Category Archives: Cyber War

Hackers Breach FBI Websites

Posted on by

Hacked material included names, addresses, job descriptions, email addresses of at least 3 FBI owned websites. Apparently the hackers have been working this mission since 2014.

FBI data leakedSee complete details here.

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.

The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.

The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.

The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses. The FBINAA could not be reached for comment outside of business hours. If we hear back, we’ll update.

TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.

“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.

The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.

It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”

Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked. When we opened the page in a Tor browser session, the website had been defaced — prominently displaying a screenshot of the encrypted chat moments earlier.

The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.

In the encrypted chat, the hacker also provided evidence of other breached websites, including a subdomain belonging to manufacturing giant Foxconn. One of the links provided did not need a username or a password but revealed the back-end to a Lotus-based webmail system containing thousands of employee records, including email addresses and phone numbers.

Their end goal: “Experience and money,” the hacker said.

Is China an Adversary of the United States?

Posted on by

Yes, and frankly, we should completely reconsider an trade agreements in total with China. The whole launch of a harmonious relationship between the United States and China established by President Nixon in 1972 is not today’s condition. China is hostile to not only the United States but to any country frankly for the sake of money, China needs it by any and all means possible.

Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S ...

China is using ‘debt traps’ effectively to financially punk foreign governments to gain power, influence and assets.

  • China is working to influence media outlets beyond its borders in an effort to impose its ideology and deter criticism of its actions, a press freedom group said.

    In a report released Monday, Reporters Without Borders detailed what it said was China’s impact on a global decline in press freedom and analyzed President Xi Jinping’s strategy to control information outside his own country. The group found that Beijing was using advertising buys, paid-trips for journalists and an expanding global propaganda network to impose its “ideologically correct” terminology and to obscure darker chapters of the country’s history.

  • Huawei has been a theft and spy operation for decades. A major concern and consequence is a renewed U.S. campaign to pressure and persuade America’s allies to keep Huawei technology and equipment out of the next generation of wireless networks, known as 5G. The stakes in this campaign are much bigger than U.S. market share or the effectiveness of Iran sanctions. If Huawei’s chips and routers find their way into this new network, everything from digital privacy to intellectual property could be at risk.
  • Chinese employees stole corporate secrets from Dutch semiconductor equipment maker ASML, resulting in hundreds of millions of dollars in losses, Dutch financial newspaper Financieele Dagblad (FD) reported on Thursday.

    The paper said, citing its own investigation, technology had been stolen by high-level Chinese employees in the research and development department of ASML’s U.S. subsidiary and ultimately leaked to a company linked to the Chinese government.

  • That Chinese worker employed by that farm in Iowa is likely a spy, performing agricultural/intellectual property theft.
  • China has and continues to infect the American education system. It is called the Confucius Institute. It ranges from Kindergarten to graduate school. China has already spent $200 million USD on this effort. So, the Senate held a hearing. Legislation? Still waiting.
  • U.S. government contractors hired by China to be a hacker/ perform espionage or to steal technology. Examples are here, here and here.

Just this past December, the Assistant Director of the FBI for the Counterintelligence Division gave an extended statement and testimony before the Senate Judiciary Committee that spoke to the non-traditional espionage methods employed by China against the United States. Simply put, he described it as a Cold War and honestly it is.

In part:

The Chinese government is attempting to acquire or steal, not only the plans and intentions of the United States government, but also the ideas and innovations of the very people that make our economy so incredibly successful. The Chinese government understands a core lesson of the Cold War between the United States and the Soviet Union: economic strength is the foundation of national power. The competition between the United States and China will be greatly influenced, if not ultimately decided, on the strength of our economies.

The Chinese government means to compete with us in every way possible, playing by the rules at times, bending them at others, and breaking them when necessary to ensure their success. They also aim to rewrite the rules to shape the world in their image, and they have already made progress on this front. The rules they write seek to guarantee the dominance of their businesses and root Chinese national power in the very fabric of an international system.

From my vantage point, it appears we are at the early stages of a hyper-competitive world. This is not simply a competition between businesses and industries but also between governments and the ways in which they govern their societies. Make no mistake: the Chinese government is proposing itself as an alternative model for the world, one without a democratic system of government, and it is seeking to undermine the free and open rules-based order we helped establish following World War II. Our businesses and our government must adapt in order to compete and thrive in this world.

