VOLUME 1 · ISSUE 1 Active Shooters: Can They Be Stopped? 20 LEARNING FROM OUR EBOLA RESPONSE SUCCESSES ... AND FAILURES 12 ENSURING PROTECTION OF ELECTRONIC HEALTH RECORDS 16 SECURING THE GRID AGAINST COPPER THEFT 18 VOLUME 1 | ISSUE 1 1 TABLE OF CONTENTS COVER STORY 20 | Active Shooters: Can They VOLUME 1 · ISSUE 1 Be Stopped? Official Magazine of Working to Safeguard Chicago̕s Critical Infrastructure Editorial Office: As the trend of school and workplace shootings in this country 4701 Midlothian Turnpike, Ste. 4 continues to escalate, what can the security community do to help Crestwood, IL 60445 the public at large identify the next active shooter and prevent him Phone: 708-293-1430 | Fax: 708-293-1432 E-mail: [email protected] or her from completing the walk down the path to violence? www.imamagazine.org IMA 12 | Learning From Our Ebola (ISSN 1553-5797) The Chicago InfraGard Members Alliance Response Outcomes is published four times per year for Fanning Communications by Healthcare and Public Health Sector Chief Dr. Terry Donat examines 4701 Midlothian Turnpike, Ste. 4 what we’ve learned from the Ebola experience and how we can Crestwood, IL 60445 better secure our population against the threat of future — and Publisherwww.fanningcommunications.comEditor/ inevitable — epidemics. Graphic Designer ̕ John J. Fanning 16 | Ensuring Protection of [email protected] De Anna Clark [email protected] Writer Electronic Health Records Karl J. Paloucek Editor/[email protected] Mary Stroka Graphic Designer [email protected] Programmer How do we keep unprecedented volumes of highly sensitive data secure? Joseph F. Lindsay III [email protected] Joseph Neathawk Accounting/[email protected] 18 | Securing the Grid Against Subscription rate is $49.99 per year Janin the KlosUnited States Copper Theft and Canada; $110.00 per year in all [email protected] foreign countries. POSTMASTER: Send address changes to 4701 Midlothian Tpk., Ste. 4, Crestwood, IL 60445. All statements, including product claims, are those of the person or organization making the statement or claim. The publisher does not adopt any such statements as its own, and any such statement Homeland Security Solutions Director Karl Perman describes or claim does not necessarily reflect the opinion of the publisher. © 2014 Fanning Communications, Inc. security experts’ response to the issue of copper pilfering and how we can reduce the vulnerability of infrastructure. 2 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 3 TABLE OF CONTENTS 7 | President’s Message BOARD OF DIRECTORS 9 | SAC’s Message 10 | Intelligence Briefing President 15 | Member Notes Paul Sand 25 | Most Wanted AVP, Independent Security Officer, Federal Home Loan Bank of Chicago 26 | WVU Students Help Vice President Develop Mobile Security Erik Hart Software Director, Information Security Solutions, Leo Burnett and Arc Worldwide 28 | Mishaps at Nuclear Programming Director Jo Ann Ugolini Repository Lead to $54M Security and Investigations, Hillard Heintze in Fines Treasurer/Membership Director Thomas Elward 30 | Judges Hear Arguments Infrastructure Protection, Exelon Over NSA Surveillance Secretary/ Communications Director 32 | Drones Could Soon Be a John Fanning President & CEO, Fanning Communications, Common Sight In the Inc. Skies At-Large Director Bruce M. Bina 33 | U.S. — Navy Engineer Tried Vice President of Product Development & to Steal Schematics Design, Adaptive Rescue Concepts, ARC LLC At-Large Director 35 | Artificial Intelligence Aids Amy Bogac First Responders Director, IT Security Operations, Walgreens At-Large Director 36 | InfraGard Member Focus: Erick Nickerson Henry Gralak Partner and Marketing Specialist, CCG Solutions, LLC. At-Large Director Jill Czerwinski We were honored to spend some time with Henry Gralak to discuss Senior Manager, Crowe Horwath his experiences in the security At-Large Director industry and are pleased be able Edward Marchewka to share them with the rest of the InfraGard membership. Information Security Manager, Chicago Public Schools IMA/FBI Liaison 39 | Industry Event Calendar Kathy Hug Special Agent, Federal Bureau of Investigation 4 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 5 PRESIDENT’S MESSAGE Greetings, Members: IMA On behalf of the membership of the InfraGard Chicago Members Alliance IMA(IMA), I want to welcome you to the inaugural issue of magazine. magazine has been brought to life as a result of much hard work put forth by many InfraGard volunteers. Through this publication, we hope to better inform our membership of emerging threats and identified best practices impacting security professionalsto and deliver first responders.information into the hands of first responders and security professionals