Latest issue of World Security Report has arrived

The Spring 2021 issue of World Security Report for the latest industry views and news, is now available to download.
In the Spring 2021 issue of World Security Report:
- Phenomena or Just a ‘Bad Karma’
- Towards 2021 – Upcoming Organisation Risk & Resiliency Trends
- Maritime Domain Awareness - An Essential Component of a Comprehensive Border Security Strategy
- Security and Criminology- Risk Investigation and AI
- Resilience and Social Unrest
- State Sponsored Terror
- IACIPP Association News
- Industry news
Download your copy today at www.cip-association.org/WSR

IACIPP and Capitol Sign Agreement to Advance Worldwide Critical Infrastructure Awareness and Knowledge

Capitol Technology University and the International Association of Critical Infrastructure Protection Professionals (IACIPP) signed a Memorandum of Understanding (MOU) to develop a partnership that will extend efforts to improve the training and education of Critical Infrastructure Students and professionals. Both parties recognize a high demand for worldwide cooperation to increase the effectiveness of research, education, and activities in the critical infrastructure field of study. This MOU will facilitate the development of joint seminars, conferences, and training courses.
“As an Association we aim to deliver discussion and innovation— on many of the serious infrastructure, protection, management, and security challenges—facing both industry and governments. The ever changing and evolving nature of threats, whether natural through climate change or man-made through terrorism activities, either physical or cyber, means there is a continual need to review and update policies, practices, training, and technologies to meet these growing and changing demands,” said John Donlon QPM, Chairman IACIPP. “This partnership with Capitol Technology University enables both parties to develop and enhance objectives through education and training.”
A nation’s critical infrastructure provides the essential services that underpin a society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure— including assets, networks, and systems—that are vital to public confidence and a nation’s safety, prosperity, and well-being.
Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery.
The International Association of Critical Infrastructure Protection Professionals (IACIPP) is an international association of practitioners and professionals involved in the security, resilience and safety of critical infrastructure, both physical and information infrastructure.
The IACIPP is open to critical infrastructure operators and government agencies, including site managers, security officers, government agency officials, policy makers, research & academia. The Association also aims to share ideas, information, experiences, technology and best practices to enhance these objectives.
Capitol Technology University, located in Laurel, Maryland, is an independent institution that has focused on STEM education since 1927. Capitol Tech, the national winner of the 2020 SC Media Award for Best Cybersecurity Higher Education Program, offers hands-on courses taught by industry experts that lead to undergraduate and graduate degrees in emerging fields such as Mechatronics Engineering and Artificial Intelligence.

CISA Publish Ransomware Guidance and Resources

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.
Malicious actors continue to adjust and evolve their ransomware tactics over time, and CISA analysts remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world: See CISA's Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak.
Looking to learn more about this growing cyber threat? The NEW Ransomware Guide is a great place to start. The Guide, released in September 2020, represents a joint effort between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The joint Ransomware Guide includes industry best practices and a response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.
In January 2021, CISA unveiled the Reduce the Risk of Ransomware Campaign to raise awareness and instigate actions to combat this ongoing and evolving threat. The campaign is a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate ransomware risk.

UNISDR Report: Words into Action guideline: Man-made/technological hazards

The UNISDR has issues a report that takes a practical approach in addressing man-made and technological hazards, and builds upon previous analyses and recommendations relating to such hazards in the context of DRR.
The number and magnitude of man-made disasters worldwide have risen since the 1970s and continue to grow in both frequency and impact on human wellbeing and economies, particularly in low and middle-income countries.
Several major technological accidents and the increased number of new hazardous substances and materials have highlighted the need to tackle these hazards within the overall frame of inclusive disaster risk management. Paragraph 15 of the Sendai Framework for Disaster Risk Reduction 2015-2030 leaves no doubt about the need to address hazards comprehensively as it applies to the risk of small-scale and large-scale, frequent and infrequent, sudden and slow-onset disasters, caused by both natural and man-made hazards as well as related environmental, technological and biological hazards and risks. It aims to guide the management of disaster risk at all levels as well as within and across all sectors.
The United Nations Office for Disaster Risk Reduction (UNISDR) is the focal point of the United Nations system for disaster risk reduction and the custodian of the Sendai Framework, supporting countries and societies in its implementation, monitoring and review of progress.
In accordance with the Sendai Framework, this guide seeks to address man-made hazards by strengthening national and local disaster management plans to include these hazards and by raising awareness of their risks and impacts. Furthermore, it will be a valuable tool to support training and capacity building.
This guide provides a set of evidence-based, practical activities for implementation for chemical, industrial and transport accidents, and nuclear and radiological hazards under the Sendai Framework’s four priorities for action. The guide highlights the existing diversity of thematic frameworks, institutional and legal mechanisms at global and regional levels that are related to and used for addressing man-made hazards. It also draws attention to existing collaborations within the disaster risk reduction community and key partners.
The Guide builds on the outcomes of the Open-ended Intergovernmental Expert Working Group on Indicators and Terminology for the Sendai Framework, and the work on hazard classification and terminology related to man-made hazards.
Full guide is available here >>

