if a great influenza epidemic were their exposure — such as voluntary home quarantine or Incident Response Lead to HALOCK, an information security services to hit — as with Ebola, influenza patients require quarantine in facilities designed to treat the infected — consulting firm based in Schaumburg, Ill. A graduate of the University a tremendous amount of rehydration, particularly Firestone officials successfully contained the threat. of Arizona, Reyes spent more than 18 years as a special agent with the intravenously if they are too sick to actively swallow Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), and six and keep the fluids down — an inability to meet “Whatever past controversies Firestone has had from their years with the Army Criminal Investigations Division’s Computer Crime the demand for saline could, for a measurable rubber plantation there, as far as dealing with Charles Investigation Unit. Taylor and the genocide and that, they’ve done an excellent percentage of infected persons, mean the difference between life and death. job [dealing with Ebola]. When there was a person who “Robert’s 25 years of law enforcement experience make him a came back from an infected area who had Ebola, they tremendous complement to HALOCK’s existing team,” Jim Mirochnik, “I think the importance there is — whether you’re quickly quarantined and took care of that person. They CEO of HALOCK offered. “Reyes will be leveraging the custom tools and in health or not — to know about what’s going on,” quarantined him and the contacts very quickly. Then they processes he utilized at the Agency to further enhance HALOCK’s incident Donat asserts. “How do we make sure we have our made sure everyone was aware what was going on, and response delivery framework. This combination of Reyes’ government supply chains ramped up for these things? Those if anyone had symptoms, they said, ‘We’re going to take experience along with HALOCK’s commercial experience rounds out our are the critical, important things, because you can’t care of you. We’ll quarantine your family. We’ll take care already strong Incident Response offering to provide a level of breadth just throw people at it without the logistics and of them.’ They made awareness [a priority], and then they and depth that is difficult to match.” had resources committed that people trusted. And they support behind that.” Robert Reyes, were able to lock it down. … I think it was a great success InfraGard welcomes Reyes and congratulates him in his new role. Incident Response Lead for HALOCK story for the private sector.” Currently, saline is being imported from Europe to compensate for the shortage in the U.S., but at a The speed with which Firestone responded to the threat time when the world is looking to the thousands who IMA Seeks Your Voice made all the difference. That immediate effort to get have died in Sub-Saharan Africa, the imperative to in front of the disease and to contain it before it could return production levels to normal — and to keep IMA eagerly seeks contributions from professionals in any of the 16 security sectors specified by InfraGard. Stories may be submitted as ideas, drafts or in finished form. (We reserve the right to edit or reject submitted copy). Industry spread to the rest of the worker population paid off in existing saline-production facilities worldwide secure white-papers, press releases and suggestions for Member Notes content — including promotions, honors or activities lives saved, and demonstrates the importance of having — should be considered a global priority. within the profession — are all welcome and may be sent to: [email protected]. an actionable plan in place before an epidemic occurs. It behooves members of the public and private sectors of the 14healthcareINFRAGARD industry CHICAGO to beMEMBERS proactive ALLIANCE in their monitoring of VOLUME 1 | ISSUE 1 15 expand security requirements to include business Gough anticipates that the transmission aspect of data associates, a group that includes data storage and cloud now makes protecting it a lot more challenging, especially service providers. given the greater numbers of users. Still, he says, he’s not certain if 4Discovery has handled a data-loss event relating The resulting atmosphere of increasing liability requires to electronic health records.” A malpractice suit involving open communication. “One of the worst things that the obliteration of nurses’ notes might provide an example, can happen in the event of an information breach is but it may be too early to tell, he says. Solving the mystery Monitoring The Changing that everyone shuts down and stops communicating,” of who managed to delete the records, however, might shed Hertzberg says. “It’s much better for parties doing light on the status of nurses’ notes as permanent records. business together to work out a plan to communicate in advance of something happening. This results in problems Still other complexities have surfaced in the changing Health Records Landscape being solved much sooner.” landscape of electronic medical and health records. Gough related the case of two doctors parting ways: One doctor How do we keep unprecedented volumes of highly sensitive data secure? Conducting “a risk assessment” provides an essential copied patient records to start his own practice. While the By Susan DeGrane first step to making a good faith effort to adhere to HIPAA records were in the original practice, they were protected privacy and security obligations. “Even if there’s already by a security server, by passwords and office doors that been a security breach, once you assess the risk, you can locked, but when the doctor downloaded information, identify and prioritize risks,” Hertzberg explains. “You can suddenly the data was no longer encrypted or protected. By extending healthcare insurance to people not medical record” and “network server” appeared with begin to address problems.” previously able to afford it, the Affordable Care Act greater frequency. “In this case it’s mandatory to notify patients,” Gough says, inundated insurers and healthcare providers with Best practices for handling HIPAA-sensitive data can be “and there is cost associated with notification.” Beyond unprecedented quantities of new personal data and Increased vulnerability to identity theft seems to be a found in abundance all over the Internet. Still, Hertzberg determining which doctor should have rightful access to health information. The act also mandated “meaningful given. “Obviously, the more stuff you put out there, the qualifies, “I wish government were more clear about patient records, there’s the additional burden of deciding use” of electronic medical records by public and private greater the likelihood of problems,” says Hertzberg, who exactly what HIPAA compliance actually means. That’s who is obligated to pay for informing patients of an healthcare providers by 2014. This opened the floodgates has specialized in HIPAA-related security and privacy risk something the government still needs to work on.” information breach, he says. A misuse of data could result for additional electronic transmission of personal data and management for more than 15 years. in additional liabilities. corresponding threats to privacy and security protections While more clarity is needed, expectations for those And there’s no getting around putting the information who handle personal health information are steep. As already guaranteed by HIPAA, the Health Insurance The sheer volume of new data brings unwieldiness as out there. Now, in order to qualify for full Medicare and Hertzberg explains, the OCR expects protection to extend Portability and Accountability Act. well. “If all you’re doing is socking away information, Medicaid reimbursements, healthcare providers not only beyond the grave. That’s because it’s not uncommon for that doesn’t mean you can necessarily get to it,” says Trexin Consulting, a technology consulting firm, has a must show proof of meaningful use of electronic medical unscrupulous individuals to hijack information from the Kapetansky of Trexin, pointing to the arrival of big data name for the virtual tsunami of data and corresponding records (EMR) and electronic health records (EHR), they deceased to obtain medical coverage. In one case, a woman and the necessity of data marts that enable users to shop obligations for its safe handling — “disruptive change.” also must demonstrate “that they are doing everything sought treatment for ovarian cancer after forging the for data. However ominous that may sound, this also means that possible to protect personal data,” Hertzberg says. identity of a deceased individual. She also eventually died, untold threats also hold countless opportunities for new Many people automatically assume that the government but not before the insurer paid more than $600,000 in Tapping personal health information is essential to business. now requires encryption of data, but that’s not the case, coverage toward her medical bills, Hertzberg says. providing better care and reducing cost. As an example, “This is not a Steven Jobs iPhone moment,” says Glenn he says. That’s because many smaller healthcare providers Greed, personal advantage or malicious intent are Kapetansky suggests, if a patient would benefit from the Kapetansky, chief security officer for Trexin, which serves — individual doctors’ practices and clinics — cannot frequently suspected behind security breaches, but often latest information about knee-replacement surgery and clients in several industry sectors, including healthcare. necessarily afford it. Even so, Hertzberg says, “If you do those motives have not been factors, according to Chad a healthcare provider wants to relay this, the ability to “It’s more like several dominoes falling all at once. … If we use encryption, it provides a safe harbor. If you have a data Gough, a computer forensics examiner for 4Discovery, a access health and personal contact information needs to were drowning in data before, now it’s gone way beyond breach and you have encrypted the information, you don’t company specializing in digital and mobile forensics. “Until be strong enough to do this. It’s not a matter of pirating that.” have to report it.” fairly recently, we’ve seen a lot of inadvertent disclosure data to market an unwanted product, he asserts. “It’s OK with people who are taking work home on laptops.” if a hospital uses its insights to provide best care. They’re The Office for Civil Rights (OCR) of the Department of In all of this, data protection will continue to include the not invading your privacy. They’re just using information Health and Human Services (HHS) is responsible for the destruction of documents. A medical practice or hospital Laptop risk is fairly easily mitigated with a password and they already have to address patient needs.” administration and enforcement of HIPAA privacy and transmitting encrypted records, and using password- encryption, he adds. One such scenario involved a nurse’s security rules. It posts security breaches among healthcare protected computers and laptops, must also destroy aid completing a spreadsheet at home. It was necessary Regardless of the many challenges, electronic sharing providers serving 500 or more patients. These postings documents so that if there’s an office break-in, the to determine what other devices, such as her phone, may of health information among healthcare providers and have been dubbed by those in the security industry as “the information remains safe, Hertzberg says. With document have been used to download or transmit information. “You insurers is expected to improve care. If all goes well, the wall of shame,” says Jan Hertzberg, a director at Baker Tilly, destruction, a lot of problems go away. don’t generally need a subpoena for something like this result is a “longitudinal patient record” that contains an an accounting firm and technology risk services practice. because people are cooperating,” Gough says. “But if they individual’s complete medical history, which provides a Still, according to Hertzberg, unlike the bygone era of more comprehensive picture and enables better care. “At paper records, many more parties share the burden of don’t cooperate, then you must obtain a motion to compel, Breaches related to healthcare personnel using and losing best,” says Kapetansky, “this is something on the order of responsibility for protecting information, whether at rest which is a judge’s order to cooperate and turn over the zip drives and laptops seemed to dominate earlier a health history compiled by the old country doctor who’s or in transmission. That’s because HIPAA requirements information.” postings. In 2014, however, the terms “theft,” “electronic known you your entire life.” 16 INFRAGARD CHICAGO MEMBERS ALLIANCE were updated in 2013 via the Final Omnibus Rule to VOLUME 1 | ISSUE 1 17 who may receive stolen copper aware that the copper was adding that making it a higher misdemeanor or felony to indeed stolen. Security officers, motion sensors, alarm tamper with critical infrastructure would garner more systems that sound when somebody tries to climb or cut a police attention. Requiring people to provide government- fence, locking up the spools in sealed containers that have issued identification when selling more than a particular some kind of access control, and accurate daily inventories poundage of copper also prevents a lot of people from are all employed to reduce the risk of theft. illegally selling the material.

