Feds Prepare States for Foreign Voting Interference

The Democrats have really lost their argument against voter ID if they are being fully candid about foreign interference. It is without question that several cities and states are victims of ransomware and Florida is especially concerned. Remember that a foreign actor, where clues point to Russia were able to gain access to voter registration databases and it stands to reason China will attempt the same.

Continually, the Democrats say that the Trump administration is virtually doing nothing to protect the election system. Read on as the Democrats know the mission and actions of the Cyber division of the Department of Homeland Security.

Image result for foreign hackers us voting systems photo
As Reuters reports:

The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election.

These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials.

“We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet.

The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta.

“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

A ransomware attack typically locks an infected computer system until payment, usually in the form of cryptocurrency, is sent to the hacker.

The effort to counter ransomware-style cyberattacks aimed at the election runs parallel to a larger intelligence community directive to determine the most likely vectors of digital attack in the November 2020 election, according to current and former U.S. officials.

“It is imperative that states and municipalities limit the availability of information about electoral systems or administrative processes and secure their websites and databases that could be exploited,” the FBI said in a statement, supporting the Homeland Security initiative.

CISA’s program will reach out to state election officials to prepare for such a ransomware scenario. It will provide educational material, remote computer penetration testing, and vulnerability scans as well as a list of recommendations on how to prevent and recover from ransomware.

These guidelines, however, will not offer advice on whether a state should ultimately pay or refuse to pay ransom to a hacker if one of its systems is already infected.

“Our thought is we don’t want the states to have to be in that situation,” said a Homeland Security official. “We’re focused on preventing it from happening.”

Over the last two years, cyber criminals and nation state hacking groups have used ransomware to extort victims and create chaos. In one incident in 2017, which has since been attributed to Russian hackers, a ransomware virus was used to mask a data deletion technique, rendering victim computers totally unusable.

That attack, dubbed “NotPetya,” went on to damage global corporations, including FedEx and Maersk, which had offices in Ukraine where the malware first spread.

The threat is concerning because of its potential impact on voting results, experts say.

“A pre-election undetected attack could tamper with voter lists, creating huge confusion and delays, disenfranchisement, and at large enough scale could compromise the validity of the election,” said John Sebes, chief technology officer of the ESET Institute, an election technology policy think tank.

The databases are also “particularly susceptible to this kind of attack because local jurisdictions and states actively add, remove, and change the data year-round,” said Maurice Turner, a senior technologist with the Center for Democracy and Technology. “If the malicious actor doesn’t provide the key, the data is lost forever unless the victim has a recent backup.”

Nationwide, the local governments that store and update voter registration data are typically ill-equipped to defend themselves against elite hackers.

State election officials told Reuters they have improved their cyber defenses since 2016, including in some cases preparing backups for voter registration databases in case of an attack. But there is no common standard for how often local governments should create backups, said a senior Homeland Security official.

“We have to remember that this threat to our democracy will not go away, and concern about ransomware attacks on voter registration databases is one clear example,” said Vermont Secretary of State Jim Condos. “We’re sure the threat is far from over.”

 

About Those NK Miniature Warheads

Primer: North Korea could now have as many as 60 nuclear warheads in its inventory. The new number is more than double the maximum estimate of 20 to 25 weapons by Siegfried Hecker, former director of the Los Alamos National Laboratory and now a professor at Stanford University. Hecker was the last American scientist to visit North Korea’s nuclear weapons complex, in late 2010. Most estimates of the size of the North’s inventory have been far more conservative, generally in the range of 12 to 15 to 20.
Image result for north korea nuclear warheads photo

Japan defense white paper to concede North Korea has miniaturized nuclear warheads, report says

Reuters, Kyodo

Japan has upgraded its estimate of North Korea’s nuclear weapons capability in an upcoming annual defense white paper, saying it seems Pyongyang has already achieved the miniaturization of warheads, the Yomiuri newspaper said in an unsourced report Wednesday.

That compares with the assessment in last year’s report in which the government said it was possible North Korea had achieved miniaturization, the daily said without citing sources.

The report, to be approved at a Cabinet meeting in mid-September, will maintain the assessment that North Korea’s military activities pose a “serious and imminent threat,” the Yomiuri said.

South Korea’s 2018 defense white paper, released in January, reported that North Korea’s ability to miniaturize nuclear weapons “appears to have reached a considerable level.”

