NewzIntel.com

Category: Military Intelligence

  • MIL-OSI USA: Benton Exhibit Honors Minnie Negoro, Pioneering UConn Ceramics Professor

    Source: US State of Connecticut

    A new exhibition at the William Benton Museum of Art celebrates the contributions of Minnie Negoro, a former professor who laid the foundation for UConn’s ceramics program, while also highlighting her journey through one of the darkest chapters in U.S. history. 

    Curated by faculty in the College of Liberal Arts and Sciences (CLAS) with help from students, the exhibition tells the story of Negoro’s life — from her forced relocation to a Japanese American incarceration camp during World War II to her lasting influence as a beloved professor and artist.  

    Hana Maruyama, assistant professor of history and social and critical inquiry in CLAS and lead curator of the exhibition, hopes it will honor Negoro’s legacy at UConn while spotlighting the importance of public history.  

    “Her former students knew she had existed, her colleagues in the art department knew she had existed, but from the Asian American studies side, that kind of institutional memory had kind of been lost,” Maruyama says. 

    Rediscovering a Forgotten Story 

    Jason Chang—head of the Department of Social and Critical Inquiry, associate professor of history, and co-curator of the exhibition— first uncovered Negoro’s story while leading the former Asian and Asian American Studies Institute. Recognizing its significance, he partnered with Maruyama and a team of scholars and artists to examine Negoro’s impact at UConn. Their research soon uncovered an unexpected discovery—this year marks 60 years since Negoro’s arrival at the University. 

    Maruyama, who studies Japanese American incarceration and had family imprisoned at Heart Mountain, quickly realized that while Negoro had a profound impact on her students and the School of Fine Arts, little had been documented in archives or other public history sources. 

    Determined to preserve that legacy, Maruyama began seeking out information from Negoro’s former colleagues and students.  

    “One year is not a lot of time to create an exhibition,” says Maruyama, who previously worked at the Smithsonian Institution. “It’s very typical for an exhibition to take five to eight years, but I just think her story is so important and hasn’t gotten the attention that she deserved.” 

    From Internment to UConn Professor  

    Just a semester away from graduating from the University of California, Los Angeles, Negoro and her family were among the 125,000 Japanese Americans forcibly removed from the West Coast and placed in incarceration camps across the U.S. in 1942.  

    Although Negoro was an art major, she didn’t learn to use a potter’s wheel until she arrived at Heart Mountain, Wyoming. There, she was one of six people hired to work at the Heart Mountain Ceramics Plant, according to Maruyama.  

    She developed her skills through a government initiative to use imprisoned Japanese Americans to produce tableware for the U.S. Army and other incarceration camps. Despite the repressive circumstances, Negoro’s training at Heart Mountain launched her career and eventually paved the way for UConn’s ceramics program.  

    Negoro was able to leave Heart Mountain through a program that permitted Japanese American students to attend colleges outside the exclusion zone. Under the guidance of one of her mentors from Heart Mountain, she pursued an MFA at Alfred University.  

    After earning her degree, Negoro ran her own ceramics studio in New York for a decade and taught at institutions such as the Rhode Island School of Design and the Chouinard Art Institute in Los Angeles before arriving at UConn in 1965.  

    “They just kept renewing her contract and eventually she got on a tenure track and the rest is history,” Maruyama says. “She taught here for the next 20-plus years.”  

    Maruyama says now, decades later, many of Negoro’s former students are still eager to share how she impacted not only their education and careers but also their lives.  

    “They are so committed to preserving her legacy,” Maruyama says. “As an educator, it was inspiring for me to hear them talk about how much she impacted their lives.” 

    Minnie Negoro demonstrates the use of the potter’s wheel to a group of students on December 5, 1967. (Courtesy of UConn Archives and Special Collections).

    Students Help Share Negoro’s Story 

    To further honor Negoro’s legacy, Maruyama involved her own students in the process of putting together the exhibit. She revamped her spring 2024 “Topics in Public History” course to have them create an initial draft of the exhibition.  

    “The students were excited to be working on something that was going to go on display,” Maruyama says. “They put their hearts and souls into it.” 

    Everett Padro ’26 (CLAS), a history major, says he’s been interested in public history since childhood.  

    I used to go to the Smithsonian because I have family members that work there,” he says. “I would just be blown away by not only the artifacts they had but how they organized and kept track of and cared for them.” 

    Padro, who is now considering a career in museum curation, was excited to learn Maruyama’s class would allow him to get some hands-on experience while also exploring the history of something close to home.  

    “It was a pleasant surprise getting to work so intimately with first-hand accounts and structuring this as a teamwork effort to create this exhibit,” Padro says. 

    According to Maruyama, students contributed to multiple aspects of the exhibit, including working on oral and digital histories, writing content, researching UConn’s special collections, and creating a social media campaign. 

    Padro appreciated the opportunity to work on his interests, choosing to work on digitally archiving old photos.  

    “I was interested to see how we can preserve and tell this story to future generations–not only who she was but how she’s relevant to the University,” Padro says. 