When thieves are successful in acquiring copper, they can “Everyone across the board is really doing a better job. still be apprehended. Businesses can mark spools and the This stuff, which used to be stored outside right next to an wire itself with the company’s name so that ownership building or next to a railroad crossing … now everyone’s can be proved in prosecution; they can spray paint the pretty much locking this stuff up like it’s gold,” he said. “So copper a particular color, or even use data dots that only there’s a little more awareness of it.” appear when exposed to ultraviolet light. This is where the essential coordination between energy companies, scrap For example, electrician crews that do critical dealers and law enforcement comes in. Upon realization infrastructure work now take copper spools and assets that copper has been pilfered, companies can report the from the warehouse and have to prep the job site instead loss to the Institute of Scrap Recycling Industries Inc.’s of, as in the past, going right to the site and starting (AP Photo/The News Tribune, Bruce Kellman) (ISRI) website: scraptheftalert.com, a nationwide program. to work after inventory associates had dropped it off, Scrap dealers can check the website and ascertain whether since the materials could be taken overnight. According or not copper they receive matches the description of to Perman, crews often require extra time to transport stolen copper. materials from storage to the site. “[It] could be at least one to three hours a day depending on where the material Thwarting Copper Thieves “The way it would work is, someone would steal it, warehouse is located and where the worksite is. It adds up someone would realize it’s stolen … and they would over time.” report it to the ISRI … and then thexyz ISRI would then send Through Promoting Partnerships out an alert saying, ‘Hey, Joe’s electricity company in There are also many people that are starting to use Omaha, Nebraska, had a theft of wire. Please be on the copper welded grounds instead of pure copper, which is Homeland Security Solutions Director Karl Perman describes security experts’ lookout,’” Perman described. “And then a recycler would less attractive to thieves since it is a lot less valuable, or get that actual copper in their store or yard and say ‘Oh, using other metals such as PVC, plastic, nylon or polymers response to the issue of copper pilfering and how we can reduce the vulnerability wow, look, this guy’s trying to sell this’ and then basically instead of copper. Advances in security technology have of infrastructure. call the authorities … when they turn it over, that would been instrumental as well, with the increased ability be considered a recovery for that particular property, so to include multiple technologies on one platform, the By Mary T. Stroka that’s how they track those stats. availability of remote monitoring, and generally more affordable security options. Cameras now have infrared, “There are legitimate scrap resalers and there are low-light and thermal functions, and have really come a illegitimate scrap dealers, but I believe the ones that long way in the past decade. subscribe to this ISRI program are legitimate and they’re As the trend of copper pilfering continues to occur due to lead to a blackout. He said that thefts “run the gamut” trying to do the right thing,” he said. “And that’s why “Where there’s money to be made, there’s always going its high value in the market — around $3 per pound at the from less intelligent criminals who, unaware of the risks there’s been success with the partnership between those to be that supply of people willing to make it, even if it time of this writing — security measures taken to protect of electricity, break into yards and touch energized lines, of us in critical infrastructure, law enforcement and then includes nefarious activities,” he said. “I think that the the valuable equipment have increased. risking electrocution, to insiders at utility companies who, along with the actual scrappers themselves.” Use of the different technologies that are available, the awareness having access to the site, may borrow their company’s website has increased from 652 alerts in 2009 to 2,240 at of it, the partnerships that have been made with the law The cost of time spent replacing the wire, coupled forklift and take copper from the copper dumpster for press time in 2014. There were about 18,000 active users enforcement, as well as the scrap dealers themselves, have with the purchasing cost of new copper, takes a toll on an “unofficial bonus program.” Other thieves might take in 2014 with a total recovery amount of about $1,575,532. mitigated somewhat the [problem] … I think this would infrastructure. Karl Perman, the Director of Homeland material that has been salvaged or is found on the ground. have been a lot worse than it is today if there were not Security Solutions, said that the cost of replacement along Or, what has become prevalent is the stealing of large rolls In order to help encourage the scrappers even further to these steps in place; if people were not taking advantage with the personnel cost is “easily triple the cost of salvage of uninsulated or insulated copper wire and burning the join and use the program, he suggested increasing their of the technology; if they were not having awareness; if value” since people have to be redirected from other coating off and selling the exposed copper wire for salvage. recognition for their participation, perhaps a decrease they weren’t having the partnerships, I think we’d be a lot previously scheduled work to replace the copper, which in their insurance premiums, a “stamp of approval” from worse off than we are today. … However … the problem slows the progress of their newer projects. The FBI, scrap dealers, and the various utility companies ISRI, or even a reward program, which would lessen the still exists. It’s still a large problem and that’s because of that use copper have taken a variety of steps to guard ability of thieves to sell the copper. supply and demand. There’s copper that’s available and The two biggest concerns about dealing with the problem, copper and lessen the likelihood of thieves’ success. The folks are going to be willing to steal it.” in addition to the high cost of replacing copper, Perman measures counter every step of the pathway thieves have “I think also more public education of the issue as well as noted, are the potential for loss of life to the perpetrator to take to pilfer: from detection of thieves’ entry and more making laws, particularly against theft from critical and the loss of power to a particular area, which could prevention of access to the copper, to making scrap dealers 18 INFRAGARD CHICAGO MEMBERS ALLIANCE infrastructure; I think that goes a long way also,” he said, VOLUME 1 | ISSUE 1 19 TACKLING THE ACTIVE Findings of the FBI’s Active In September of this past year, the Federal Bureau Shooter Study of Investigation (FBI) released the results of a study HOOTER REND examining 160 active shooter incidents that took place The FBI’s “A Study of Active Shooter Incidents S T between 2000 and 2013. The aim of this study was to in the United States Between 2000 and 2013” provide first responders with information to assist in the comprises 160 such events, including the shootings preparation and response to such events, in the hopes of at Virginia Tech; Sandy Hook Elementary School; saving lives and keeping themselves out of harm’s way the U.S. Holocaust Memorial Museum; Fort Hood; As the trend of school as best as possible. An overview of the study’s findings the movie theater in Aurora, Colo.; the Sikh temple and workplace shootings (at right) illustrates some of the facts about this trend in in Wisconsin; the Washington Navy Yard, and many violence, but analysis is only part of the puzzle of how to others. Some of the fi ndings aren’t so surprising, but in this country continues respond to such incidents. the study does paint a dynamic picture of the active to escalate, what can the shooter phenomenon as it continues to unfold: security community do to At the most recent InfraGard quarterly meeting, two presenters, Bureau spokesperson Jill Pettorelli and Robert • Frequency of active shooter incidents is on the help the public at large Davis, Senior Vice President of West Coast Operations at rise: The fi rst seven years of the study yield identify the next active security risk management firm Hillard Heintze presented an average of 6.4 incidents annually. The last to attendees on issues of active shooter prevention and seven years average 16.4 incidents each year. shooter and prevent him tactical response. The questions raised by the speakers or her from completing addressed the core issues concerning those hoping to • Not counting the shooters, these 160 incidents the walk down the path to manage active shooter situations in the future, such as: resulted in 1,043 casualties, including 486 How do these incidents play out? Why do shooters do deaths and 557 wounded. violence? what they do? And what are the most effective strategies, By Karl J. Paloucek both for preventing an at-risk individual or group from • Out of the 160 incidents featured in the study, acting out a lethal fantasy, and for engaging everyone all but six shooters were male. And only two from first responders to those in business management incidents involved more than one shooter. to proactively take a leadership role in creating an active shooter response plan. • More than half of the episodes — 90 of the 160 — ended on the shooter’s initiative, whether by Most incidents involving an active shooter end in mere suicide or fl ight. minutes — typically before first responders even make it to the scene. For this reason, Pettorelli asserted, it’s • In 21 cases, unarmed citizens managed to imperative that businesses and institutions of every stripe successfully subdue the shooter. In 21 incidents establish an efficient, achievable plan for the active shooter in which law enforcement engaged the shooter, Whocontingency. Is the Shooter? nine offi cers were killed and 28 were wounded.