in a timely and accurate manner; andThe missionin so doing, of this serve magazine to inform, is inspire and promote those professionals who protect American lives, liberty and critical infrastructure. Paul Sand, President InfraGard Chicago Members Alliance To ensure the accuracy of what we report, we have created an Editorial Board comprising tenured and respected professionals serving in the security industry. The Editorial Board shall review feature stories and submissions to determine their suitability, relevance and accuracy prior to publication within the magazine. Our mission is critical. We know the threat is real and that IMAonly through vigilance and preparation may we defend against plans and/or respond to events coming from terrorist groups and rogue assailants. magazine will assist in such preparation. As critical as our mission is, we also understand that without the support of our advertisers, we could not bring this publication forward. I want to thank each advertiser and sponsor for his or her belief in our mission andIMA support of our magazine. I also encourage our readers to show their support for the businesses and organizations who support our industry by using magazine to identify the suppliers and organizations they may require. Thank you for your attention. Sincerely, Paul Sand Paul Sand, President InfraGard Chicago Members Alliance 6 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 7 SAC’S MESSAGE Greetings, InfraGard was founded in 1996 by the FBI and is a government and private sector alliance. Although the program was developed to promote protection of U.S. critical information systems, it has evolved through the years into partnerships dedicated to sharing information and intelligence to prevent hostile acts against the United States. The FBI values these relationships more than ever before in today’s threat environment. With over 80 InfraGard Member Alliances (IMA) nationwide, the FBI is committed to sharing information concerningIMA various terrorism, intelligence, criminal and security matters with our partners. In response, the Chicago IMA has successfully created a forum, magazine, to strengthen and further promote the information-sharing process. Robert J. Holley, IMA Special Agent in Charge The vision of magazine is to inform readers of lessons learned and FBI Chicago Division best practices identified by both law enforcement and private sector security professionals. We are excited to be a part of this project. We hope this magazine will provide the readerIMA with information that may assist in protecting assets against cybercrime, counterterrorism, counterintelligence and other threats. Each issue of magazine will be peer-reviewed to ensure the accuracy of information and will focus on providing relevant security information across the various sectors InfraGard is designed to IMAprotect. magazine is developed by — and for — the members of InfraGard to enhance our ability to protect our nation’s critical infrastructure. I look forward to our continued alliance and applaud your dedication to the information sharing-process. RobertSincerely, J. Holley Robert J. Holley Special Agent in Charge FBI Chicago Division 8 INFRAGARD CHICAGO MEMBERS ALLIANCE VOLUME 1 | ISSUE 1 9 INTELLIGENCE BRIEFING Cybercriminals testing new PoS malware, “Poslogr.” Dec. 2 caused a loss of power to the Frank Murphy Hall employees or connected to DEA employees. The report appears similar to the RedOctober campaign dubbed Cloud of Justice, Coleman A. Young Municipal Center, public found that some DEA personnel exercised poor judgment Atlas or Inception Framework that has been targeting the Dec. 1 — Researchers with Trend Micro detected a new, schools, the Joe Louis Arena, the City-County building, and in giving the man access to DEA personnel and facilities, Android, iOS and BlackBerry devices of specific users in multicomponent point-of-sale (PoS) malware dubbed several other commercial buildings. Detroit Public Schools and receiving gifts from the man. the government, finance, energy, military and engineering “TSPY_POSLOGR.K” that is under development and dismissed students early while The Detroit Historical “DeathRing” malware found preinstalled on sectors in several countries via spearphishing. The Museum and Detroit Institute of Arts closed as crews malware appears to be primarily designed to record phone yields similarities to a recently discovered variant of smartphones. the BlackPoS malware. Poslogr is designed to read the worked to restore power following the rescue of dozens of conversations and can also track locations, monitor text memory linked to specific processes and collect people from affected buildings. messages and read contact lists. payment