    A Lasting Legacy 

    The exhibit features images, artifacts, and writing that explain Negoro’s life and impact as a teacher, as well as examples of her work. It also showcases the work of alumni, many of whom credit her guidance for their success.  

    “What I find kind of incredible about her is that she also had a reputation for being a tough teacher,” Maruyama says. “She was making those undergrads do ceramics math, and ceramics chemistry. This was not just an art class. She really got into the science of ceramics and that’s not something that a lot of undergraduate ceramics programs do.” 

    The exhibit will remain on display until July 27, 2025. Maruyama hopes it will cement Negoro’s legacy at UConn while also bringing attention to the broader history of Japanese American incarceration.  

    “This history is still so personal for many of us,” she says. “Minnie Negoro’s story is about resilience, creativity, and the power of education. It’s about making sure we don’t forget.” 

     

    Minnie Negoro: From Heart Mountain to UConn, will be on display in the Benton Museum through July 2025. Hana Maruyama, Assistant Professor of History and Social and Critical Inquiry at UConn, will lead a guided tour of the exhibit on Friday, Feb. 21, 2025. 

    MIL OSI USA News

  • MIL-OSI Security: Defense News: USS Thomas Hudner (DDG 116) Deploys to Fourth Fleet

    Source: United States Navy

    Thomas Hudner will deploy to the U.S. Southern Command Area of Responsibility (USSOUTHCOM AOR) to support bilateral and multinational maritime operations with partners in the region and conduct Theater Security Cooperation (TSC) port visits.

    “The crew of the USS Thomas Hudner is proud to answer the call for presence in USSOUTHCOM AOR,” said Cmdr. Cameron Ingram, USS Thomas Hudner Commanding Officer. “Our Team is ready to ensure maritime freedom of action in the Caribbean, protect our interests throughout the region and strengthen maritime partnerships.”

    Thomas Hudner returned to Mayport, Florida after an eight-month deployment to the U.S. Naval Forces Europe – Africa area of operations, Jan. 4, 2024. Thomas Hudner was assigned to the Gerald R. Ford Carrier Strike Group (CSG). During the deployment, Thomas Hudner served as an air defense unit for the strike group off the coast of Israel, and worked closely with Allies and Partners on a variety of missions. Additionally, Thomas Hudner led a Surface Action Group comprised of Allied and Partner nations in the English Channel, designed to flex advanced Surface Warfare and Subsurface Warfare tactics.

    U.S. 4th Fleet employs maritime forces in cooperative maritime security operations in order to maintain access, enhance interoperability, and build enduring partnerships that foster regional security in the USSOUTHCOM AOR.

    USSOUTHCOM AOR encompasses 31 countries and 16 dependencies and areas of special sovereignty, including the land mass of Latin America south of Mexico, waters adjacent to Central and South America, and the Caribbean Sea. The region represents about one-sixth of the landmass of the world assigned to regional unified commands.

    U.S. Fleet Forces Command is responsible for manning, training, equipping, and providing combat-ready forces forward to numbered fleets and combatant commanders around the globe.

    MIL Security OSI

  • MIL-OSI USA: Sens. Moran, Hoeven, Shaheen, Bennet Reintroduce Legislation to Provide Educational Benefits for Air National Guard

    US Senate News:

    Source: United States Senator for Kansas – Jerry Moran
    WASHINGTON – U.S. Senators Jerry Moran (R-Kan.), John Hoeven (R-N.D.), Jeanne Shaheen (D-N.H.) and Michael Bennet (D-Colo.) reintroduced legislation to establish a permanent federal tuition assistance (FTA) program benefitting Air National Guard members. The Air Guard Standardizing Tuition Assistance to Unify the Services (STATUS) Act requires the Secretary of the Air Force to provide tuition assistance to drill-status members of the Air National Guard, consistent with the program available to the Army National Guard. The legislation is supported by the National Guard Association of the United States (NGAUS).
    “The men and women in the Air National Guard work alongside their active-duty counterparts to protect our nation and serve our communities,” said Sen. Moran. “Providing the same educational benefits to the Air National Guard that the Army National Guard receives will help increase recruitment rates and make certain our servicemembers have access to the benefits they deserve.”
    “Our Air Guard members deserve to receive the same benefits as their counterparts, both in the reserve and active duty components of the military,” said Sen. Hoeven. “Our legislation makes the Air Guard FTA pilot program that we first worked to establish in 2020 permanent and available to drill-status Guard members across the country. Doing so will ensure the Air Guard, like the Happy Hooligans in Fargo, can continue to recruit the best and brightest members to support the increasingly high-tech missions they take on in defense of our nation.”
    “Ensuring that the brave women and men serving in the Air National Guard have access to educational opportunities will not only help our recruitment and retention, but will also enhance our overall military preparedness and provide service members the benefits they deserve,” said Sen. Shaheen. “Passing our bipartisan legislation will make tuition more affordable for the Air National Guard and bring their educational benefits in line with the other service branches. Let’s get this done.”
    “Colorado is home to over 1,500 Air National Guardsmen whose dedication and sacrifice helps keep our state and country safe,” said Sen. Bennet. “Our bipartisan bill will help attract, develop, and retain members of the Air National Guard and ensure servicemembers nationwide have the educational benefits they deserve.”
    “We must take care of the servicemembers who take care of our nation. One way to show our gratitude is to invest in their future through federal tuition assistance,” said retired Maj. Gen. Francis M. McGinn, President of NGAUS. “We must equally provide for our Soldiers and our Airmen. This bill corrects a long-standing gap in National Guard benefits and will empower our Airmen to reach new heights in knowledge and skill. We thank Senators Hoeven and Shaheen for their efforts and continued support of the National Guard.”