Perhaps AOC, Omar, Nadler, Pelosi, Tlaib and Schiff should be concentrating on the real work to protect American….eh? Better still, perhaps CNN should report on the real stuff….uh huh

Wikileaks, Julian Assange to be Extradited to the U.S.

Posted on by

Arrested by Metropolitan Police a the Ecuadorian embassy, Assange was taken to a jail in London. He appeared before a judge for breaching his bail conditions as Ecuador has been working for months to remove him for asylum where Assange has been living since 2012. Lenin Moreno, the President of Ecuador has been working with British officials since July of 2018 to terminate his asylum.

What has transpired since Wikileaks was founded in 2006, there have been several massive troves (10 million) of documents posted for public consumption. Assange began hacking in 1987 under the name of Mendax. It is not known officially how Julian Assange and Bradley Manning became acquainted, however during the court-martial of Manning, a volume of chat logs were presented as evidence between the two and included how Assange gave Manning the ability to reverse engineer passwords.

President Obama gave Manning a pardon while the matter of Assange could be that of a co-conspirator, espionage or aiding and abetting. The indictment does give rise to the evidence beyond the protections of Assange of just being a journalist. Assange is being prosecuted for violating the ‘computer fraud and abuse act’.

Assange-Indictment-0-0

President Lenín Moreno of Ecuador, who became the country’s president in 2017, had looked for a face-saving way to get out of the arrangement. On Thursday in a Twitter post, he said that his country had decided to stop sheltering Mr. Assange after “his repeated violations to international conventions and daily-life protocols,” a decision that cleared the way for the British authorities to detain him.

The relationship between Mr. Assange and Ecuador has been rocky, even as it offered him refuge and even citizenship, and WikiLeaks said last Friday that Ecuador “already has an agreement with the U.K. for his arrest” and predicted that Mr. Assange would be expelled from the embassy “within ‘hours to days.’”

Mr. Moreno, in a video statement, said that Mr. Assange had exhausted the patience of his hosts, outlining of litany of grievances: the installation of electronic interference equipment, the blocking of security cameras, and attacks on guards.

“Finally two days ago, WikiLeaks, the organization of Mr. Assange, threatened the government of Ecuador,” Mr. Moreno said, an apparent reference to allegations from the organization that Mr. Assange had been subject to a spying operation. “My government has nothing to fear and doesn’t act under threat.”

In his video, Mr. Moreno singled out the recent release by WikiLeaks of information about the Vatican as evidence that Mr. Assange had continued to work with WikiLeaks to violate “the rule of nonintervention in the internal affairs of other states.”

Alan Duncan, the minister responsible for Europe and the Americas at Britain’s Foreign Office, said in a statement that the arrest had followed “extensive dialogue” between the two countries.

In December 2017, Ecuador gave Mr. Assange citizenship, and was preparing to appoint him to a diplomatic post in Russia, but the British government made clear that if he left the embassy, he would not have diplomatic immunity.

The Ecuadorean government said in March last year that it had cut off Mr. Assange’s internet access, saying that he had violated an agreement to stop commenting on, or trying to influence, the politics of other countries. The government also imposed other restrictions, limiting his visitors and requiring him to clean his bathroom and look after his cat.

He sued the Ecuadorean government in October, claiming that it was violating his rights. More here from the NYT’s.

When an F-35 Goes Missing

Posted on by

Some panic has set in for the United States, the need to find the most expensive fighter jet ever built before enemies of the United States find it first.

Japan’s Air Self-Defense Force says the F-35A stealth jet went missing Tuesday while flying off the eastern coast of Aomori. It says the plane disappeared from radar about half an hour after taking off from the Misawa air base with three other F-35As for a flight exercise.

Defense Minister Takeshi Iwaya told reporters that a search and rescue operation was underway for the missing jet and its pilot. The cause of the mishap was not immediately known.

This could be  matter of several countries in the region doing the search.

A US Navy P-8A Poseidon maritime patrol aircraft and the Arleigh Burke-class guided-missile destroyer Stethem with the Navy’s 7th Fleet are assisting the Japanese air and maritime assets dispatched to find the missing aircraft and its pilot, the Navy said in a statement Wednesday.