• In 73 of the 160 events included in the study While it’s a common perception that the active shooter (45.6 percent), the shooting took place in a can be profiled as an angry, withdrawn individual who commercial environment. The next-highest may affect a certain outward appearance, be it “goth” or number of events — 39 (24.3 percent) — another form of countercultural expression, the truth, occurred in an educational setting. The according to the Bureau’s study of these situations, is remaining incidents took place at government rather less clear. People who have started down the properties, open spaces, houses of worship and “pathway to violence,” as the Bureau describes it, may other locations specifi ed in the study. not fit a convenient stereotype, but the good news is that there are some common attributes through which these troubled individuals may be successfully identified by those close to them.

It’s reasonable to expect that a potential shooter might for — and what it suggests that threat assessment teams have a history of mental illness and a possible criminal look for, in turn — are exhibited patterns of behavior record. But these are highly fallible criteria: Not everybody and personality suggesting that an attack is possible. The who requires treatment for mental or emotional disorders warning signs are plentiful: Typically, the potential shooter (AP Photo/Julio Cortez) is even diagnosed, let alone treated; and many potential will be someone who has self-esteem(continued issues, and on who page feels 22) shooters may not yet have any criminal record of note. 20 INFRAGARD CHICAGO MEMBERS ALLIANCE According to Pettorelli, what the Bureau does tend to look VOLUME 1 | ISSUE 1 21 INSIGHT

isolated or excluded from his or her peer group. He or “snaps,” or “goes postal” — in virtually every case, the she likely displays an extreme, disproportionate sense of shooter has followed a similarly predictable pathway anger and a heightened sense of paranoia, and also shows to violence. By definition, then, if there’s a predictable a fascination with acts of violence in film, television and/ pattern of behavior involved, it is possible to detect and or video games. Preventionprevent a tragic and outcome. Preparedness

It’s not uncommon for a potential shooter to voice thoughts relating to a possible attack well in advance — The threat of an active shooter can exist in any segment talk about revenge or of having a “hit list” is a major red of society — from schools and government offices to any flag that should not be ignored. At this junction in the business in the private sector. Because of this high degree pathway to violence, such talk may be interpreted as a plea of uncertainty, formation of a threat assessment team for for help on the part of the at-risk individual, a seeking out any business or institution should be regarded as a must, of a necessary intervention before the plan taking shape in with an active shooter committee as part of the task force, that person’s mind has to be pursued. aimed at focused communication between the threat assessment team and the immediate community. Other signs to watch for include delusional perceptions 1.Proper Identification threat assessment happens in three stages: or behavior, as well as any significant loss for the person of concern, be it a job, relationship, family member or – Detection of an at-risk person who certainty of the future — particularly if the person has exhibits behavior common to previous active shooters. no apparent mechanism for coping with the loss or any Any individual manifesting symptoms of depression, real emotional support. The combination of these factors intense anger, disproportionate feelings of hurt or can suggest an individual highly at risk of doing harm to 2. Assessmenthumiliation, and/or a fixation on violence should raise himself or herself, or to others. an alarm. – Determination of whether or not the School resource officers train during an active shooter scenario at Sevierville Intermediate School in Sevierville, Tenn., Monday, July 7, Another potent sign, of course, would be a sudden, person or people pose a legitimate threat, or if the 2014. (AP Photo/The Mountain Press, Curt Habraken) contextually inappropriate acquisition of guns or other warning signs prove to be false indicators based on weapons. Context is extremely important here, because further investigation. Institutions and businesses need there are plenty of people who work in the security 3. Managementto be trained and equipped to properly make this industry, for example, for whom acquiring guns and distinction. training with them is part of their working lives. While – Taking timely, active and appropriate important to establish a threat assessment team, and right possible for security professionals or advocates to have access to guns isn’t the single most important risk factor steps to minimize the threat of violence — in best-case from the outset, to involve everyone in the community it eyes or ears everywhere. on its own, it has proved to be absolutely pivotal for the scenarios, intervention. intends to serve. potential shooter. Easy availability of firearms makes the The most reliable sources with information on a fantasy of power or potency all the more tangible, and One of the tragedies of every shooting in the workplace, Ideally, the threat assessment team will glean and process developing threat will be those closest to the troubled consequently, visualizing the crime much more real and at school, or in the community at large is that in nearly information about a potential threat in its early stages, individual — family and friends, but also work colleagues accessible. every instance, certain insights previously glazed over and intervene before an actual threat materializes. or other peers of proximity. Successful threat assessment suddenly come into full focus. Some may have suspected Communication is absolutely critical to the effectiveness of and mitigation depends heavily on the willingness of those Visualization and planning are a huge part of the ritual and that something wasn’t right, but failed to come forward any threat assessment effort for the same reason that anti- people to come forward and let threat(continued assessors on know page that 24) run-up to a potential shooter’s attack. This is an important because they weren’t sure or didn’t want to cause trouble terrorist professionals have to rely on the public to “say a potential risk exists. point: It belies the notion that any active shooter suddenly for anyone. Silence can be deadly — and this is why it’s so something” if the public sees something — it simply isn’t shooter, your life may depend on your mental and Surviving in an Active Shooter • Keep your hands visible. physical ability to deal with the situation. Only if you’re confronted and can’t escape, FIGHT: • Call 911 immediately when you know you are safe Scenario • Fight as a last resort, and only when your life is in — even if you know others have done so. The best way to minimize casualties resulting from If at all possible, RUN: imminent danger. active shooters is to prevent incidents from taking • Have a pre-planned escape route in mind. • Try as aggressively as possible to incapacitate the If you can’t get away, HIDE: place at all. But in an active shooter situation, where • Leave personal belongings behind. shooter. • Hide in an area out of the shooter’s sight. first responders often arrive at a scene when an • Evacuate regardless of whether or not others • Grab what’s nearest and most effective to arm • Lock or block any door between your hiding place event is over, there are ways to increase the odds of follow. yourself, or throw items at the shooter. and the shooter. survival. Armed with this information, anyone facing • Help others to escape if you can. • Fully aggressive commitment to your actions is • Silence your cell phone, including vibration mode, the wildly unpredictable danger of a gunman or similar • Do not attempt to move wounded persons. essential — your survival depends on it. and remain as silent as possible. assailant can have a plan of action pre-formulated for • Keep others away from anywhere the shooter may escape or defense should the need arise. Be aware be. that if you find yourself in the vicinity of an active