    MIL OSI USA News

  • MIL-OSI USA: #StopRansomware: Ghost (Cring) Ransomware

    News In Brief – Source: US Computer Emergency Readiness Team

    Summary

    Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025.

    Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.

    Ghost actors rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time. Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Samples of ransomware files Ghost used during attacks are: Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

    Ghost actors use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) and gain access to internet facing servers. Ghost actors exploit well known vulnerabilities and target networks where available patches have not been applied.

    The FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Ghost ransomware incidents.

    Download the PDF version of this report:

    For a downloadable copy of IOCs, see:

    Technical Details

    Note: This advisory uses the MITRE ATT&CK® Matrix for Enterprise framework, version 16.1. See the MITRE ATT&CK Tactics and Techniques section of this advisory for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques.

    Initial Access

    The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple CVEs [T1190]. Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances (CVE-2018-13379), servers running Adobe ColdFusion (CVE-2010-2861 and CVE-2009-3960), Microsoft SharePoint (CVE-2019-0604), and Microsoft Exchange (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207— commonly referred to as the ProxyShell attack chain).

    Execution

    Ghost actors have been observed uploading a web shell [T1505.003] to a compromised server and leveraging Windows Command Prompt [T1059.003] and/or PowerShell [T1059.001] to download and execute Cobalt Strike Beacon malware [T1105] that is then implanted on victim systems. Despite Ghost actors’ malicious implementation, Cobalt Strike is a commercially available adversary simulation tool often used for the purposes of testing an organization’s security controls.

    Persistence

    Persistence is not a major focus for Ghost actors, as they typically only spend a few days on victim networks. In multiple instances, they have been observed proceeding from initial compromise to the deployment of ransomware within the same day. However, Ghost actors sporadically create new local [T1136.001] and domain accounts [T1136.002] and change passwords for existing accounts [T1098]. In 2024, Ghost actors were observed deploying web shells [T1505.003] on victim web servers.

    Privilege Escalation

    Ghost actors often rely on built in Cobalt Strike functions to steal process tokens running under the SYSTEM user context to impersonate the SYSTEM user, often for the purpose of running Beacon a second time with elevated privileges [T1134.001].

    Ghost actors have been observed using multiple open-source tools in an attempt at privilege escalation through exploitation [T1068] such as “SharpZeroLogon,” “SharpGPPPass,” “BadPotato,” and “GodPotato.” These privilege escalation tools would not generally be used by individuals with legitimate access and credentials. 

    See Table 1 for a descriptive listing of tools.

    Credential Access

    Ghost actors use the built in Cobalt Strike function “hashdump” or Mimikatz [T1003] to collect passwords and/or password hashes to aid them with unauthorized logins and privilege escalation or to pivot to other victim devices.

    Defense Evasion

    Ghost actors used their access through Cobalt Strike to display a list of running processes [T1057] to determine which antivirus software [T1518.001] is running so that it can be disabled [T1562.001]. Ghost frequently runs a command to disable Windows Defender on network connected devices. Options used in this command are: Set-MpPreference -DisableRealtimeMonitoring 1 -DisableIntrusionPreventionSystem 1 -DisableBehaviorMonitoring 1 -DisableScriptScanning 1 -DisableIOAVProtection 1 -EnableControlledFolderAccess Disabled -MAPSReporting Disabled -SubmitSamplesConsent NeverSend.

    Discovery

    Ghost actors have been observed using other built-in Cobalt Strike commands for domain account discovery [T1087.002], open-source tools such as “SharpShares” for network share discovery [T1135], and “Ladon 911” and “SharpNBTScan” for remote systems discovery [T1018]. Network administrators would be unlikely to use these tools for network share or remote systems discovery.

    Lateral Movement

    Ghost actors used elevated access and Windows Management Instrumentation Command-Line (WMIC) [T1047] to run PowerShell commands on additional systems on the victim network— often for the purpose of initiating additional Cobalt Strike Beacon infections. The associated encoded string is a base 64 PowerShell command that always begins with: powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIA… [T1132.001][T1564.003].

    This string decodes to “$s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(“” and is involved with the execution of Cobalt Strike in memory on the target machine.

    In cases where lateral movement attempts are unsuccessful, Ghost actors have been observed abandoning an attack on a victim.