Japan has sent out U-125A search-and-rescue aircraft, UH-60 Black Hawk helicopters, and P-3C maritime surveillance aircraft, as well as three coast-guard vessels to search for the downed F-35, according to The Diplomat.

“We continue to hope for the safe recovery of the pilot, and our thoughts are with his family and all of our Japanese partners as they conduct this search,” United States Forces Japan said in a statement.

The F-35A was being flown by an experienced pilot with more than 3,200 flight hours, including 60 hours in the new stealth fighters. Radar contact with the aircraft was lost while it was about 85 miles east of Misawa Air Base in northern Japan. The Japan Air Self Defense Force has grounded its entire fleet of F-35s in response.

So far, only parts of the missing aircraft have been recovered. The discovery indicates that the plane crashed, most likely marking the first F-35A crash. (A US Marine Corps F-35B crashed in South Carolina in September; the pilot was able to eject.)

While both the US and Japan are committed to finding the pilot, another aspect of the search is securing the technology aboard the advanced aircraft before someone else finds it.

 

“There is no price too high in this world for China and Russia to pay to get Japan’s missing F-35, if they can,” Tom Moore, a former senior professional staff member with the US Senate Foreign Relations Committee, tweeted Tuesday. “Big deal.”

“If one of Japan’s F-35s is sitting at the bottom of the Pacific, we are probably about to see one of the biggest underwater espionage and counter-espionage ops since the Cold War,” Tyler Rogoway, the editor of the respected defense publication The War Zone, tweeted.

The stealth fighter was specifically built to give the US advantages in high-end conflict against great-power rivals. Neither Russia nor China has been able to field a comparable fifth-generation aircraft. More here.

*** Update: Iwaya said that the pilot sent a signal to abort the mission, according to the broadcaster. Shortly after the signal, all communications with the fighter jet were lost. Parts of the jet have been located.

The Japanese defense ministry said the male pilot, who’s in his 40s, remains missing.

The fighter jet went off the radar while flying off the eastern coast of Aomori, just about half an hour after taking off the Misawa air base with three other F-35As.

All F-35’s based in Japan have been grounded.

Trump’s EO on Electromagnetic Pulses

Posted on by

The EMP Threat: How It Works and What It Means for the Korean Crisis - Geopolitical Futures

If government agencies are working this mission, shouldn’t Congress take up some measures too? Given this Executive Order, consider what motivated this action and consider all the measures you yourself should take.

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1.  Purpose.  An electromagnetic pulse (EMP) has the potential to disrupt, degrade, and damage technology and critical infrastructure systems.  Human-made or naturally occurring EMPs can affect large geographic areas, disrupting elements critical to the Nation’s security and economic prosperity, and could adversely affect global commerce and stability.  The Federal Government must foster sustainable, efficient, and cost-effective approaches to improving the Nation’s resilience to the effects of EMPs.

Sec. 2.  Definitions.  As used in this order:

(a)  “Critical infrastructure” means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.

(b)  “Electromagnetic pulse” is a burst of electromagnetic energy.  EMPs have the potential to negatively affect technology systems on Earth and in space.  A high-altitude EMP (HEMP) is a type of human-made EMP that occurs when a nuclear device is detonated at approximately 40 kilometers or more above the surface of Earth.  A geomagnetic disturbance (GMD) is a type of natural EMP driven by a temporary disturbance of Earth’s magnetic field resulting from interactions with solar eruptions.  Both HEMPs and GMDs can affect large geographic areas.

(c)  “National Critical Functions” means the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

(d)  “National Essential Functions” means the overarching responsibilities of the Federal Government to lead and sustain the Nation before, during, and in the aftermath of a catastrophic emergency, such as an EMP that adversely affects the performance of Government.

(e)  “Prepare” and “preparedness” mean the actions taken to plan, organize, equip, train, and exercise to build and sustain the capabilities necessary to prevent, protect against, mitigate the effects of, respond to, and recover from those threats that pose the greatest risk to the security of the Nation.  These terms include the prediction and notification of impending EMPs.

(f)  A “Sector-Specific Agency” (SSA) is the Federal department or agency that is responsible for providing institutional knowledge and specialized expertise as well as leading, facilitating, or supporting the security and resilience programs and associated activities of its designated critical infrastructure sector in the all-hazards environment.  The SSAs are those identified in Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience).