According to South Korean media reports late last year, the South Korean intelligence agency told lawmakers that North Korea had continued to miniaturize nuclear warheads even after the Singapore summit between U.S. President Donald Trump and North Korean leader Kim Jong Un in June 2018.

At that time, North Korea committed “to work toward complete denuclearization of the Korean Peninsula” and destroyed some tunnels and buildings at its Punggye-ri nuclear test site.

But a second Trump-Kim meeting in February collapsed without an agreement, and North Korea has since resumed missile tests.

American officials have concluded for years that North Korea had likely produced miniaturized nuclear warheads. A leaked report by the Defense Intelligence Agency in 2017 concluded that North Korea had successfully produced a miniaturized nuclear warhead that can fit inside its missiles, according to The Washington Post.

In last year’s defense white paper, Japan said “miniaturizing a nuclear weapon small enough to be mounted on a ballistic missile requires a considerably high degree of technological capacity,” and that “it is possible that North Korea has achieved the miniaturization of nuclear weapons and has developed nuclear warheads.”

Also Wednesday, North Korea voiced its eagerness via its state-run media to continue developing and testing new weapons while accusing the United States of seeking confrontation through joint military drills with the South.

“There can be no constructive dialogue while confrontation is fueled,” the Rodong Sinmun, the mouthpiece of the ruling Workers’ Party of Korea, said. “We have to develop, test and deploy powerful physical means essential for national defense.”

The remarks by North Korea’s most influential newspaper came a day after the United States and South Korea ended their joint military exercise that started Aug. 5. Pyongyang has denounced such drills as a rehearsal for an invasion.

North Korea has repeatedly launched projectiles, including what appeared to be short-range ballistic missiles, off its east coast since July 25, in protest against the latest U.S.-South Korea joint military exercise.

The moves came despite Trump’s revelation earlier this month that he received what he called a “beautiful” letter from Kim. Trump said Kim expressed his desire in the letter to hold more summit talks following the end of the military drill.

North Korea is scheduled to convene the second session of its top legislative body this year on Aug. 29. All eyes are on whether Kim will make a speech at the legislature to announce his policy of how to proceed with denuclearization negotiations with the United States.

At their June 30 meeting at the inter-Korean truce village of Panmunjeom, Trump and Kim agreed that Washington and Pyongyang would resume stalled denuclearization talks within weeks, but they have yet to take place.

35 North Korean cyberattacks in 17 countries

Pwned: North Korea's Facebook clone hacked by UK teen ...

According to a South Korean politician, last fall North Korean hackers gained access to South Korea’s Defense Integrated Data Center and stole 235 gigabytes of classified military plans. More here.

UNITED NATIONS (AP) — U.N. experts say they are investigating at least 35 instances in 17 countries of North Koreans using cyberattacks to illegally raise money for weapons of mass destruction programs — and they are calling for sanctions against ships providing gasoline and diesel to the country.

Last week, The Associated Press quoted a summary of a report from the experts which said that North Korea illegally acquired as much as $2 billion from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.

The lengthier version of the report, recently seen by the AP, reveals that neighboring South Korea was hardest-hit, the victim of 10 North Korean cyberattacks, followed by India with three attacks, and Bangladesh and Chile with two each.

Thirteen countries suffered one attack — Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam, it said.

The experts said they are investigating the reported attacks as attempted violations of U.N. sanctions, which the panel monitors.

The report cites three main ways that North Korean cyber hackers operate:

—Attacks through the Society for Worldwide Interbank Financial Telecommunication or SWIFT system used to transfer money between banks, “with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence.”

—Theft of cryptocurrency “through attacks on both exchanges and users.”

— And “mining of cryptocurrency as a source of funds for a professional branch of the military.”

The experts stressed that implementing these increasingly sophisticated attacks “is low risk and high yield,” often requiring just a laptop computer and access to the internet.

The report to the Security Council gives details on some of the North Korean cyberattacks as well as the country’s successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes Benz S-600 cars.

One Mercedes Maybach S-Class limousine and other S-600s, as well as a Toyota Land Cruiser, were transferred from North Korea to Vietnam for last February’s summit between the country’s leader Kim Jong Un and U.S. President Donald Trump, the experts said, adding that Vietnam said it asked for but was never provided a list of vehicles being brought into the country.