    Exfiltration

    Ghost ransom notes often claim exfiltrated data will be sold if a ransom is not paid. However, Ghost actors do not frequently exfiltrate a significant amount of information or files, such as intellectual property or personally identifiable information (PII), that would cause significant harm to victims if leaked. The FBI has observed limited downloading of data to Cobalt Strike Team Servers [T1041]. Victims and other trusted third parties have reported limited uses of Mega.nz [T1567.002] and installed web shells for similar limited data exfiltration. Note: The typical data exfiltration is less than hundreds of gigabytes of data.

    Command and Control

    Ghost actors rely heavily on Cobalt Strike Beacon malware and Cobalt Strike Team Servers for command and control (C2) operations, which function using hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS) [T1071.001]. Ghost rarely registers domains associated with their C2 servers. Instead, connections made to a uniform resource identifier (URI) of a C2 server, for the purpose of downloading and executing Beacon malware, directly reference the C2 server’s IP address. For example, http://xxx.xxx.xxx.xxx:80/Google.com where xxx.xxx.xxx.xxx represents the C2 server’s IP address.

    For email communication with victims, Ghost actors use legitimate email services that include traffic encryption features. [T1573] Some examples of emails services that Ghost actors have been observed using are Tutanota, Skiff, ProtonMail, Onionmail, and Mailfence.

    Note: Table 2 contains a list of Ghost ransom email addresses.

    Impact and Encryption

    Ghost actors use Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe, which are all ransomware executables that share similar functionality. Ghost variants can be used to encrypt specific directories or the entire system’s storage [T1486]. The nature of executables’ operability is based on command line arguments used when executing the ransomware file. Various file extensions and system folders are excluded during the encryption process to avoid encrypting files that would render targeted devices inoperable.

    These ransomware payloads clear Windows Event Logs [T1070.001], disable the Volume Shadow Copy Service, and delete shadow copies to inhibit system recovery attempts [T1490]. Data encrypted with Ghost ransomware variants cannot be recovered without the decryption key. Ghost actors hold the encrypted data for ransom and typically demand anywhere from tens to hundreds of thousands of dollars in cryptocurrency in exchange for decryption software [T1486].

    The impact of Ghost ransomware activity varies widely on a victim-to-victim basis. Ghost actors tend to move to other targets when confronted with hardened systems, such as those where proper network segmentation prevents lateral moment to other devices.

    Indicators of Compromise (IOC)

    Table 1 lists several tools and applications Ghost actors have used for their operations. The use of these tools and applications on a network should be investigated further.

    Note: Authors of these tools generally state that they should not be used in illegal activity.

    Table 1: Tools Leveraged by Ghost Actors
    Name Description Source
    Cobalt Strike Cobalt Strike is penetration testing software. Ghost actors  use an unauthorized version of Cobalt Strike. N/A
    IOX Open-source proxy, used to establish a reverse proxy to a Ghost C2 server from an internal victim device. github[.]com/EddieIvan01/iox
    SharpShares.exe SharpShares.exe is used to enumerate accessible network shares in a domain. Ghost actors use this primarily for host discovery. github[.]com/mitchmoser/SharpShares
    SharpZeroLogon.exe SharpZeroLogon.exe attempts to exploit CVE-2020-1472 and is run against a target Domain Controller. github[.]com/leitosama/SharpZeroLogon
    SharpGPPPass.exe SharpGPPPass.exe attempts to exploit CVE-2014-1812 and targets XML files created through Group Policy Preferences that may contain passwords. N/A
    SpnDump.exe SpnDump.exe is used to list service principal name identifiers, which Ghost actors use for service and hostname enumeration. N/A
    NBT.exe A compiled version of SharpNBTScan, a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration. github[.]com/BronzeTicket/SharpNBTScan
    BadPotato.exe BadPotato.exe is an exploitation tool used for privilege escalation. github[.]com/BeichenDream/BadPotato
    God.exe God.exe is a compiled version of GodPotato and is used for privilege escalation. github[.]com/BeichenDream/GodPotato
    HFS (HTTP File Server) A portable web server program that Ghost actors use to host files for remote access and exfiltration. rejitto[.]com/hfs
    Ladon 911 A multifunctional scanning and exploitation tool, often used by Ghost actors with the MS17010 option to scan for SMB vulnerabilities associated with CVE-2017-0143 and CVE-2017-0144. github[.]com/k8gege/Ladon
    Web Shell A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access. Slight variation of github[.]com/BeichenDream/Chunk-Proxy/blob/main/proxy.aspx
    Table 2: MD5 File Hashes Associated with Ghost Ransomware Activity
    File name MD5 File Hash
    Cring.exe c5d712f82d5d37bb284acd4468ab3533
    Ghost.exe