GAO Report: Opportunities Exist for DOE to Better Support Utilities in Improving Resilience to Hurricanes

Hurricanes are a leading cause of major power outages in the U.S., impacting millions of customers in recent years. Utilities in hurricane-affected states have invested in ways to better equip their grids to withstand and rapidly recover from hurricanes. For example, some utilities have elevated equipment to protect grid infrastructure from flooding.
The Department of Energy and its National Laboratories are developing planning tools, such as metrics to track grid resilience. However, we recommended that DOE create a plan to better guide these efforts and to better inform utilities about available resources at its National Labs.
Since 2012, utilities have taken steps to improve grid resilience to severe hurricanes, such as (1) implementing storm hardening measures to enable the grid to better withstand the effects of hurricanes; (2) adopting technologies to enhance operational capacity and help quickly restore service following disruptions; and (3) participating in mutual aid programs with other utilities and training and planning exercises. For example, utilities have implemented storm hardening measures that include elevating facilities and constructing flood walls to protect against storm surges. Utilities have also adopted technologies that enhance communication capabilities and monitor systems to detect, locate, and repair sources of disruptions. However, these utilities reported challenges justifying grid resilience investments to obtain regulatory approval, and some utilities have limited resources to pursue such enhancements.
Various federal agencies can provide funding for efforts to enhance grid resilience to hurricanes, including the Department of Agriculture (USDA) and the Federal Emergency Management Agency (FEMA). However, eligibility for most federal funding for grid resilience, including some USDA and FEMA funding, is limited to publicly owned utilities and state, tribal, and local governments. The Department of Energy (DOE) does not provide direct funding for grid resilience improvements, but it has efforts under way, including through its National Laboratories, to provide technical assistance and promote research and collaboration with utilities. DOE has also initiated preliminary efforts to develop tools for resilience planning, including resilience metrics and other tools such as a framework for planning, but DOE does not have a plan to guide these efforts. Without a plan to guide DOE efforts to develop tools for resilience planning, utilities may continue to face challenges justifying resilience investments. In addition, DOE lacks a formal mechanism to inform utilities about the efforts of its National Laboratories. Such a mechanism would help utilities leverage existing resources for improving grid resilience to hurricanes.
Hurricanes pose significant threats to the electricity grid in some U.S. coastal areas and territories and are a leading cause of major power outages. In recent years, hurricanes have impacted millions of customers in these areas. Adoption of technologies and other measures could improve the resilience of the grid so that it is better able to withstand and rapidly recover from severe weather; this could help mitigate the effects of hurricanes.
This report examines (1) measures utilities in selected states have adopted to enhance grid resilience following major hurricanes since 2012 and any challenges utilities face funding such measures; and (2) federal efforts to support the adoption of measures to enhance grid resilience to hurricanes and any opportunities that exist to improve these efforts. For this report, GAO assessed agency and industry actions; reviewed relevant reports, policies, and documents; and interviewed federal, industry, and local officials.
GAO recommends that DOE (1) establish a plan to guide its efforts to develop tools for resilience planning, and (2) develop a mechanism to better inform utilities about grid resilience efforts at the National Laboratories. DOE agreed in principle with these recommendations, but its proposed actions do not fully address GAO's concerns.
Full report can be found here >>

Climate Change Is Expected to Have Far-reaching Effects and DOE and FERC Should Take Actions