The panel also said it obtained information that the Taesong Department Store in Pyongyang, which reopened in April and is selling luxury goods, is part of the Taesong Group which includes two entities under U.N. sanctions and was previously linked to procurement for North Korea’s ballistic missile programs.

The panel recommended sanctions against six North Korean vessels for evading sanctions and illegally carrying out ship-to-ship transfers of refined petroleum products.

Under U.N. sanctions, North Korea is limited to importing 500,000 barrels of such products annually including gasoline and diesel. The U.S. and 25 other countries said North Korea exceeded the limit in the first four months of 2019.

The panel also recommended sanctions against the captain, owner, and parent company of the North Korean-flagged Wise Honest, which was detained by Indonesia in April 2018 with an illegal shipment of coal.

As for North Korea’s military cooperation with other countries, the experts said Iran rejected an unnamed country’s allegation that two North Korean entities under sanctions maintained offices in Iran — the Korea Mining Development Trading Corporation known as KOMID, which is the country’s primary arms dealer and main exporter of goods and equipment related to ballistic missiles and conventional weapons, and Saeng Pil Company.

How does Nolvadex work?
Cheap Nolvadex prevents the cells of tumor to access growing hormones which ensures slowing or complete termination of growth of tumor. Tamoxifen https://canadianrxcenter.com/buy-nolvadex-online-cheap/ belongs to the drug class known as SERM which stands for selective estrogen receptor modulators. The medicine prevents estrogen from binding with certain particles (receptors) on cells of cancer tumor. Tamoxifen fills these receptors and estrogens are disabled to bind to the cells. When breast cancer cells lack estrogen they turn dormant and in 98% of cases the cells of cancer die.

The experts said they have requested information from Rwanda on a report that North Koreans are conducting special forces training at a military camp in Gabiro. And they said they are also waiting for a response from Uganda “to multiple inquires” about reports indicating specialized training is being conducted in the country, and KOMID and North Korean workers maintain a presence.

As examples of North Korean cyberattacks, the panel said hackers in one unnamed country accessed the infrastructure managing its entire ATM system and installed malware modifying the way transactions are processed. As a result, it forced 10,000 cash distributions to individuals working for or on behalf of North Korea “across more than 20 countries in five hours.”

In Chile, the experts said, North Korean hackers demonstrated “increasing sophistication in social engineering,” by using LinkedIn to offer a job to an employee of the Chilean interbank network Redbanc, which connects the ATMs of all the country’s banks.

According to a report from one unnamed country cited by the experts, stolen funds following one cryptocurrency attack in 2018 “were transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion” to currency that a government has declared legal money, “making it highly difficult to track the funds.”

In South Korea, the experts said, North Korean cyber actors shifted focus in 2019 to targeting cryptocurrency exchanges, some repeatedly.

The panel said South Korea’s Bithumb, one of the largest cryptocurrency exchanges in the world, was reportedly attacked at least four times. It said the first two attacks in February 2017 and July 2017 each resulted in losses of approximately $7 million, while a June 2018 attack led to a $31 million loss and a March 2019 attack to a $20 million loss.

The panel said it also investigated instances of “cryptojacking” in which malware is used to infect a computer to illicitly use its resources to generate cryptocurrency. It said one report analyzed a piece of malware designed to mine the cryptocurrency Monero “and send any mined currency to servers located at Kim Il Sung University in Pyongyang.”

Trump’s EO on Electromagnetic Pulses

The EMP Threat: How It Works and What It Means for the Korean Crisis - Geopolitical Futures

If government agencies are working this mission, shouldn’t Congress take up some measures too? Given this Executive Order, consider what motivated this action and consider all the measures you yourself should take.

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1.  Purpose.  An electromagnetic pulse (EMP) has the potential to disrupt, degrade, and damage technology and critical infrastructure systems.  Human-made or naturally occurring EMPs can affect large geographic areas, disrupting elements critical to the Nation’s security and economic prosperity, and could adversely affect global commerce and stability.  The Federal Government must foster sustainable, efficient, and cost-effective approaches to improving the Nation’s resilience to the effects of EMPs.

Sec. 2.  Definitions.  As used in this order:

(a)  “Critical infrastructure” means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.