22 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 23 INSIGHT MOST WANTED

Those in the community should be encouraged to speak encouraging those who have reached safety to call 911 up, but they have to know what to look for. Threat regardless of whether or not others have already done so. assessors should let community members know what By flooding 911 dispatchers with calls, first responders should alert them — not just in terms of a shooter’s typical get a much bigger sampling of information about what is Most Wanted: behavioral characteristics as outlined above — but to look happening, and they get it in very close to real time. This for potentially alarming patterns within a larger context: is precisely the sort of information first-response teams Violence typically results from something of a formula of need going into a potentially lethal situation, and threat NICOLAE POPESCU specific conditions involving the would-be shooter, past assessment teams and active shooter committees should stressful events, a current stressful situation and a target. take care to articulate that to their staff, students and By observing a distressed person’s behavior in a larger personnel. context of events surrounding and directly affecting that WANTED FOR: Conspiracy to Commit Wire One of the tragedies of every shooting in the workplace, at school, or in Fraud, Money Laundering, Passport Fraud, and the community at large is that in nearly every instance, certain insights Trafficking in Counterfeit Service Marks; Wire previously glazed over suddenly come into full focus. Fraud; Money Laundering; Passport Fraud; Trafficking in Counterfeit Service Marks

REWARD: The United States Department of State’s Transnational Organized Crime Rewards person, his or her actions — and intentions — are much In the best-case scenario, every business or institution Program is offering a reward of up to $1 million more easily read. would have people on-site with active shooter training for information leading to the arrest and/or — something Davis recommends highly. That may not Effective communication with the staff, students and always be practicable, but regardless, establishing the conviction of Nicolae Popescu. community members the treat assessment team is threat assessment team and active shooting committee designed to serve is vital, but reaching out to the network should be considered a top priority, if for no other reason of first responders in the larger community is also than it lets everybody concerned know that you care about imperative. At the November InfraGard meeting, a panel of their safety. According to the panel of first responders at first responders addressed the assembled audience on the the November InfraGard quarterly meeting, the value of importance of having accurate and current information on established threat assessment teams to their work, when a tactical response call. One of the priorities they voiced done effectively, is “priceless.” Because they know just how was the importance of businesses and institutions being preventable active shooter situations can be. Nicolae Popescu is wanted for his alleged participation in with that account would be notified and then would proactive and reaching out to jurisdictional agencies — a sophisticated Internet Fraud scheme in which criminal withdraw the proceeds and send them via wire transfer to police and fire departments, for example — to provide How preventable are they? Enough so that at the end enterprise conspirators, based in Romania and elsewhere another conspirator based on e-mailed instructions. building floor plans that can be retrieved and reviewed of 2013, United States Attorney General Eric Holder in Europe, posted advertisements on Internet auction en route in the event of an emergency. Inviting first credited Andre Simons and his Behavioral Analysis Unit market sites for merchandise for sale. Such advertisements A federal arrest warrant was issued for Nicolae Popescu on responders into the building or space being secured to 2 (BAU2) with the prevention of 148 mass shootings and contained images and descriptions of vehicles and Dec. 20, 2012, in the United States District Court, Eastern test their radios and other communication equipment is other violent attacks — an incredible achievement by any other items for sale, but those items did not really exist. District of New York, Brooklyn, New York, after he was highly recommended, as well. Both these steps go a long measure. By his own admission, Holder maintains that Conspirators posing as sellers then negotiated via e-mail charged by indictment for Conspiracy to Commit Wire way to assuring the most effective response in a shooter this success rate is difficult to actually quantify, obviously, with unsuspecting buyers in the United States. These Fraud, Money Laundering, Passport Fraud, and Trafficking situation. And in spite of these being easy steps that any due to the lack of an event being the definition of success “sellers” sent fraudulent invoices, that appeared to be from in Counterfeit Service Marks; Wire Fraud; Money organization can take toward greater security, when asked in this case, but he does affirm that not one case to which legitimate online payment services, to the victim buyers, Laundering; Passport Fraud; and Trafficking in Counterfeit why businesses, schools and other institutions don’t he and BAU2 have been called for support has resulted in with instructions for payment to bank accounts held by Service Marks. routinely do this, the panel responded, “Nobody asks.” a mass shooting or event. For his team and for everyone other conspirators in the United States. These conspirators Cooperation between the community at large and first dealing with this nightmare of a problem, intervention opened United States bank accounts under false identities Popescu speaks Romanian. He may have traveled to responders needs to be fostered and facilitated to ensure is the key — intervention and preparedness. Through using fraudulent passports made in Europe by other Europe.Source: FBI.gov not only the safety of students and on-site personnel in the coordination, observation and communication, we need to conspirators. When victims wired money to an account event of an active shooting incident, but of first responders escalate our coordinated efforts to maximize opportunities identified on the false invoices, the conspirator associated themselves. for successful intervention, and work to neutralize the active shooter phenomenon. The panel was very vocal about the importance of the 911 calls they receive in active shooter situations, and about 24 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 25 Soon after, a chance encounter in an elevator led to the all the company’s heavy lifting was done at the university. addition of Dunn, a senior from Scott Depot in Putnam County. “The components and algorithms of Secure Selfies — what I call the secret sauce — came out of WVU,” Esposito said. WVU Students Help Develop With the three students on board, Bourlai pitched the idea Ferrell said he is proud of that and thinks it’s something for a project that utilized biometric scanning, which Dunn, the WVU community should embrace. Amerman and Ferrell admit they knew nothing about. Out of necessity, they quickly figured things out though, “The thing is, this isn’t happening at MIT, Harvard or Mobile Security Software because Bourlai gave them a major project and very little Carnegie Mellon,” he said. “It’s happening here in West time to complete it. Virginia. Students use biometric and facial recognition software in consumer application aimed at mobile phone security. The project was to create the first iteration of the Secure “You don’t see stuff like this here,” Ferrell added. “We’re Selfie application so it could be demoed for investors. pretty normal guys. Before all this, we just sat around and By Samuel Speciale played video games.” Charleston Daily Mail “He came to us and said, ‘You have a week to finish this,” Ferrell said. A lot has happened since Dunn, Amerman and Ferrell accepted Bourlai’s offer. A difficult task even for an expert in biometric programming, the three students said they worked for Ferrell didn’t want to give any details, but he said he, Dunn CHARLESTON, W. Va. (AP) — It was a typical Friday for under wraps, but a consumer application called Secure what seemed like a week straight. and Amerman could make a small fortune if things go West Virginia University engineering students Alex Dunn, Selfies is currently in early stages of development. right. Steven Amerman and Walter Ferrell. Secure Selfies will use the company’s technology to Dunn said they wrote 1,500 lines of code, which he And while the prospect of making millions is enticing, prevent unauthorized access of mobile phones, tablets and indicated was a lot for the type of demo they did. It took Dunn, Amerman and Ferrell say they plan on completing At their Kingwood Street home in Morgantown, Ferrell their contents by using the device’s camera to lock and 150 total hours of work to complete, he added. their degrees at WVU. They also said they would consider washed dishes in a dimly lit kitchen and Dunn cooked unlock it. boxed macaroni on the stovetop. While Amerman was They each took on tasks that favored their area of continuing their studies in graduate school, though that down the hall screaming at his opponent in an online The application has been featured on CNBC’s Tech Crowd, expertise. Amerman programmed, Dunn coded algorithms depends on what happens to the company. League of Legends match, the two complained about a the development team has met with wealthy investors, and and Ferrell kept the server built on his computer functioning properly. If the last year is any indication of what could come, things frustrating situation they had gotten themselves into: A while the startup could soon be worth millions, it has roots could take off. roommate, who still owed them $750 in rent, was moving firmly planted in WVU’s Statler College of Engineering. Investors were impressed with the demo, Dunn said. out the next morning and had given no indication of It all started in Thirimachos Bourlai’s human and In the meantime, the team was waiting out the final days of whether he was going to pay up. computer interaction class, which Ferrell took as an The team has made several versions since then and hope a Kickstarter campaign to raise $50,000 to get the Secure elective in the fall 2013 semester. to have the application out to market in the near future. Selfies application up and running on Google’s mobile Complicating matters further, they weren’t sure they Ferrell said the application’s name was influenced by marketplace. If the fundraiser is successful, the team will would be able to cover the unexpected expense with their Amerman, who had recently moved in with Ferrell, several instances of celebrity photos being spread across quickly develop versions for Apple and Windows devices. meager student-employee incomes. eventually joined the class after attending one of Bourlai’s the Internet after their phones were hacked. While they only had 26 percent of the $50,000 currently lectures while he waited for Ferrell to get out of class. pledged with three days left in the campaign, the team Having finished the dishes, Ferrell stirred a packet of Amerman, a senior from North Berwick, Maine, said Bourlai added that mobile security is a major concern for expected the needed money to come in time. grape-flavored drink mix into a pitcher of tap water, sighed Bourlai had him hooked in that short hour. many and that there already is a market for applications and said, “This is what our lives have come to.” Even if the goal isn’t met, the team expects it will only be a like Secure Selfies. “I went home and immediately registered,” he said. matter of time until people are using their technology. While the three friends deal with the same hardships most “When more biometric safeguards are built into a phone, While that would likely be enough for most, Dunn, college students face, their time at WVU has been anything Over the course of the semester, Amerman and Ferrell it is more difficult to hack,” he said, though he added it can Amerman and Ferrell say their measure of success is but typical. impressed Bourlai, who promised them jobs in the school’s also complicate the user experience. getting WVU President Gordon Gee to post a selfie of him multi-spectral imaging lab if they passed his class. using their application on his social media sites. Like many of their peers, Dunn, Amerman and Ferrell “You probably don’t want to scan your fingerprint, face and balance class and work schedules, but they also are “He told us, ‘I̕ll give you a job if you get an A,’” said Ferrell, Gee, known for many things — his extensive bow tie all these other things just to use your phone,” he said. “But, software developers for Confirmix, a Morgantown-based a junior from Elkview in Kanawha County. collection chief among them — is an avid selfie-taker and if you’re a banker, you may want that extra security.” technology startup that has garnered the attention of high- often posts pictures of himself with students, celebrities That’s why the team is looking at creating security tiers profile investors in both public and private sectors. Little did they know Bourlai had been recruiting them for and random objects. with multiple modes of authentication. The company, started earlier this year, has created some time to help him create the software he came up consumer and enterprise identity authentication with years earlier. “If he would do that, we would be so legitimate,” Ferrell While Secure Selfies is the property and brand of said. technologies that use biometric and facial recognition Confirmix, the technology it uses is owned and licensed by software. Working odd jobs for cash at the time, Amerman and Ferrell happily accepted the offer and got the needed WVU. A launch date for Secure Selfies hasn’t been set yet, but the team expects it to be available for download on Android in The company’s work in the business sector has been kept grade, not knowing exactly what Bourlai had in mind. 26 INFRAGARD CHICAGO MEMBERS ALLIANCE Confirmix chairman and co-founder Patrick Esposito said spring 2015. VOLUME 1 | ISSUE 1 27 in southeastern New Mexico and at Los Alamos National Nuclear Security Administration to his agency’s Office of Laboratory. Environmental Management.