Climate change is expected to affect every aspect of the electricity grid—from generation, transmission, and distribution, to demand for electricity. For example, more frequent droughts and changing rainfall patterns may diminish hydroelectricity in some areas, and increasing wildfires may damage transmission lines.
We testified about how the Department of Energy and the Federal Energy Regulatory Commission could enhance grid resilience. We recommended that DOE develop a strategy for doing so and coordinate efforts within the department, and that FERC assess grid risks and plan how to promote resilience.
Climate change is expected to have far-reaching effects on the electricity grid that could cost billions and could affect every aspect of the grid from generation, transmission, and distribution to demand for electricity, according to several reports GAO reviewed. The type and extent of these effects on the grid will vary by geographic location and other factors. For example, reports GAO reviewed stated that more frequent droughts and changing rainfall patterns may adversely affect hydroelectricity generation in Alaska and the Northwest and Southwest regions of the United States. Further, transmission capacity may be reduced or distribution lines damaged during increasing wildfire activity in some regions due to warmer temperatures and drier conditions. Moreover, climate change effects on the grid could cost utilities and customers billions, including the costs of power outages and infrastructure damage.
Since 2014, the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC) have taken actions to enhance the resilience of the grid. For example, in 2015, DOE established a partnership with 18 utilities to plan for climate change. In 2018, FERC collected information from grid operators on grid resilience and their risks to hazards such as extreme weather. Nevertheless, opportunities exist for DOE and FERC to take additional actions to enhance grid resilience to climate change. For example, DOE identified climate change as a risk to energy infrastructure, including the grid, but it does not have an overall strategy to guide its efforts. GAO's Disaster Resilience Framework states that federal efforts can focus on risk reduction by creating resilience goals and linking those goals to an overarching strategy. Developing and implementing a department-wide strategy that defines goals and measures progress could help prioritize DOE's climate resilience efforts to ensure that resources are targeted effectively. Regarding FERC, it has not taken steps to identify or assess climate change risks to the grid and, therefore, is not well positioned to determine the actions needed to enhance resilience. Risk management involves identifying and assessing risks to understand the likelihood of impacts and their associated consequences. By doing so, FERC could then plan and implement appropriate actions to respond to the risks and achieve its objective of promoting resilience.
According to the U.S. Global Change Research Program, changes in the earth's climate are under way and expected to increase, posing risks to the electricity grid that may affect the nation's economic and national security. Annual costs of weather-related power outages total billions of dollars and may increase with climate change, although resilience investments could help address potential effects, according to the research program. Private companies own most of the electricity grid, but the federal government plays a significant role in promoting grid resilience—the ability to adapt to changing conditions; withstand potentially disruptive events; and, if disrupted, to rapidly recover. DOE, the lead agency for grid resilience efforts, conducts research and provides information and technical assistance to industry. FERC reviews mandatory grid reliability standards.
This testimony summarizes GAO's report on grid resilience to climate change. Specifically, the testimony discusses (1) potential climate change effects on the electricity grid; and (2) actions DOE and FERC have taken since 2014 to enhance electricity grid resilience to climate change effects, and additional actions these agencies could take. GAO reviewed reports and interviewed agency officials and 55 relevant stakeholders.

Ensuring the Safety of Nuclear Installations: Lessons Learned from Fukushima

The Fukushima Daiichi nuclear accident reinforced the importance of having adequate national and international safety standards and  guidelines in place so that nuclear power and technology remain safe and continue to provide reliable low carbon energy globally.
By recognizing the lessons learned from the 2011 accident, the IAEA has been revising its global safety standards to ensure that Member States continue to receive up-to-date guidance of high quality.
“The Fukushima Daiichi accident has left a very large footprint on nuclear safety thinking, which manifested itself in a distinct shift from the prevention of design basis accidents to the prevention of severe accidents and, should an accident occur, the practical elimination of its consequences,” said Greg Rzentkowski, Director of the IAEA’s Division of Nuclear Installation Safety.
Following the accident, through a review of relevant standards, including the IAEA safety standard on design safety, experts found that a higher level of safety could be incorporated into existing nuclear power plants by adhering to more demanding requirements for protection against external natural hazards and by enhancing the independence of safety levels so that, even if one layer fails, another layer is unimpacted and stops an accident from happening.
While requirements for protection against natural hazards have always been included in the design of nuclear reactors, these have been strengthened since the accident. In general, the design requirements now take into account natural hazards of an estimated frequency above 1 in 10 000 years, as opposed to 1 in 1000 years used previously.
Incorporating these new safety standards into the design of existing reactors was subsequently tested through comprehensive safety assessments and inspections. The assessments took into account the design features of installations, safety upgrades and provisions for the use of non-permanent equipment to demonstrate that the probability of conditions that may lead to early or large releases is practically eliminated.
“New power plants are designed to account for the possibility of severe accidents,” said Javier Yllera, a senior Nuclear Safety Officer at the IAEA. “Different safety improvements have been implemented at existing power plants, together with accident management measures.”
Safety assessments or ‘stress tests’ implemented in the European Union following the Fukushima Daiichi nuclear accident focused on the assessment of natural hazards such as earthquakes and flooding, and on the behaviour of power plants in cases of extreme natural events and severe accidents. The overall objective was to analyse the robustness of reactors to such events and, if necessary, increase it. The margins of the safety of reactors were analysed and possible improvements were identified. The implementation of those stress tests remained the responsibility of Member States, and resulted in many design and operation enhancements in Europe.
[Source: IAEA]