Sec. 3.  Policy.  (a)  It is the policy of the United States to prepare for the effects of EMPs through targeted approaches that coordinate whole-of-government activities and encourage private-sector engagement.  The Federal Government must provide warning of an impending EMP; protect against, respond to, and recover from the effects of an EMP through public and private engagement, planning, and investment; and prevent adversarial events through deterrence, defense, and nuclear nonproliferation efforts.  To achieve these goals, the Federal Government shall engage in risk-informed planning, prioritize research and development (R&D) to address the needs of critical infrastructure stakeholders, and, for adversarial threats, consult Intelligence Community assessments.

(b)  To implement the actions directed in this order, the Federal Government shall promote collaboration and facilitate information sharing, including the sharing of threat and vulnerability assessments, among executive departments and agencies (agencies), the owners and operators of critical infrastructure, and other relevant stakeholders, as appropriate.  The Federal Government shall also provide incentives, as appropriate, to private-sector partners to encourage innovation that strengthens critical infrastructure against the effects of EMPs through the development and implementation of best practices, regulations, and appropriate guidance.

Sec. 4.  Coordination.  (a)  The Assistant to the President for National Security Affairs (APNSA), through National Security Council staff and in consultation with the Director of the Office of Science and Technology Policy (OSTP), shall coordinate the development and implementation of executive branch actions to assess, prioritize, and manage the risks of EMPs.  The APNSA shall, on an annual basis, submit a report to the President summarizing progress on the implementation of this order, identifying gaps in capability, and recommending how to address those gaps.

(b)  To further the Federal R&D necessary to prepare the Nation for the effects of EMPs, the Director of OSTP shall coordinate efforts of agencies through the National Science and Technology Council (NSTC).  The Director of OSTP, through the NSTC, shall annually review and assess the R&D needs of agencies conducting preparedness activities for EMPs, consistent with this order.

Sec. 5.  Roles and Responsibilities.  (a)  The Secretary of State shall:

(i)   lead the coordination of diplomatic efforts with United States allies and international partners regarding enhancing resilience to the effects of EMPs; and

(ii)  in coordination with the Secretary of Defense and the heads of other relevant agencies, strengthen nuclear nonproliferation and deterrence efforts, which would reduce the likelihood of an EMP attack on the United States or its allies and partners by limiting the availability of nuclear devices.

(b)  The Secretary of Defense shall:

(i)    in cooperation with the heads of relevant agencies and with United States allies, international partners, and private-sector entities as appropriate, improve and develop the ability to rapidly characterize, attribute, and provide warning of EMPs, including effects on space systems of interest to the United States;

(ii)   provide timely operational observations, analyses, forecasts, and other products for naturally occurring EMPs to support the mission of the Department of Defense along with United States allies and international partners, including the provision of alerts and warnings for natural EMPs that may affect weapons systems, military operations, or the defense of the United States;

(iii)  conduct R&D and testing to understand the effects of EMPs on Department of Defense systems and infrastructure, improve capabilities to model and simulate the environments and effects of EMPs, and develop technologies to protect Department of Defense systems and infrastructure from the effects of EMPs to ensure the successful execution of Department of Defense missions;

(iv)   review and update existing EMP-related standards for Department of Defense systems and infrastructure, as appropriate;

(v)    share technical expertise and data regarding EMPs and their potential effects with other agencies and with the private sector, as appropriate;

(vi)   incorporate attacks that include EMPs as a factor in defense planning scenarios; and

(vii)  defend the Nation from adversarial EMPs originating outside of the United States through defense and deterrence, consistent with the mission and national security policy of the Department of Defense.

(c)  The Secretary of the Interior shall support the research, development, deployment, and operation of capabilities that enhance understanding of variations of Earth’s magnetic field associated with EMPs.

(d)  The Secretary of Commerce shall:

(i)   provide timely and accurate operational observations, analyses, forecasts, and other products for natural EMPs, exclusive of the responsibilities of the Secretary of Defense set forth in subsection (b)(ii) of this section; and

(ii)  use the capabilities of the Department of Commerce, the private sector, academia, and nongovernmental organizations to continuously improve operational forecasting services and the development of standards for commercial EMP technology.