(b)  “Electromagnetic pulse” is a burst of electromagnetic energy.  EMPs have the potential to negatively affect technology systems on Earth and in space.  A high-altitude EMP (HEMP) is a type of human-made EMP that occurs when a nuclear device is detonated at approximately 40 kilometers or more above the surface of Earth.  A geomagnetic disturbance (GMD) is a type of natural EMP driven by a temporary disturbance of Earth’s magnetic field resulting from interactions with solar eruptions.  Both HEMPs and GMDs can affect large geographic areas.

(c)  “National Critical Functions” means the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

(d)  “National Essential Functions” means the overarching responsibilities of the Federal Government to lead and sustain the Nation before, during, and in the aftermath of a catastrophic emergency, such as an EMP that adversely affects the performance of Government.

(e)  “Prepare” and “preparedness” mean the actions taken to plan, organize, equip, train, and exercise to build and sustain the capabilities necessary to prevent, protect against, mitigate the effects of, respond to, and recover from those threats that pose the greatest risk to the security of the Nation.  These terms include the prediction and notification of impending EMPs.

(f)  A “Sector-Specific Agency” (SSA) is the Federal department or agency that is responsible for providing institutional knowledge and specialized expertise as well as leading, facilitating, or supporting the security and resilience programs and associated activities of its designated critical infrastructure sector in the all-hazards environment.  The SSAs are those identified in Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience).

Sec. 3.  Policy.  (a)  It is the policy of the United States to prepare for the effects of EMPs through targeted approaches that coordinate whole-of-government activities and encourage private-sector engagement.  The Federal Government must provide warning of an impending EMP; protect against, respond to, and recover from the effects of an EMP through public and private engagement, planning, and investment; and prevent adversarial events through deterrence, defense, and nuclear nonproliferation efforts.  To achieve these goals, the Federal Government shall engage in risk-informed planning, prioritize research and development (R&D) to address the needs of critical infrastructure stakeholders, and, for adversarial threats, consult Intelligence Community assessments.

(b)  To implement the actions directed in this order, the Federal Government shall promote collaboration and facilitate information sharing, including the sharing of threat and vulnerability assessments, among executive departments and agencies (agencies), the owners and operators of critical infrastructure, and other relevant stakeholders, as appropriate.  The Federal Government shall also provide incentives, as appropriate, to private-sector partners to encourage innovation that strengthens critical infrastructure against the effects of EMPs through the development and implementation of best practices, regulations, and appropriate guidance.

Sec. 4.  Coordination.  (a)  The Assistant to the President for National Security Affairs (APNSA), through National Security Council staff and in consultation with the Director of the Office of Science and Technology Policy (OSTP), shall coordinate the development and implementation of executive branch actions to assess, prioritize, and manage the risks of EMPs.  The APNSA shall, on an annual basis, submit a report to the President summarizing progress on the implementation of this order, identifying gaps in capability, and recommending how to address those gaps.

(b)  To further the Federal R&D necessary to prepare the Nation for the effects of EMPs, the Director of OSTP shall coordinate efforts of agencies through the National Science and Technology Council (NSTC).  The Director of OSTP, through the NSTC, shall annually review and assess the R&D needs of agencies conducting preparedness activities for EMPs, consistent with this order.

Sec. 5.  Roles and Responsibilities.  (a)  The Secretary of State shall:

(i)   lead the coordination of diplomatic efforts with United States allies and international partners regarding enhancing resilience to the effects of EMPs; and

(ii)  in coordination with the Secretary of Defense and the heads of other relevant agencies, strengthen nuclear nonproliferation and deterrence efforts, which would reduce the likelihood of an EMP attack on the United States or its allies and partners by limiting the availability of nuclear devices.

(b)  The Secretary of Defense shall:

(i)    in cooperation with the heads of relevant agencies and with United States allies, international partners, and private-sector entities as appropriate, improve and develop the ability to rapidly characterize, attribute, and provide warning of EMPs, including effects on space systems of interest to the United States;

(ii)   provide timely operational observations, analyses, forecasts, and other products for naturally occurring EMPs to support the mission of the Department of Defense along with United States allies and international partners, including the provision of alerts and warnings for natural EMPs that may affect weapons systems, military operations, or the defense of the United States;

(iii)  conduct R&D and testing to understand the effects of EMPs on Department of Defense systems and infrastructure, improve capabilities to model and simulate the environments and effects of EMPs, and develop technologies to protect Department of Defense systems and infrastructure from the effects of EMPs to ensure the successful execution of Department of Defense missions;

(iv)   review and update existing EMP-related standards for Department of Defense systems and infrastructure, as appropriate;

(v)    share technical expertise and data regarding EMPs and their potential effects with other agencies and with the private sector, as appropriate;

(vi)   incorporate attacks that include EMPs as a factor in defense planning scenarios; and

(vii)  defend the Nation from adversarial EMPs originating outside of the United States through defense and deterrence, consistent with the mission and national security policy of the Department of Defense.