    34b3009590ec2d361f07cac320671410

    d9c019182d88290e5489cdf3b607f982
    ElysiumO.exe

    29e44e8994197bdb0c2be6fc5dfc15c2

    c9e35b5c1dc8856da25965b385a26ec4

    d1c5e7b8e937625891707f8b4b594314
    Locker.exe ef6a213f59f3fbee2894bd6734bbaed2
    iex.txt, pro.txt (IOX) ac58a214ce7deb3a578c10b97f93d9c3
    x86.log (IOX)

    c3b8f6d102393b4542e9f951c9435255

    0a5c4ad3ec240fbfd00bdc1d36bd54eb
    sp.txt (IOX) ff52fdf84448277b1bc121f592f753c5
    main.txt (IOX) a2fd181f57548c215ac6891d000ec6b9
    isx.txt (IOX) 625bd7275e1892eac50a22f8b4a6355d
    sock.txt (IOX) db38ef2e3d4d8cb785df48f458b35090

    Ransom Email Addresses

    Table 3 is a subset of ransom email addresses that have been included in Ghost ransom notes.

    Table 3: Ransom Email Addresses
    Email Addresses
    asauribe@tutanota.com ghostbackup@skiff.com rainbowforever@tutanota.com
    cringghost@skiff.com ghosts1337@skiff.com retryit1998@mailfence.com
    crptbackup@skiff.com ghosts1337@tuta.io retryit1998@tutamail.com
    d3crypt@onionmail.org ghostsbackup@skiff.com rsacrpthelp@skiff.com
    d3svc@tuta.io hsharada@skiff.com rsahelp@protonmail.com
    eternalnightmare@tutanota.com just4money@tutanota.com sdghost@onionmail.org
    evilcorp@skiff.com kellyreiff@tutanota.com shadowghost@skiff.com
    fileunlock@onionmail.org kev1npt@tuta.io shadowghosts@tutanota.com
    fortihooks@protonmail.com lockhelp1998@skiff.com summerkiller@mailfence.com
    genesis1337@tutanota.com r.heisler@skiff.com summerkiller@tutanota.com
    ghost1998@tutamail.com rainbowforever@skiff.com webroothooks@tutanota.com

    Ransom Notes

    Starting approximately in August 2024, Ghost actors began using TOX IDs in ransom notes as an alternative method for communicating with victims. For example: EFE31926F41889DBF6588F27A2EC3A2D7DEF7D2E9E0A1DEFD39B976A49C11F0E19E03998DBDA and E83CD54EAAB0F31040D855E1ED993E2AC92652FF8E8742D3901580339D135C6EBCD71002885B.

    MITRE ATT&CK Tactics and Techniques

    See Table 4 to Table 13 for all referenced threat actor tactics and techniques in this advisory. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, version 16.1, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

    Table 4: Initial Access
    Technique Title  ID Use
    Exploit Public-Facing Application T1190 Ghost actors exploit multiple vulnerabilities in public-facing systems to gain initial access to servers.
    Table 5: Execution
    Technique Title  ID Use
    Windows Management Instrumentation T1047 Ghost actors abuse WMI to run PowerShell scripts on other devices, resulting in their infection with Cobalt Strike Beacon malware.
    PowerShell T1059.001 Ghost actors use PowerShell for various functions including to deploy Cobalt Strike.
    Windows Command Shell T1059.003 Ghost actors use the Windows Command Shell to download malicious content on to victim servers.
    Table 6: Persistence
    Technique Title  ID Use
    Account Manipulation T1098 Ghost actors change passwords for already established accounts.
    Local Account T1136.001 Ghost actors create new accounts or makes modifications to local accounts.
    Domain Account T1136.002 Ghost actors create new accounts or makes modifications to domain accounts.
    Web Shell T1505.003 Ghost actors upload web shells to victim servers to gain access and for persistence.
    Table 7: Privilege Escalation
    Technique Title  ID Use
    Exploitation for Privilege Escalation T1068 Ghost actors use a suite of open source tools in an attempt to gain elevated privileges through exploitation of vulnerabilities.
    Token Impersonation/Theft T1134.001 Ghost actors use Cobalt Strike to steal process tokens of processes running at a higher privilege.
    Table 8: Defense Evasion
    Technique Title  ID Use
    Application Layer Protocol: Web Protocols T1071.001 Ghost actors use HTTP and HTTPS protocols while conducting C2 operations. 
    Impair Defenses: Disable or Modify Tools T1562.001 Ghost actors disable antivirus products.
    Hidden Window T1564.003 Ghost actors use PowerShell to conceal malicious content within legitimate appearing command windows.
    Table 9: Credential Access
    Technique Title  ID Use
    OS Credential Dumping T1003 Ghost actors use Mimikatz and the Cobalt Strike “hashdump” command to collect passwords and password hashes.
    Table 10: Discovery
    Technique Title  ID Use
    Remote System Discovery T1018 Ghost actors use tools like Ladon 911 and ShapNBTScan for remote systems discovery.
    Process Discovery T1057 Ghost actors run a ps command to list running processes on an infected device.
    Domain Account Discovery T1087.002 Ghost actors run commands such as net group “Domain Admins” /domain to discover a list of domain administrator accounts.
    Network Share Discovery T1135 Ghost actors use various tools for network share discovery for the purpose of host enumeration.
    Software Discovery T1518 Ghost actors use their access to determine which antivirus software is running.
    Security Software Discovery T1518.001 Ghost actors run Cobalt Strike to enumerate running antivirus software.
    Table 11: Exfiltration
    Technique Title  ID Use
    Exfiltration Over C2 Channel T1041 Ghost actors use both web shells and Cobalt Strike to exfiltrate limited data.
    Exfiltration to Cloud Storage T1567.002 Ghost actors sometimes use legitimate cloud storage providers such as Mega.nz for malicious exfiltration operations.
    Table 12: Command and Control
    Technique Title  ID Use
    Web Protocols T1071.001 Ghost actors use Cobalt Strike Beacon malware and Cobalt Strike Team Servers which communicate over HTTP and HTTPS.
    Ingress Tool Transfer T1105 Ghost actors use Cobalt Strike Beacon malware to deliver ransomware payloads to victim servers.
    Standard Encoding T1132.001 Ghost actors use PowerShell commands to encode network traffic which reduces their likelihood of being detected during lateral movement.
    Encrypted Channel T1573 Ghost actors use encrypted email platforms to facilitate communications. 
    Table 13: Impact
    Technique Title  ID Use
    Data Encrypted for Impact T1486 Ghost actors use ransomware variants Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe to encrypt victim files for ransom.
    Inhibit System Recovery T1490 Ghost actors delete volume shadow copies.