(e)  The Secretary of Energy shall conduct early-stage R&D, develop pilot programs, and partner with other agencies and the private sector, as appropriate, to characterize sources of EMPs and their couplings to the electric power grid and its subcomponents, understand associated potential failure modes for the energy sector, and coordinate preparedness and mitigation measures with energy sector partners.

(f)  The Secretary of Homeland Security shall:

(i)    provide timely distribution of information on EMPs and credible associated threats to Federal, State, and local governments, critical infrastructure owners and operators, and other stakeholders;

(ii)   in coordination with the heads of any relevant SSAs, use the results of risk assessments to better understand and enhance resilience to the effects of EMPs across all critical infrastructure sectors, including coordinating the identification of national critical functions and the prioritization of associated critical infrastructure at greatest risk to the effects of EMPs;

(iii)  coordinate response to and recovery from the effects of EMPs on critical infrastructure, in coordination with the heads of appropriate SSAs;

(iv)   incorporate events that include EMPs as a factor in preparedness scenarios and exercises;

(v)    in coordination with the heads of relevant SSAs, conduct R&D to better understand and more effectively model the effects of EMPs on national critical functions and associated critical infrastructure — excluding Department of Defense systems and infrastructure — and develop technologies and guidelines to enhance these functions and better protect this infrastructure;

(vi)   maintain survivable means to provide necessary emergency information to the public during and after EMPs; and

(vii)  in coordination with the Secretaries of Defense and Energy, and informed by intelligence-based threat assessments, develop quadrennial risk assessments on EMPs, with the first risk assessment delivered within 1 year of the date of this order.

(g)  The Director of National Intelligence shall:

(i)   coordinate the collection, analysis, and promulgation, as appropriate, of intelligence-based assessments on adversaries’ capabilities to conduct an attack utilizing an EMP and the likelihood of such an attack; and

(ii)  provide intelligence-based threat assessments to support the heads of relevant SSAs in the development of quadrennial risk assessments on EMPs.

(h)  The heads of all SSAs, in coordination with the Secretary of Homeland Security, shall enhance and facilitate information sharing with private-sector counterparts, as appropriate, to enhance preparedness for the effects of EMPs, to identify and share vulnerabilities, and to work collaboratively to reduce vulnerabilities.

(i)  The heads of all agencies that support National Essential Functions shall ensure that their all­hazards preparedness planning sufficiently addresses EMPs, including through mitigation, response, and recovery, as directed by national preparedness policy.

Sec. 6.  Implementation.  (a)  Identifying national critical functions and associated priority critical infrastructure at greatest risk.

(i)   Within 90 days of the date of this order, the Secretary of Homeland Security, in coordination with the heads of SSAs and other agencies as appropriate, shall identify and list the national critical functions and associated priority critical infrastructure systems, networks, and assets, including space-based assets that, if disrupted, could reasonably result in catastrophic national or regional effects on public health or safety, economic security, or national security.  The Secretary of Homeland Security shall update this list as necessary.

(ii)  Within 1 year of the identification described in subsection (a)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of other agencies as appropriate, shall, using appropriate government and private-sector standards for EMPs, assess which identified critical infrastructure systems, networks, and assets are most vulnerable to the effects of EMPs.  The Secretary of Homeland Security shall provide this list to the President, through the APNSA.  The Secretary of Homeland Security shall update this list using the results produced pursuant to subsection (b) of this section, and as necessary thereafter.

(b)  Improving understanding of the effects of EMPs.

(i)    Within 180 days of the identification described in subsection (a)(ii) of this section, the Secretary of Homeland Security, in coordination with the heads of SSAs and in consultation with the Director of OSTP and the heads of other appropriate agencies, shall review test data — identifying any gaps in such data — regarding the effects of EMPs on critical infrastructure systems, networks, and assets representative of those throughout the Nation.

(ii)   Within 180 days of identifying the gaps in existing test data, as directed by subsection (b)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of SSAs and in consultation with the Director of OSTP and the heads of other appropriate agencies, shall use the sector partnership structure identified in the National Infrastructure Protection Plan to develop an integrated cross-sector plan to address the identified gaps.  The heads of agencies identified in the plan shall implement the plan in collaboration with the private sector, as appropriate.