Learning from Megadisasters: A Decade of Lessons from the Great East Japan Earthquake

On March 11th, 2011 a Magnitude 9.0 earthquake struck off the northeast coast of Japan, near the Tohoku region. The force of the earthquake sent a tsunami rushing towards the Tohoku coastline, a black wall of water which wiped away entire towns and villages. Sea walls were overrun. 200,000 lives were lost. The scale of destruction to housing, infrastructure, industry and agriculture was extreme in Fukushima, Iwate, and Miyagi prefectures. In addition to the hundreds of thousands who lost their homes, the earthquake and tsunami contributed to an accident at the Fukushima Daiichi Nuclear Power Plant, requiring additional mass evacuations. The impacts not only shook Japan’s society and economy as a whole, but also had ripple effects in global supply chains. In the 21st century, a disaster of this scale is a global phenomenon.
The severity and complexity of the cascading disasters was not anticipated. The events during and following the Great East Japan Earthquake (GEJE) showed just how ruinous and complex a low-probability, high-impact disaster can be. However, although the impacts of the triple-disaster were devastating, Japan’s legacy of DRM likely reduced losses. Japan’s structural investments in warning systems and infrastructure were effective in many cases, and preparedness training helped many act and evacuate quickly. The large spatial impact of the disaster, and the region’s largely rural and elderly population, posed additional challenges for response and recovery.
Over recent years, the Japan-World Bank Program on Mainstreaming DRM in Developing Countries has furthered the work of the Learning from Megadisasters report, continuing to gather, analyze and share the knowledge and lessons learned from GEJE, together with past disaster experiences, to enhance the resilience of next generation development investments around the world. Ten years on from the GEJE, we take a moment to revisit the lessons gathered, and reflect on how they may continue to be relevant in the next decade, in a world faced with both seismic disasters and other emergent hazards such as pandemics and climate change.
Through synthesizing a decade of research on the GEJE and accumulation of the lessons from the past disaster experience, this story highlights three key strategies which recurred across many of the cases we studied. They are:
1) the importance of planning for disasters before they strike,
2) DRM cannot be addressed by either the public or private sector alone but enabled only when it is shared among many stakeholders,
3) institutionalize the culture of continuous enhancement of the resilience.
For example, business continuity plans, or BCPs, can help both public and private organizations minimize damages and disruptions. BCPs are documents prepared in advance which provide guidance on how to respond to a disruption and resume the delivery of products and services. Additionally, the creation of pre-arranged agreements among independent public and/or private organizations can help share essential responsibilities and information both before and after a disaster. This might include agreements with private firms to repair public infrastructures, among private firms to share the costs of mitigation infrastructure, or among municipalities to share rapid response teams and other resources. These three approaches recur throughout the more specific lessons and strategies identified in the following section, which is organized along the three areas of disaster risk management: resilient infrastructure; risk identification, reduction and preparedness; and disaster risk finance and insurance.
Lessons from the Megadisaster Resilient Infrastructure
The GEJE had severe impacts on critical ‘lifelines’—infrastructures and facilities that provide essential services such as transportation, communication, sanitation, education, and medical care. Impacts of megadisasters include not only damages to assets (direct impacts), but also disruptions of key services, and the resulting social and economic effects (indirect impacts). For example, the GEJE caused a water supply disruption for up to 500,000 people in Sendai city, as well as completely submerging the city’s water treatment plant. Lack of access to water and sanitation had a ripple effect on public health and other emergency services, impacting response and recovery. Smart investment in infrastructure resilience can help minimize both direct and indirect impacts, reducing lifeline disruptions. The 2019 report Lifelines: The Resilient Infrastructure Opportunity found through a global study that every dollar invested in the resilience of lifelines had a $4 benefit in the long run.