    Mitigations

    The FBI, CISA, and MS-ISAC recommend organizations reference their #StopRansomware Guide and implement the mitigations below to improve cybersecurity posture on the basis of the Ghost ransomware activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections.

    • Maintain regular system backups that are known-good and stored offline or are segmented from source systems [CPG 2.R]. Ghost ransomware victims whose backups were unaffected by the ransomware attack were often able to restore operations without needing to contact Ghost actors or pay a ransom.
    • Patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed timeframe [CPG 1.E].
    • Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization [CPG 2.F].
    • Require Phishing-Resistant MFA for access to all privileged accounts and email services accounts.
    • Train users to recognize phishing attempts.
    • Monitor for unauthorized use of PowerShell. Ghost actors leverage PowerShell for malicious purposes, although it is often a helpful tool that is used by administrators and defenders to manage system resources. For more information, visit NSA and CISA’s joint guidance on PowerShell best practices.
      • Implement the principle of least privilege when granting permissions so that employees who require access to PowerShell are aligned with organizational business requirements.
    • Implement allowlisting for applications, scripts, and network traffic to prevent unauthorized execution and access [CPG 3.A].
    • Identify, alert on, and investigate abnormal network activity. Ransomware activity generates unusual network traffic across all phases of the attack chain. This includes running scans to discover other network connected devices, running commands to list, add, or alter administrator accounts, using PowerShell to download and execute remote programs, and running scripts not usually seen on a network. Organizations that can successfully identify and investigate this activity are better able to interrupt malicious activity before ransomware is executed [CPG 3.A].
      • Ghost actors run a significant number of commands, scripts, and programs that IT administrators would have no legitimate reason for running. Victims who have identified and responded to this unusual behavior have successfully prevented Ghost ransomware attacks.
    • Limit exposure of services by disabling unused ports such as, RDP 3398, FTP 21, and SMB 445, and restricting access to essential services through securely configured VPNs or firewalls.
    • Enhance email security by implementing advanced filtering, blocking malicious attachments, and enabling DMARC, DKIM, and SPF to prevent spoofing [CPG 2.M].

    Validate Security Controls

    In addition to applying mitigations, the FBI, CISA, and MS-ISAC recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory.

    To get started:

    1. Select an ATT&CK technique described in this advisory (see Table 3 to Table 13).
    2. Align your security technologies against the technique.
    3. Test your technologies against the technique.
    4. Analyze your detection and prevention technologies’ performance.
    5. Repeat the process for all security technologies to obtain a set of comprehensive performance data.
    6. Tune your security program, including people, processes, and technologies, based on the data generated by this process.

    Reporting

    Your organization has no obligation to respond or provide information back to the FBI in response to this joint advisory. If, after reviewing the information provided, your organization decides to provide information to the FBI, reporting must be consistent with applicable state and federal laws.

    The FBI is interested in any information that can be shared, to include logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, and/or decryptor files.

    Additional details of interest include a targeted company point of contact, status and scope of infection, estimated loss, operational impact, date of infection, date detected, initial attack vector, and host and network-based indicators.

    The FBI, CISA, and MS-ISAC do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, the FBI and CISA urge you to promptly report ransomware incidents to FBI’s Internet Crime Complain Center (IC3), a local FBI Field Office, or CISA via the agency’s Incident Reporting System or its 24/7 Operations Center (report@cisa.gov) or by calling 1-844-Say-CISA (1-844-729-2472).