(iii)  Within 1 year of the date of this order, and as appropriate thereafter, the Secretary of Energy, in consultation with the heads of other agencies and the private sector, as appropriate, shall review existing standards for EMPs and develop or update, as necessary, quantitative benchmarks that sufficiently describe the physical characteristics of EMPs, including waveform and intensity, in a form that is useful to and can be shared with owners and operators of critical infrastructure.

(iv)   Within 4 years of the date of this order, the Secretary of the Interior shall complete a magnetotelluric survey of the contiguous United States to help critical infrastructure owners and operators conduct EMP vulnerability assessments.

(c)  Evaluating approaches to mitigate the effects of EMPs.

(i)    Within 1 year of the date of this order, and every 2 years thereafter, the Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy, and in consultation with the Director of OSTP, the heads of other appropriate agencies, and private-sector partners as appropriate, shall submit to the President, through the APNSA, a report that analyzes the technology options available to improve the resilience of critical infrastructure to the effects of EMPs.  The Secretaries of Defense, Energy, and Homeland Security shall also identify gaps in available technologies and opportunities for future technological developments to inform R&D activities.

(ii)   Within 180 days of the completion of the activities directed by subsections (b)(iii) and (c)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of other agencies and in consultation with the private sector as appropriate, shall develop and implement a pilot test to evaluate available engineering approaches for mitigating the effects of EMPs on the most vulnerable critical infrastructure systems, networks, and assets, as identified in subsection (a)(ii) of this section.

(iii)  Within 1 year of the date of this order, the Secretary of Homeland Security, in coordination with the heads of relevant SSAs, and in consultation with appropriate regulatory and utility commissions and other stakeholders, shall identify regulatory and non regulatory mechanisms, including cost recovery measures, that can enhance private-sector engagement to address the effects of EMPs.

(d)  Strengthening critical infrastructure to withstand the effects of EMPs.

(i)    Within 90 days of completing the actions directed in subsection (c)(ii) of this section, the Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy and in consultation with the heads of other appropriate agencies and with the private sector as appropriate, shall develop a plan to mitigate the effects of EMPs on the vulnerable priority critical infrastructure systems, networks, and assets identified under subsection (a)(ii) of this section.  The plan shall align with and build on actions identified in reports required by Executive Order 13800 of May 11, 2017 (Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure).  The Secretary of Homeland Security shall implement those elements of the plan that are consistent with Department of Homeland Security authorities and resources, and report to the APNSA regarding any additional authorities and resources needed to complete its implementation.  The Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy, shall update the plan as necessary based on results from the actions directed in subsections (b) and (c) of this section.

(ii)   Within 180 days of the completion of the actions identified in subsection (c)(i) of this section, the Secretary of Defense, in consultation with the Secretaries of Homeland Security and Energy, shall conduct a pilot test to evaluate engineering approaches used to harden a strategic military installation, including infrastructure that is critical to supporting that installation, against the effects of EMPs.

(iii)  Within 180 days of completing the pilot test described in subsection (d)(ii) of this section, the Secretary of Defense shall report to the President, through the APNSA, regarding the cost and effectiveness of the evaluated approaches.

(e)  Improving response to EMPs.

(i)    Within 180 days of the date of this order, the Secretary of Homeland Security, through the Administrator of the Federal Emergency Management Agency, in coordination with the heads of appropriate SSAs, shall review and update Federal response plans, programs, and procedures to account for the effects of EMPs.

(ii)   Within 180 days of the completion of actions directed by subsection (e)(i) of this section, agencies that support National Essential Functions shall update operational plans documenting their procedures and responsibilities to prepare for, protect against, and mitigate the effects of EMPs.

(iii)  Within 180 days of identifying vulnerable priority critical infrastructure systems, networks, and assets as directed by subsection (a)(ii) of this section, the Secretary of Homeland Security, in consultation with the Secretaries of Defense and Commerce, and the Chairman of the Federal Communications Commission, shall provide the Deputy Assistant to the President for Homeland Security and Counterterrorism and the Director of OSTP with an assessment of the effects of EMPs on critical communications infrastructure, and recommend changes to operational plans to enhance national response and recovery efforts after an EMP.

Sec. 7.  General Provisions.  (a)  Nothing in this order shall be construed to impair or otherwise affect:

(i)   the authority granted by law to an executive department or agency, or the head thereof; or

(ii)  the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.

(b)  This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c)  This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

DONALD J. TRUMP

THE WHITE HOUSE,
March 26, 2019.