(c)  The Secretary of the Interior shall support the research, development, deployment, and operation of capabilities that enhance understanding of variations of Earth’s magnetic field associated with EMPs.

(d)  The Secretary of Commerce shall:

(i)   provide timely and accurate operational observations, analyses, forecasts, and other products for natural EMPs, exclusive of the responsibilities of the Secretary of Defense set forth in subsection (b)(ii) of this section; and

(ii)  use the capabilities of the Department of Commerce, the private sector, academia, and nongovernmental organizations to continuously improve operational forecasting services and the development of standards for commercial EMP technology.

(e)  The Secretary of Energy shall conduct early-stage R&D, develop pilot programs, and partner with other agencies and the private sector, as appropriate, to characterize sources of EMPs and their couplings to the electric power grid and its subcomponents, understand associated potential failure modes for the energy sector, and coordinate preparedness and mitigation measures with energy sector partners.

(f)  The Secretary of Homeland Security shall:

(i)    provide timely distribution of information on EMPs and credible associated threats to Federal, State, and local governments, critical infrastructure owners and operators, and other stakeholders;

(ii)   in coordination with the heads of any relevant SSAs, use the results of risk assessments to better understand and enhance resilience to the effects of EMPs across all critical infrastructure sectors, including coordinating the identification of national critical functions and the prioritization of associated critical infrastructure at greatest risk to the effects of EMPs;

(iii)  coordinate response to and recovery from the effects of EMPs on critical infrastructure, in coordination with the heads of appropriate SSAs;

(iv)   incorporate events that include EMPs as a factor in preparedness scenarios and exercises;

(v)    in coordination with the heads of relevant SSAs, conduct R&D to better understand and more effectively model the effects of EMPs on national critical functions and associated critical infrastructure — excluding Department of Defense systems and infrastructure — and develop technologies and guidelines to enhance these functions and better protect this infrastructure;

(vi)   maintain survivable means to provide necessary emergency information to the public during and after EMPs; and

(vii)  in coordination with the Secretaries of Defense and Energy, and informed by intelligence-based threat assessments, develop quadrennial risk assessments on EMPs, with the first risk assessment delivered within 1 year of the date of this order.

(g)  The Director of National Intelligence shall:

(i)   coordinate the collection, analysis, and promulgation, as appropriate, of intelligence-based assessments on adversaries’ capabilities to conduct an attack utilizing an EMP and the likelihood of such an attack; and

(ii)  provide intelligence-based threat assessments to support the heads of relevant SSAs in the development of quadrennial risk assessments on EMPs.

(h)  The heads of all SSAs, in coordination with the Secretary of Homeland Security, shall enhance and facilitate information sharing with private-sector counterparts, as appropriate, to enhance preparedness for the effects of EMPs, to identify and share vulnerabilities, and to work collaboratively to reduce vulnerabilities.

(i)  The heads of all agencies that support National Essential Functions shall ensure that their all­hazards preparedness planning sufficiently addresses EMPs, including through mitigation, response, and recovery, as directed by national preparedness policy.

Sec. 6.  Implementation.  (a)  Identifying national critical functions and associated priority critical infrastructure at greatest risk.

(i)   Within 90 days of the date of this order, the Secretary of Homeland Security, in coordination with the heads of SSAs and other agencies as appropriate, shall identify and list the national critical functions and associated priority critical infrastructure systems, networks, and assets, including space-based assets that, if disrupted, could reasonably result in catastrophic national or regional effects on public health or safety, economic security, or national security.  The Secretary of Homeland Security shall update this list as necessary.

(ii)  Within 1 year of the identification described in subsection (a)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of other agencies as appropriate, shall, using appropriate government and private-sector standards for EMPs, assess which identified critical infrastructure systems, networks, and assets are most vulnerable to the effects of EMPs.  The Secretary of Homeland Security shall provide this list to the President, through the APNSA.  The Secretary of Homeland Security shall update this list using the results produced pursuant to subsection (b) of this section, and as necessary thereafter.