    Disclaimer

    The information in this report is being provided “as is” for informational purposes only. The FBI, CISA, and MS-ISAC do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the FBI, CISA, and the MS-ISAC.

    Version History

    February 19, 2025: Initial version.

    MIL OSI USA News

  • MIL-OSI United Nations: Experts of the Committee on Economic, Social and Cultural Rights Welcome the Philippines’ Human Rights Commitments , Ask about Attacks on Human Rights Defenders, Indigenous Land Rights and Drug Use Policies

    Source: United Nations – Geneva

    The Committee on Economic, Social and Cultural Rights today concluded its review of the seventh periodic report of the Philippines, with Committee Experts welcoming the State’s human rights plans and commitments, and asking about attacks on human rights defenders, indigenous land rights and drug use policies.

    Asraf Ally Caunhye, Committee Expert and Leader of the Taskforce for the Philippines, in opening remarks, welcomed the State party’s human rights plans and commitments.

    Hesaid, however, that there had been 305 killings of human rights defenders in the Philippines since the last review. The Philippines ranked third globally for killings of human rights defenders. What measures were in place to ensure that those responsible for these crimes were prosecuted and sanctioned?

    Mr. Caunhye said indigenous peoples continued to face violations of their economic, social and cultural rights through the destruction of ancestral lands by extractive industries approved by the State. How would the State party protect the rights of indigenous peoples?

    Ludovic Hennebel, Committee Vice-Chair and Member of the Taskforce for the Philippines, asked about plans to decriminalise drugs for personal use and implement alternatives to imprisonment for drug users. What measures were in place to put an end to the “war on drugs” and to provide reparations to victims?

    Rosemarie G. Edillon, Undersecretary, Policy and Planning Group, National Economic and Development Authority of the Philippines and head of the delegation, introducing the report, said economic development, resilience building, and poverty reduction were central to the Government’s human rights agenda. From 2015 to 2023, the poverty rate dropped from 23.5 to 15.5 per cent of the population. The State was providing social protection to the most vulnerable and disadvantaged.

    There was no State policy to attack human rights defenders, the delegation said. There were remedies to address violations of the right to life, and freedom of association and assembly.

    On indigenous land rights, the delegation said the Indigenous Peoples’ Rights Act protected designated ancestral grounds and cultural heritage as “no-go zones” for development projects and emphasised free, prior and informed consent for all such projects. The Government was mapping and registering indigenous cultural assets to protect them.

    Regarding drug policies, the delegation said the Government was adopting a humanitarian approach to drug use and rehabilitation. Many drug users were treated in communities rather than in rehabilitation centres. Persons who participated in rehabilitation programmes were removed from criminal offender lists.

    In concluding remarks, Mr. Caunhye said discussions had brought to light issues that needed to be addressed to strengthen the implementation of economic, social and cultural rights in the Philippines. This information would inform the Committee’s concluding observations.

    Ms. Edillon, in her concluding remarks, said the State party was united in its goal of advancing economic, social and cultural rights. It would continue with actions that would create change and realise the economic, social and cultural rights of all citizens.

    In her concluding remarks, Laura-Maria Craciunean-Tatu, Committee Chair, thanked the delegation for participating in the dialogue and for providing comprehensive answers.

    The delegation of the Philippines was comprised of representatives from the National Security Council; the National Commission on Muslim Filipinos; the National Commission on Indigenous Peoples; the National Council on Disability Affairs; the Philippine National Police; the Department of Health; the Presidential Human Rights Committee Secretariat; the Dangerous Drugs Board; the Department of Justice; the Department of Health; the National Economic and Development Authority; the Philippine Drug Enforcement Agency; the Department of Education; the Department of Labour and Employment; the Department of Social Welfare and Development; the Department of Foreign Affairs; and the Permanent Mission of the Philippines to the United Nations Office at Geneva.

    The Committee’s seventy-seventh session is being held until 28 February 2025. All documents relating to the Committee’s work, including reports submitted by States parties, can be found on the session’s webpage . Webcasts of the meetings of the session can be found here , and meetings summaries can be found here .

    The Committee will next meet in public at 5:30 p.m. on Friday, 28 February, to close its seventy-seventh session.

    Report.

    The Committee has before it the seventh periodic report of the Philippines (E/C.12/PHL/7).

    Presentation of Report

    ROSEMARIE G. EDILLON, Undersecretary, Policy and Planning Group, National Economic and Development Authority of the Philippines and head of the delegation, said that through the Philippine Development Plan, which she led, the Government aimed to enable and empower every Philippine citizen to achieve a comfortable lifestyle and a secure future. The 1987 Constitution served as a firm foundation for the protection and promotion of economic, social and cultural rights. This foundation was reinforced by laws, policies and programmes that supported workers, promoted equitable economic participation, and provided social protection.