The orders and the civil penalties that come with them It wasn’t immediately clear Saturday whether the are just the beginning of possible financial sanctions the Department of Energy would seek a hearing on the “The big question now is what amount of time, effort and money are LANL and WIPP going to spend to contest the violations, which they shouldn’t. They should focus on what they’re going to do about fixing the problems.”

— Don Hancock, Watchdog

Energy Department could face in New Mexico. The state penalties levied by New Mexico or pursue settlement says it’s continuing to investigate and more fines are negotiations. A message seeking comment was left with possible. the agency.

The focus has been on a canister of waste from Los Alamos Watchdog Don Hancock said the penalties are a good first that ruptured in one of the Waste Isolation Pilot Plant’s step. storage rooms in February. More than 20 workers were contaminated, and the facility was forced to close, putting “The big question now is what amount of time, effort and in jeopardy efforts around the U.S. to clean up tons of Cold money are LANL and WIPP going to spend to contest the War-era waste. violations, which they shouldn’t. They should focus on FILE - This undated file aerial view shows the Los Alamos National laboratory in Los Alamos, N.M. (AP Photo/Albuquerque Journal) what they’re going to do about fixing the problems,” he The state accuses Los Alamos of mixing incompatible said. waste, treating hazardous waste without a permit and failing to notify regulators about changes in the way waste Federal officials are expected to release a final accident was being handled. The penalties for the lab total $36.6 investigation report before the end of the year. They have million. already said that cleanup and resuming full operations at Mishaps at Nuclear the Waste Isolation Pilot Plant could take years. The price “New Mexico does not need to choose between fulfilling tag has been estimated at $500 million. the laboratory’s mission and protecting the environment,” Repository Lead to $54M Ryan Flynn, state environment secretary, said in a letter to The state’s investigation has covered the radiological Los Alamos officials. “DOE now has an opportunity to learn release as well as a fire nine days earlier that involved a from these mistakes and implement meaningful corrective truck carrying salt in another area of the underground actions that will ensure the long-term viability of the Los facility. The state says its findings confirmed the existence in Fines Alamos National Laboratory.” of major procedural problems that contributed to the events. Current financial sanctions may be just beginning of troubles for U.S. Energy He wrote a similar letter to officials at the Waste Isolation Department in face of more than 30 state-permit violations. Pilot Plant, saying New Mexicans understand the nuclear While investigators have yet to pinpoint exactly what repository’s importance but that it must be operated and By Susan Montoya Bryan caused the barrel to breach, they suspect a chemical maintained with “the highest standards of safety and reaction in highly acidic waste that was packed with complete transparency.” The nuclear dump’s penalties organic cat litter to absorb moisture. total $17.7 million. ALBUQUERQUE, N.M. (AP) — New Mexico [Dec. 5, 2014] The state Environment Department delivered a pair of levied more than $54 million in penalties against the compliance orders to Energy Secretary Ernest Moniz, Moniz has said repeatedly that it’s a top priority for his U.S. Department of Energy for numerous violations marking the state’s largest penalty ever imposed on the agency to get the Waste Isolation Pilot Plant on track, that resulted in the indefinite closure of the only U.S. federal agency. Together, the orders outline more than 30 and he took steps earlier this year to shift oversight underground nuclear waste repository. state-permit violations at the Waste Isolation Pilot Plant of the cleanup work at Los Alamos from the National 28 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 29 panel of the 9th U.S. Circuit Court of Appeals on Monday. investigators with appropriate court orders. “Anna’s not a criminal defendant. She’s not a suspect in any crime. And yet her records are being swept up.” The arguments in Smith’s case focused on how to interpret the Supreme Court’s 1979 ruling in Smith v. Maryland. The government has acknowledged that under a USA Patriot Act provision, and with authorization from the In that case, the justices upheld a decision by Baltimore Foreign Intelligence Surveillance Court, it collects data police to collect, without a warrant, phone numbers a from telecommunications companies showing the time criminal suspect dialed over three days. The court held

“Anna’s not a criminal defendant. She’s not a suspect in any crime. And yet her records are being swept up.”