(b)  Improving understanding of the effects of EMPs.

(i)    Within 180 days of the identification described in subsection (a)(ii) of this section, the Secretary of Homeland Security, in coordination with the heads of SSAs and in consultation with the Director of OSTP and the heads of other appropriate agencies, shall review test data — identifying any gaps in such data — regarding the effects of EMPs on critical infrastructure systems, networks, and assets representative of those throughout the Nation.

(ii)   Within 180 days of identifying the gaps in existing test data, as directed by subsection (b)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of SSAs and in consultation with the Director of OSTP and the heads of other appropriate agencies, shall use the sector partnership structure identified in the National Infrastructure Protection Plan to develop an integrated cross-sector plan to address the identified gaps.  The heads of agencies identified in the plan shall implement the plan in collaboration with the private sector, as appropriate.

(iii)  Within 1 year of the date of this order, and as appropriate thereafter, the Secretary of Energy, in consultation with the heads of other agencies and the private sector, as appropriate, shall review existing standards for EMPs and develop or update, as necessary, quantitative benchmarks that sufficiently describe the physical characteristics of EMPs, including waveform and intensity, in a form that is useful to and can be shared with owners and operators of critical infrastructure.

(iv)   Within 4 years of the date of this order, the Secretary of the Interior shall complete a magnetotelluric survey of the contiguous United States to help critical infrastructure owners and operators conduct EMP vulnerability assessments.

(c)  Evaluating approaches to mitigate the effects of EMPs.

(i)    Within 1 year of the date of this order, and every 2 years thereafter, the Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy, and in consultation with the Director of OSTP, the heads of other appropriate agencies, and private-sector partners as appropriate, shall submit to the President, through the APNSA, a report that analyzes the technology options available to improve the resilience of critical infrastructure to the effects of EMPs.  The Secretaries of Defense, Energy, and Homeland Security shall also identify gaps in available technologies and opportunities for future technological developments to inform R&D activities.

(ii)   Within 180 days of the completion of the activities directed by subsections (b)(iii) and (c)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of other agencies and in consultation with the private sector as appropriate, shall develop and implement a pilot test to evaluate available engineering approaches for mitigating the effects of EMPs on the most vulnerable critical infrastructure systems, networks, and assets, as identified in subsection (a)(ii) of this section.

(iii)  Within 1 year of the date of this order, the Secretary of Homeland Security, in coordination with the heads of relevant SSAs, and in consultation with appropriate regulatory and utility commissions and other stakeholders, shall identify regulatory and non regulatory mechanisms, including cost recovery measures, that can enhance private-sector engagement to address the effects of EMPs.

(d)  Strengthening critical infrastructure to withstand the effects of EMPs.

(i)    Within 90 days of completing the actions directed in subsection (c)(ii) of this section, the Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy and in consultation with the heads of other appropriate agencies and with the private sector as appropriate, shall develop a plan to mitigate the effects of EMPs on the vulnerable priority critical infrastructure systems, networks, and assets identified under subsection (a)(ii) of this section.  The plan shall align with and build on actions identified in reports required by Executive Order 13800 of May 11, 2017 (Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure).  The Secretary of Homeland Security shall implement those elements of the plan that are consistent with Department of Homeland Security authorities and resources, and report to the APNSA regarding any additional authorities and resources needed to complete its implementation.  The Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy, shall update the plan as necessary based on results from the actions directed in subsections (b) and (c) of this section.

(ii)   Within 180 days of the completion of the actions identified in subsection (c)(i) of this section, the Secretary of Defense, in consultation with the Secretaries of Homeland Security and Energy, shall conduct a pilot test to evaluate engineering approaches used to harden a strategic military installation, including infrastructure that is critical to supporting that installation, against the effects of EMPs.

(iii)  Within 180 days of completing the pilot test described in subsection (d)(ii) of this section, the Secretary of Defense shall report to the President, through the APNSA, regarding the cost and effectiveness of the evaluated approaches.

(e)  Improving response to EMPs.

(i)    Within 180 days of the date of this order, the Secretary of Homeland Security, through the Administrator of the Federal Emergency Management Agency, in coordination with the heads of appropriate SSAs, shall review and update Federal response plans, programs, and procedures to account for the effects of EMPs.

(ii)   Within 180 days of the completion of actions directed by subsection (e)(i) of this section, agencies that support National Essential Functions shall update operational plans documenting their procedures and responsibilities to prepare for, protect against, and mitigate the effects of EMPs.