In the case of water infrastructure, the World Bank report Resilient Water Supply and Sanitation Services: The Case of Japan documents how Sendai City learned from the disaster to improve the resilience of these infrastructures. Steps included retrofitting existing systems with seismic resilience upgrades, enhancing business continuity planning for sanitation systems, and creating a geographic information system (GIS)-based asset management system that allows for quick identification and repair of damaged pipes and other assets. During the GEJE, damages and disruptions to water delivery services were minimized through existing programs, including mutual aid agreements with other water supply utility operators. Through these agreements, the Sendai City Waterworks Bureau received support from more than 60 water utilities to provide emergency water supplies. Policies which promote structural resilience strategies were also essential to preserving water and sanitation services. After the 1995 Great Hanshin Awaji Earthquake (GHAE), Japanese utilities invested in earthquake resistant piping in water supply and sanitation systems. The commonly used earthquake-resistant ductile iron pipe (ERDIP) has not shown any damage from major earthquakes including the 2011 GEJE and the 2016 Kumamoto earthquake. Changes were also made to internal policies after the GEJE based on the challenges faced, such as decentralizing emergency decision-making and providing training for local communities to set up emergency water supplies without utility workers with the goal of speeding up recovery efforts.
Redundancy is another structural strategy that contributed to resilience during and after GEJE. In Sendai City, redundancy and seismic reinforcement in water supply infrastructure allowed the utility to continue to operate pipelines that were not physically damaged in the earthquake The Lifelines report describes how in the context of telecommunications infrastructure, the redundancy created through a diversity of routes in Japan’s submarine internet cable system  limited disruptions to national connectivity during the megadisaster. However, the report emphasizes that redundancy must be calibrated to the needs and resources of a particular context. For private firms, redundancy and backups for critical infrastructure can be achieved through collaboration; after the GEJE, firms are increasingly collaborating to defray the costs of these investments.
The GEJE also illustrated the importance of planning for transportation resilience. A Japan Case Study Report on Road Geohazard Risk Management shows the role that both national policy and public-private agreements can play. In response to the GEJE, Japan’s central disaster legislation, the DCBA (Disaster Countermeasures Basic Act) was amended in 2012, with particular focus on the need to reopen roads for emergency response. Quick road repairs were made possible after the GEJE in part due to the Ministry of Land, Infrastructure, Transport and Tourism (MLIT)’s emergency action plans, the swift action of the rapid response agency Technical Emergency Control Force (TEC-FORCE), and prearranged agreements with private construction companies for emergency recovery work. During the GEJE, roads were used as evacuation sites and were shown effective in controlling the spread of floods. After the disaster, public-private partnerships (PPPs) were also made to accommodate the use of expressway embankments as tsunami evacuation sites. As research on Resilient Infrastructure PPPs highlights, clear definitions of roles and responsibilities are essential to effective arrangements between the government and private companies. In Japan, lessons from the GEJE and other earthquakes have led to a refinement of disaster definitions, such as numerical standards for triggering force majeure provisions of infrastructure PPP contracts. In Sendai City, clarifying the post-disaster responsibilities of public and private actors across various sectors sped up the response process. This experience was built upon after the disaster, when Miyagi prefecture conferred operation of the Sendai International Airport  to a private consortium through a concession scheme which included refined force majeure definitions. In the context of a hazard-prone region, the agreement clearly defines disaster-related roles and responsibilities as well as relevant triggering events.
For full story click here >>
[Source: World Bank]

DOE Announces $30 Million for Quantum Information Science to Tackle Emerging 21st Century Challenges