— Peter Smith, Attorney

and length of calls, along with numbers dialed. With a that people have no expectation of privacy in phone Idaho real estate attorney Peter Smith, left, and his wife, nurse Anna J. Smith, pose for a photo outside the federal appeals court building further showing to the Foreign Intelligence Surveillance records because information about who they call is Monday, Dec. 8, 2014, in downtown Seattle. A three-judge panel of the 9th U.S. Circuit Court of Appeals heard arguments Monday in Anna Court, investigators can then run queries of that data in an provided to a third party — the phone company. Smith’s case challenging the National Security Agency’s bulk collection of Americans’ phone records; Peter Smith argued the case on her effort to uncover links involving suspected terrorists. behalf. (AP Photo/Gene Johnson) Peter Smith told the judges that the NSA’s bulk collection The Justice Department called it an “important of phone records concerning millions of Americans government anti-terrorism program” in its briefing to the bears little resemblance to the 1979 case. The scope of 9th Circuit. data collected here could allow the government to piece together an intimate picture of someone’s life: whether a “It is true that, under the program, the government person has a medical problem or has been calling a suicide Judges Hear Arguments acquires a large volume of business records containing hotline or getting counseling for alcoholism, he said. telephony metadata,” department lawyers wrote. “But consistent with the governing Foreign Intelligence Judge Richard C. Tallman questioned whether Anna Smith Over NSA Surveillance Surveillance Court orders authorizing the program, that had standing to challenge the program. information is used and analyzed only under highly Idaho nurse sues U.S. government, arguing that the National Security Agency’s restricted circumstances.” While the government has acknowledged that records of Verizon business clients are among those collected, it has sweep of phone records violates Fourth Amendment rights. The New York-based 2nd U.S. Circuit Court of Appeals not confirmed that Verizon’s personal phone customers, By Gene Johnson recently heard arguments in an appeal of a judge’s opinion including Smith, are among them. Associated Press that upheld the program’s legality, while the D.C. appeals court heard arguments last month after a judge there However, Smith also is represented by the American found the program probably is unconstitutional. Civil Liberties Union and the Electronic Frontier Foundation. The ACLU is a Verizon business client, and her SEATTLE (AP) — A federal appeals court heard arguments the Fourth Amendment’s prohibition on unreasonable The flurry of cases followed revelations by former communications with the organization could be swept up, in an Idaho woman’s challenge to the National Security searches and seizures. NSA contractor Edward Snowden about once-secret Jameel Jaffer, the ACLU’s deputy legal director, noted after Agency’s bulk collection of phone records — the third time intelligence collection programs. the hearing. in recent months that appeals courts around the country In June, U.S. District Court Judge Lynn Winmill in Boise, have considered the controversial counterterrorism Idaho, disagreed — but nevertheless noted that the case President Barack Obama has called for an end to the program. raised privacy questions that could wind up before the bulk collection of phone records of millions of Americans Supreme Court. not suspected of crimes. Earlier this year, he suggested Calling herself an ordinary American upset about the instead that Congress make changes that would have program, nurse Anna J. Smith sued the government last “We’re dealing with a dragnet of call records,” Smith’s telecommunications companies — not the government year, arguing the agency’s collection of call records violates attorney and husband, Peter Smith, told a three-judge — maintain the records, which could then be queried by 30 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 31 Drones Could Soon Be a U.S.: Navy Engineer Tried to Common Sight In the Skies Steal Schematics FAA expects unmanned aircraft to be “fully integrated” in public airspace inside of Civilian engineer caught attempting to deliver naval aircraft carrier plans to five years. Egyptian authorities faces up to 20 years. By Brad Harper Associated Press The Montgomery Advertiser

MONTGOMERY, Ala. (AP) — Unmanned drones may be a more quickly and safely than a person could. They could NORFOLK, Va. (AP) — A Navy civilian engineer has been The undercover agent was given aircraft carrier drawings common sight in the skies over Alabama within the next fly package deliveries to remote areas. And there are indicted on charges he tried to steal schematics of an marked with warnings that foreign distribution could few years, doing everything from scouting traffic accidents more potential uses arriving every day as the technology aircraft carrier under construction and have them sent to result in criminal prosecution. Awwad indicated he to delivering packages. improves. Egypt. understood the computer drawings would be used in Egypt. He agreed to provide the agent with passport “I think in the next five years you’ll see these aircraft fully The task force’s goal is to get FAA approval to expand the Federal prosecutors said Mostafa Ahmed Awwad, 35, photos to produce a fake Egyptian passport so Awwad integrated in the airspace,” said John McGraw, a former use of drones in Alabama and establish guidelines for their of Virginia was arrested on two counts of attempted could travel without alerting U.S. government officials. Federal Aviation Administration official. “I think they'll use. Their recommendations are due to the governor by exportation of defense articles and technical data. Awwad also asked for $1,500 to buy a tiny camera to have the ability to sense and avoid other [air] traffic. … I Jan. 15. enable him to photograph restricted material around the think you’ll see that they’re part of everyday life.” Prosecutors said Awwad tried to steal technical data shipyard, the affidavit said. McGraw is an Auburn graduate and said he sees a lot of in the designs of the USS Gerald R. Ford in late October. Some agencies already use unmanned aircraft here. potential for the use of unmanned planes here. Awwad provided computer drawings downloaded from On Oct. 23, Awwad retrieved $3,000 in cash from a pre- Homeland Security Deputy Director Shirrell Roberts said the Navy to an undercover FBI agent posing as an Egyptian arranged drop site along a secluded hiking trail and left Northport firefighters and Mobile police have put them “Alabama is interested, is asking the right questions and intelligence officer. behind a container with an external hard drive and two to use. But he said other Alabama first responders have certainly has a strong history in the aerospace/aviation passport photos. The FBI later collected the container. drones and are afraid to use them until they have clear industry,” he said. The Ford is the lead ship in a new class of carriers. It is Awwad was observed at his Navy office on Nov. 28 holding policies and procedures in place. scheduled for delivery to the Navy in 2016. what appeared to be aircraft carrier design schematics, Officials also said they’ve run into some privacy concerns. which he placed on the floor and photographed, the “There’s a great hesitancy,” Roberts said. The idea of having cameras hovering overhead may According to an FBI affidavit, Awwad began working for affidavit said. upset some people, McGraw acknowledged. But he said Navy last February in the Norfolk Naval Shipyard’s nuclear The FAA is expected to propose new rules soon. it’s not much of a change in a world that’s already full of engineering and planning department. Awwad is scheduled for a detention hearing on Dec. 10 in Meanwhile, a task force of state leaders is trying to prepare monitoring devices on the ground. federal court. for that new future by looking at ways to use drones. An undercover agent speaking in Arabic contacted Awwad “(People) need to realize that there are two cameras on in September and the pair met the next day at a park. At The charges carry a maximum penalty of 20 years in Groups representing agriculture, education, law every cell phone,” he said. “There are security cameras the meeting, Awwad asserted that was his intention to prison on each count upon conviction. enforcement and more told the task force that they see a inside and outside of almost every building we’re in every use his position of trust with the Navy to obtain military wealth of opportunities. They said drones could be used to day. … You’re probably on camera most of the time. technology for use by the Egyptian government. help out on the farm, to monitor power lines, to map land and in many other ways. “They really need to look at the bigger picture and realize The pair also met in October at a hotel where Awwad that the cameras on an unmanned aircraft don’t change described a plan to circumvent Navy computer security McGraw said the flying vehicles could examine the the situation that much, and that there are laws in place by installing software enabling him to copy documents 32undersideINFRAGARD of bridges CHICAGO or MEMBERS dangerous ALLIANCE areas of plants far already to protect them.” without tripping a security alert, the affidavit said. VOLUME 1 | ISSUE 1 33 NEW TECHNOLOGY