(iii)  Within 180 days of identifying vulnerable priority critical infrastructure systems, networks, and assets as directed by subsection (a)(ii) of this section, the Secretary of Homeland Security, in consultation with the Secretaries of Defense and Commerce, and the Chairman of the Federal Communications Commission, shall provide the Deputy Assistant to the President for Homeland Security and Counterterrorism and the Director of OSTP with an assessment of the effects of EMPs on critical communications infrastructure, and recommend changes to operational plans to enhance national response and recovery efforts after an EMP.

Sec. 7.  General Provisions.  (a)  Nothing in this order shall be construed to impair or otherwise affect:

(i)   the authority granted by law to an executive department or agency, or the head thereof; or

(ii)  the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.

(b)  This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c)  This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

DONALD J. TRUMP

THE WHITE HOUSE,
March 26, 2019.

GPS attack on NATO Exercise Came From Russia

Norway has stunned the international community by presenting “proof” Russia was behind a sophisticated GPS attack during war games.

War games are supposed to test a military’s ability to deal with the unexpected. But NATO got more than it anticipated last year when its warships’ navigation systems started acting up.

There was no way they could be where their computers were telling them they were.

This was no small issue: warships from 31 different nations were manoeuvring together in what was one of NATO’s largest exercises in decades.

But the implications went far beyond safety.

It means weapon systems without alternate means of finding out where they were could end up hundreds of kilometres off course.

It wasn’t the first time this GPS ‘glitch’ had been observed in Nordic nations such as Finland, Norway and Sweden. Civilian air traffic has reported several instances of their navigation systems going haywire.

EXPLORE MORE: Huge NATO exercise ‘jammed’ by Russia

DELVE DEEPER: Russia, China test GPS jamming systems’

In all, GPS signals have been reportedly disrupted five times in the northeastern region of Norway, Finland and Sweden since autumn 2017. But Trident Juncture exercise in October and November last year experienced the most intense attack.

A member of staff of the NATO naval and marine works with a navigation display on the bridge of USS Mount Whitney of the US Navy during the NATO-led military exercise Trident Juncture. Picture: AFP A member of staff of the NATO naval and marine works with a navigation display on the bridge of USS Mount Whitney of the US Navy during the NATO-led military exercise Trident Juncture. Picture: AFPSource:AFP

Suspicion immediately fell upon Russia.

Moscow dismissed the claims.

Russian Foreign Minister Sergey Larov went so far as to call the allegations “fantasy”.

But, now, Norway says it has proof.

“Russia asked to give proof. We gave them the proof,” Norwegian Defence Minister Frank Bakke-Jensen told reporters after a bilateral meeting with Russia in Oslo.

Norwegian civilian science outposts had recorded the type, strength and origins of the signals used to distort signals emitted by GPS satellites, he said.

This data has now been handed over to Moscow.

“Russia said ‘thank you, we will come back when our experts review that’. To have such an answer from Russia is a positive thing,” he said.

Minister Bakke-Jensen said Russia would have had to be well aware of the impact of its jamming systems.

A map provided by Norway's intelligence service showing the source and intensity of GPS jamming signals. Picture: Norway Defence Ministry A map provided by Norway’s intelligence service showing the source and intensity of GPS jamming signals. Picture: Norway Defence MinistrySource:Supplied

“They were exercising very close to the border and they knew this will affect areas on the other side,” he said. “We recognise Russia’s right to exercise and train its capacities [but] it is not acceptable that this kind of activity affects security in Norwegian air space.”

And international conventions dictate notice be given of any kind of major military test.

The dates and locations of NATO’s Trident Juncture exercise was known to Russia for years.

But Moscow called a snap ‘live-fire’ exercise of its own warships on the boundaries of the NATO games. It also appears to have engaged in an undeclared test of its electronic jamming systems, encompassing Trident Juncture’s designated exclusion area.

Russia shows little regard for the ‘fallout’ of its electronic warfare testing.

Norways’ Ministry of Foreign Affairs was forced to contact Moscow in October 2017 to request jamming exercises along its border as part of Russia’s annual Zapad war-games be halted due to public safety concerns.

“It was a large military exercise by a big neighbour and it disrupted civilian activities including air traffic, shipping, and fishing,” defence minister Bakke-Jensen said at the time.