The U.S. Department of Energy (DOE) announced plans to provide $30 million for Quantum Information Science (QIS) research that helps scientists understand how nature works on an extremely small scale—100,000 times smaller than the diameter of a human hair. QIS can help our nation solve some of the most pressing and complex challenges of the 21st century, from climate change to national security. Watch this video to learn more about QIS.
“Quantum computing and devices are poised to revolutionize the way we process information and develop new technologies that are currently beyond our reach,” said Secretary of Energy Jennifer M. Granholm. “From developing novel materials to building better batteries to moving clean electricity across the country more efficiently, the field of quantum information sciences can help us accelerate discoveries to solve complex problems in energy and beyond.”
QIS helps researchers discover new ways to measure, analyze, process, and communicate information. Potential applications for this work range from quantum computers to enable complex power forecasting to prevent outages during extreme weather events, to quantum devices to enable new smart windows, clothes, and buildings that can change their properties on demand.
“Quantum information sciences have become essential tools for our National Labs to take on the challenges of the modern world,” said Senator Ben Ray Luján. “This strong investment in the Department’s NSRCs will support their cutting-edge discoveries and strengthen America’s competitiveness in this emerging field. The Nation’s future is inextricably tied to the future of our National Labs, and I will keep working to ensure that they receive the necessary resources to support their invaluable work.”
“The U.S. is a world leader in high-tech innovation and jobs. This investment will help ensure we continue to build on our record of achieving advancements in quantum computing research and development and the high-paying jobs it creates,” said Senator Steve Daines.
DOE's “Quantum Information Science and Research Infrastructure” $30 million funding opportunity is focused on developing advanced capabilities for synthesizing, constructing, and understanding quantum structures and phenomena, as well as making these capabilities available to the greater scientific community via access to DOE’s five Nanoscale Science Research Centers (NSRCs).
The five NSRCs were established by DOE's Basic Energy Sciences (BES) program in the Office of Science, and provide access to leading-edge synthesis, characterization, computational tools, and scientific expertise. Their research supports DOE's mission to advance the energy, economic, and national security of the United States.
All five NSRCs will be selected based on peer review, and eligible to lead applications for awards of up to three years. DOE’s Office of Basic Energy Sciences, which is funding the effort, envisions awards both for single NSRCs and NSRCs working in partnerships or teams.

New Major Interventions to Block Encrypted Communications of Criminal Networks

Judicial and law enforcement authorities in Belgium, France and the Netherlands have in close cooperation enabled major interventions to block the further use of encrypted communications by large-scale organised crime groups (OCGs), with the support of Europol and Eurojust. The continuous monitoring of the illegal Sky ECC communication service tool by investigators in the three countries involved has provided invaluable insights into hundreds of millions of messages exchanged between criminals. This has resulted in the collection of crucial information on over a hundred of planned large-scale criminal operations, preventing potential life threatening situations and possible victims.
During an action day, a large number of arrests were made, as well as numerous house searches and seizures in Belgium and the Netherlands.  The operation is an essential part of the continuous effort of judiciary and law enforcement in the EU and third countries to disrupt the illegal use of encrypted communications, as was already displayed last year following the successful de-encryption of the EncroChat communication platform.
As of mid-February, authorities have been able to monitor the information flow of approximately 70 000 users of Sky ECC. Many users of EncroChat changed over to the popular Sky ECC platform, after EncroChat was unveiled in 2020.
By successfully unlocking the encryption of Sky ECC, the information acquired will provide insights into criminal  activities in various EU Member States and beyond and will assist in expanding investigations and solving serious and cross-border organised crime for the coming months, possibly years.
Law enforcement in all three countries has been on a continuous stand by during the last month to be able to provide rapid reactions to possible dangerous criminal activities when required. The newly acquired information will now be analysed further
Investigations into the tool started in Belgium, after mobile phones seized during searches showed the use of Sky ECC  by suspects. Worldwide, approximately 170 000 individuals use the tool, which has its own infrastructure and applications and is operated from the United States and Canada, using computer servers based in  Europe. On a global scale, around three million messages are being exchanged each day via Sky ECC. Over 20 percent of the users are based in Belgium and the Netherlands.
Europol has and will continue to provide the authorities of Belgium, Netherlands and other affected countries with tactical, technical and financial support and will be dealing with this important flow of information on criminal activities in order to prevent threats to life and major crimes.
Eurojust has provided advice and support regarding cross-border judicial cooperation and organised 12 coordination meetings to enable this collaboration. The Agency will continue to provide this support and stands ready for further advice and cross-border operational financial support to all Member States and countries involved, to ensure an adequate cross-border judicial cooperation.
1 39 40 41 42 43 60