Artificial Intelligence Aids First Responders in iOmniscient’s ASAP™ System

One of the most over-applied terms in technology in recent emergency service — and transmits not just the video of years has to be “game-changing.” But for first responders the incident, but directions on how to reach the scene. anxious for the most current, fastest-transmitted, accurate data on an incident to which they’re responding, it’s a term According to iOmniscient, which won The Australian that’s going to be difficult not to use when talking about Innovation Challenge 2014 for its advanced use of iOmniscient’s Automated Surveillance Action Platform information and communication technology, the ASAP (ASAP). The ASAP is a system that integrates artificial system can reduce the average response time for intelligence technology with CCTV cameras to drastically emergency situations by approximately 20 minutes, reduce the response time for first responders in the event bringing the typical response time to under five minutes of an accident or other emergency situation. — an incredible feat that also helps reduce the stress and workload of control room staff. Suppose the CCTV system picks up an image of a person falling to the floor in a bank or other secure area. This “We are proud to contribute to a smarter and safer future might be a startling incident and other people may rush with the help of our patent-pending technology that to that person’s aid to help the person up. But couple the reduces response times for emergency services by up to falling person with a preceding bang, like the shot of a 80 percent,” iOmniscient Managing Director Ivy Li said of gun, and the violent scattering of people from the scene, the honor bestowed on this innovative development. “It and the ASAP system will recognize that an incident is helps to make the user more productive and effective in taking place. The camera will have recorded the event, but supporting the public when there are accidents and other the system automatically seeks out the nearest available emergencies.” 34 INFRAGARD CHICAGO MEMBERS ALLIANCE first-response unit — be it a squad car, fire station or other VOLUME 1 | ISSUE 1 35 MEMBER NEWS

LIFE Bell for a couple of years. The draft got me in 1968. When around for 12 hours and wound up getting my picture LIFE I went into the service, Russ joined the Chicago Police in magazine. It was an interesting experience. How Department. I came back from Vietnam — one of the first many immigrant kids can say they got their picture in guys I meet up with is Russell Howard. We’re having a nice magazine? LIFE steak dinner at Sabatino’s on Irving Park Road, and talking about the old days. Russ asks, “What are you gonna do?” Twelve hours later, I turned the director and “Russ,” I says, “I don’t know. I’m glad to be alive.” He goes, photographer over to a young officer named Bruce “Have you ever considered the police department?” And I Harrison. Little did I suspect that just two weeks later, we raved and ranted, and said, “I want no part of uniforms; I would be burying Bruce. He and his partner were killed in want no part of guns anymore — screw all of that!” the line of duty — gunned down in a tavern.

At that time, we were not very popular. We — the vets. As a sergeant, I worked for Pope John Paul II, on his detail. We’re coming back to a country that was torn apart by the I was the assistant field operations boss. I met lots of War. I really had a difficult time getting a job. Drove a cab, famous people during my career. Pat Nixon gave me a did a lot of odd things just to make money. I took the police kiss on the cheek for supposedly saving her life. We didn’t test because Russ asked me to. I wound up No. 2 on the really save her life, but that’s the way it looked to the list. Long story short, I raised my right hand, and 28 years press and public. We did a lot of unusual things. When we IMA:later, AsI left. a police veteran, I’m sure you have an opinion weren’t working high crime we did sporting events. The on how policing has changed and evolved in the years old Chicago Stadium. Cubs Park, Sox Park. As a matter since you left the force — especially in the wake of the of fact, I did the last [Bears] game at Wrigley Field, as a Ferguson decision. patrol officer when they moved them from Wrigley Field to IMA:Soldier You Field. were one of the first to respond out at O’Hare HG: to an incident involving a plane that lost an engine some years ago. Can you tell us a bit about that Listening to this stuff — it’s tearing me apart. One of experience? the advantages of knowing that you’re not going to live much longer is that you don’t really care about politics. HG: You’ll tell people the truth. I couldn’t be a police officer in today’s day and age. Back in August when I addressed During the blizzard [of ’79], we worked twelve hours InfraGard, I told the audience that police officers were on and twelve hours off for 44 days straight, no days off. It not saints, but they certainly aren’t sinners, either. We was one of the few times the Chicago Police Department Henry Gralak is pictured at his kitchen table in Chicago with a copy of the LIFE magazine article in which he appeared during his service did the best that we could. The constraints placed against paid officers overtime. Their definition of overtime was with the Chicago Police Department, photos from his tour of duty in Vietnam and other mementos from his years of duty. (Photo: Karl J. law enforcement began in our era. By constraints, I mean that all the overtime that we accrued in those 44 days Paloucek) everything from Miranda, on. But we adapted to those would be paid at your hourly rate times two — that’s changes and did it well. We carried our heads high; we what they offered and I took it. It was money. Well, 1979, worked with a lot of integrity and pride. But in today’s day I’m in the parking lot of the old O’Hare International InfraGard Member Focus: and age, it seems there are those who don’t even want Bank at Cumberland and the Kennedy Expressway, going IMA:police What, officers for to you, exhibit have such been pride. some of the more to deposit that overtime money. I remember getting off memorable and most meaningful highlights — what, in my motorcycle, taking off my helmet and I heard it and Henry Gralak hindsight, makes you most proud? then I felt it. I looked up, and there was this huge fireball. By Karl J. Paloucek First thing I thought of was, “Standard oil tanks over HG: at Elmhurst Road and Higgins had blown up.” I went inside the bank. Guy’s name was Christiansen — Fred I’ve had a few. I want to say 1974 or 1975 when I was Christiansen. Retired chief, Park Ridge Police Department. Many of you are aware that InfraGard member Henry time with him to discuss his experiences in the security put on a special assignment and told to come to work Fred greets me, “Hey, Henry.” I says, “Hi. What the hell Gralak finally stepped down after serving many years as industry and are pleased to be able to share them with the the nextLIFE day in my dress uniform. “You’re going to drive just happened out there?” He says, “Yeah, we heard it in a member of the Board of Directors. At the November IMA:rest of Let’s the InfraGardstart at the membership. beginning — where did your around the director of news affairs and a photographer here.” Well, he called his old friends at the Park Ridge quarterly meeting, those assembled honored Henry and interest in public safety begin, and how? from magazine,” I was told. And literally, I did just Police Department. The initial word was, a cargo plane his contributions to the security community with a plaque that. For 12 hours, I escorted the director and the LIFE crashed outside of O’Hare. That changed in less than two recognizing his dedication and years of service to the Henry Gralak: photographer, I’ll never forget. The photographer was minutes — it was a fully loaded passenger plane, American InfraGard Chicago Members Alliance. from the Netherlands. CoLIFE Rentmeester was his name and Airlines, Flight 191, a DC-10 aircraft. It was May 25, 1979. When I got out of high school, I went he became known for his coverage of the Vietnam War. It The plane went down just outside of O’Hare. I thought, Henry, who has been coping with a myriad of illnesses, has to work for Illinois Bell very briefly. Many young guys was the first time that did something called, “One Day “Oh, man — don’t tell me.” (continued on page 38) had an extraordinarily colorful career full of moments both there — Russell Howard, rest his soul — Russell had just in the Life of America.” They picked a city and decided to 36euphoricINFRAGARD and harrowing. CHICAGO MEMBERS We were ALLIANCE honored to spend some gotten out of the service. We worked together at Illinois document, in photographs, 24 hours of crime. I drove them VOLUME 1 | ISSUE 1 37 MEMBER NEWS INDUSTRY EVENT CALENDAR

Start making plans today to attend the knowledge-sharing events impacting the Being on a motorcycle that day, I had an advantage. I got because on that day alone, United fired over 23,000 security industry in the coming months: on my bike and I started heading toward the fireball — people. In a single day. We just got assigned to a new boss. 2015 Government Cyber Security SBIR Workshop RSA Conference where I last saw it. Traffic was absolutely jammed on He did it the right way. Before I even sat down with him Jan. 13-15, 2015 April 20-24, 2015 the expressway, on Higgins, on Touhy Avenue. You name privately, he said, “Hank, I want you to know you’re OK.” it — nothing was moving. I spent most of the time riding The rest however, was downhill from there. Fifty-percent down sidewalks, in the grass — anywhere I could find a salary cut and forced to pay for health insurance — $404 2015Venue ATAC TBD -Anti-Piracy Washington, Conference D.C. Moscone Center place to put two tires. And I got there. I was, I think, the every two weeks. I looked at my paycheck and said, “You Jan. 18, 2015 747 Howard St., San Francisco, CA sixth or seventh police officer to arrive on the scene. And know something? I can’t even afford gas right now.” I www.rsaconference.comBorder Security Expo 2015 it was horrendous — absolutely horrendous. The heat was thought I got lucky getting a job with Motorola, but that April 21-22, 2015 overwhelming. There was nothing we could do. Once the also turned out to be not as good as I thought it would be. Red Rocks Casino Resort Spa smell of death gets in your nostrils, you never forget it. It IMA:Motorola You werebegan recognized downsizing at the the same most year recent I was meeting hired. 11011 W. Charleston Blvd., Las Vegas, NV reminded me of Vietnam and napalm. We lost everybody for your many years of leadership and service. What SecureWorldatacglobal.com Expo 2015 - Charlotte, NC Phoenix Convention Center in that airplane. It happened on a Friday afternoon. We has InfraGard as an organization meant to you over the Feb. 11, 2015 100 N. 3rd St., Phoenix, AZ were brought back formally the next day. We were sent years? www.bordersecurityexpo.comSecureWorld Expo 2015 - Houston, TX home on Sunday. Monday they asked for volunteers to May 13, 2015 come back and work identification there. I volunteered. HG: Harris Conference Center I told my team — I had eight men working for me, then 3216 Cpcc Harris Campus Dr., Charlotte, NC Norris Conference Centers Houston/CityCentre — “You don’t have to go; this is not going to be fun; it’s not When I first was exposed to InfraGard, I thought it to SecureWorldwww.secureworldexpo.com Expo 2015 - Boston, MA 816 Town & Country St. #210, Houston, TX going to be easy. I won’t think anything less of you if you be a fantastic, interesting concept. That the private sector March 4-5, 2015 www.secureworldexpo.comCNP Expo 2015 don’t go.” Seven out of the eight in my team came with me. — citizens — could actually partner and work with the May 18-21, 2015 We spent 29 days out there, working on the identification FBI was an amazing and innovative idea. The FBI that I IMA:process. Even It wasthough extremely Chicago difficult. wasn’t an epicenter, 9/11 grew up with in the police department — you didn’t talk Hynes Convention Center Exhibit Hall B would have affected you here as well as anywhere. How to the FBI; you didn’t talk to anybody in government, and 900 Boylston St., Boston, MA Caribe Royale Orlando did that event change your life and your work? God forbid if you did. You’d be ostracized or vilified or SecureWorldwww.secureworldexpo.com Expo 2015 - Philadelphia, PA 8101 World Center Dr., Orlando, FL both. You just didn’t do it. I liked what was presented. March 18-19, 2015 cardnotpresent.comSecureWorld Expo 2015 - Atlanta, GA

HG: When I first started attending meetings and working with May 27-28, 2015 InfraGard, there were parts of government that people I went to work for United Airlines a year and a half simply took for granted or never heard of. There was DoubleTree by Hilton Hotel Philadelphia Valley Forge before September 11. September 11 was a Tuesday a gentleman — I think he’s an adjunct professor from 301 W. Dekalb Pike, King of Prussia, PA Cobb Galleria Centre (Ballroom) morning — 7:30 in the morning our time. I tend not to DePaul, as I recall. The first time I encountered him with connect:IDwww.secureworldexpo.com — An Exploration of Physical & Digital 2 Galleria Pkwy SE, Atlanta, GA listen to the radio in the morning. If I do, it’s oldies-but- InfraGard, he showed us how you can walk into your local Identity in the 21st Century www.secureworldexpo.comUDT 2015 (Undersea Defence Technology) goodies. And as I’m stepping out of the bathroom, ready Ace or True Value Hardware, and buy the components you March 23-25, 2015 June 3-5, 2015 to throw on some clothes, I hear on the radio station that need to make a bomb. That was a real eye opener. I was listening to: “We have information that the South Walter E. Washington Convention Center Ahoy Rotterdam Tower just collapsed.” I froze in my tracks. The South For the longest time, I was the only former police officer 801 Mt. Vernon Pl. NW, Washington, D.C. Ahoy-weg 10, 3084 BA Rotterdam, Netherlands Tower, to me, meant only one thing — the World Trade to be involved in the Chicago Chapter of InfraGard. At SecureWorldwww.connectidexpo.com Expo 2015 - Kansas City, MO www.udt-global.comGartner Security & Risk Management Summit Center. I turned on a TV, and lo and behold, I watched it in that time, colleagues were starting to dwindle because of April 1, 2015 June 8-11, 2015 just about real time. A few minutes later I open the trunk age and retirement, but still I have to ask where were we of my car and check my recovery manuals. I was one of and why weren’t we there? Same goes for my brethren in the fire department. InfraGard is a platform that every two disaster recovery coordinators for United. My partner, Gaylord National Resort & Convention Center first-responder should use to help prepare for what we all Kansas City Convention Center Bob Mackie, he did the mainframes. I had global network 201 Waterfront St., National Harbor, MD know can and will come our way. 301 W. 13th St., Kansas City, MO infrastructure — the network side of the house. We IMA: It’s really been quite a career and life for you, INTERPOLwww.secureworldexpo.com World 2015 www.gartner.com/technology/summits/na/securitySecureWorld Expo 2015 - Portland, OR trained constantly. The airlines are very big on training. hasn’t it? April 14-16, 2015 June 17, 2015 They take security very seriously. HG: By the time I got [to O’Hare], it was about 9:30 or 10:00 in Sands Expo & Convention Centre DoubleTree by Hilton - Portland the morning, our time. Traffic significantly backed up all As I told the folks back in August, over at InfraGard, I 10 Bayfront Ave., Singapore 1000 NE Multnomah St., Portland, OR around the airport. We already had three layers of security said, “You can tell by my accent, I’m a foreigner.” Because Internationalwww.interpol-world.com Security Conference & Expo West Electronicwww.secureworldexpo.com Security Expo 2015 in front of the reservations building. It was bedlam in I am — I came to this country in 1951. Naturalized citizen April 14-17, 2015 June 24-26, 2015 there. when I turned 18. We didn’t do too bad. Parents came By the end of that day, which for us was around midnight, over here with nothing except two sons and one suitcase. My brother retired as the financial officer for DeVry, and I Sands Expo and Convention Center Baltimore Convention Center we knew that we, as an airline, were not under attack. But 1 W. Pratt St., Baltimore, MD it changed our lives forever. Two Wednesdays following — managed to have what turned out to be a checkered career Care201 Sandsto have Ave., your eventLas Vegas, included NV in a future Industry Event Calendar? Email your event details to [email protected]. that I truly enjoyed. www.iscwest.com www.esxweb.com 38I wantINFRAGARD to say, Sept. CHICAGO 26 — MEMBERS we called ALLIANCE it Bloody Wednesday, VOLUME 1 | ISSUE 1 39 40 INFRAGARD CHICAGO MEMBERS ALLIANCE