    The Government had put in place a plan for economic and social transformation that accelerated economic and social recovery from the COVID-19 pandemic toward a prosperous, inclusive and resilient society and achievement of the Sustainable Development Goals. Economic development, resilience building, and poverty reduction were central to the Government’s human rights agenda. From 2015 to 2023, the poverty rate dropped from 23.5 per cent to 15.5 per cent of the population. The State had been employing a multi-dimensional strategy to reduce poverty, expanding the economic pie, facilitating access by the poor to the drivers of economic growth, and providing social protection to the most vulnerable and disadvantaged. It had broad-based programmes like the conditional cash transfer programme, which benefitted over 4.4 million households. Beneficiaries were also covered by other social development programmes.

    The labour market had made a strong recovery after the pandemic. Employment figures were favourable, but there was much volatility and uncertainty in domestic and external fronts. For this reason, Congress had passed legislation that mandated a 10-year labour market development plan, which promoted a dynamic, efficient and inclusive labour market environment.

    Legislative measures had been enacted to institutionalise and expand social protection. In healthcare, the universal health care law ensured automatic PhilHealth coverage for all citizens. Family planning initiatives had prevented an estimated 774,000 unsafe abortions and 1,400 maternal deaths annually. The Mental Health Act expanded services to ensure informed consent in treatment, prohibit shackling, and provide culturally sensitive care. Ongoing efforts focused on breaking barriers such as attitudinal biases, inadequate modifications in public spaces, and employment challenges faced by persons with disabilities.

    Following disruptions caused by the pandemic, the Department of Education launched the basic education development plan 2030 and the learning recovery continuity plan to reverse learning loss. Enrolment had rebounded to 28.5 million learners in the 2022–2023 school year, surpassing pre-pandemic levels. The Government was also strengthening access to special education through policies like Department of Education order no. 44, which provided clear guidance for implementing programmes tailored for learners with disabilities.

    Free, prior and informed consent was a cornerstone of the State’s indigenous peoples’ rights. Although challenges persisted in its effective enforcement, the Philippines continued to collaborate with key stakeholders and communities to ensure that indigenous rights and sustainable development initiatives were effectively upheld. It continued to promote and safeguard the cultural integrity of indigenous peoples by conducting initiatives that highlighted traditional knowledge, practices and crafts.

    Building on these initiatives, the Government, in collaboration with civil society, had launched the fourth Philippine human rights plan, a comprehensive roadmap for protecting and promoting human rights. Its second thematic chapter focused on the country’s commitment to the Covenant, integrating human rights into national development efforts and prioritising marginalised communities. The plan was aligned with the Philippine Development Plan 2023-2028 and the Sustainable Development Goals.

    The Philippines reaffirmed its unwavering commitment to the Covenant and its principles. The dialogue with the Committee was an opportunity for introspection and growth. The Committee’s feedback and recommendations would serve as a valuable guide as the State strived to build a society where every citizen could progressively realise their economic, social and cultural rights; and no one was left behind.

    Questions by Committee Experts

    ASRAF ALLY CAUNHYE, Committee Expert and Country Rapporteur, asked about measures taken to incorporate the Covenant into the domestic legal system and to ensure the primacy of Covenant rights. In which court cases had Covenant rights been invoked? The Committee welcomed the State party’s human rights plans and commitments. What steps had been taken to ratify the Optional Protocol? 

    What system was in place to ensure that the judiciary was free from political influence? There had been 305 killings of human rights defenders since the last review. The Philippines ranked third globally for killings of human rights defenders. The existing legal institution was reportedly unable to prevent the red-tagging and killing of human rights defenders, including persons from indigenous communities and minority groups. What measures were in place to ensure that those responsible for these crimes were prosecuted and sanctioned?

    How did the Government prevent the abusive use of the Anti-Terrorism Act to restrict the activities of human rights defenders? What had barred the enactment of the bills on human rights defenders and the Human Rights Charter? How would the national human rights institution be enabled to function independently in accordance with the Paris Principles?

    Indigenous peoples continued to face violations of their economic, social and cultural rights through the destruction of ancestral lands. They were being deprived of their land management and food systems by extractive industries approved by the State. How would the State party protect the rights of indigenous peoples? What measures were in place to ensure that the National Commission on Indigenous Peoples expedited the issuance of land titles?

    What steps had been taken to ensure that free, prior and informed consent was obtained for extractive projects? What progress had been made in developing a national action plan on business and human rights? How did the State ensure that enterprises exercised due diligence when carrying out extractive activities and provided reparations for indigenous peoples affected by such activities?

    What measures were in place to implement the State’s commitments under the Paris Agreement? What resources had been allocated to addressing climate change? How was the State party addressing environmental pollution caused by extractive and logging activities?

    Despite a decline in poverty levels, 18 per cent of the population lived below the poverty line. Prevailing inequality in wealth remained high. The top 10 per cent of the population earned 45 per cent of gross national income, while the bottom 50 per cent earned only around four per cent. What measures would the State party take to eradicate poverty and support households living in poverty, rationalise fiscal policy, and introduce a progressive tax base that increased taxes for the wealthiest?

    Corruption was reportedly rampant in the police, the judiciary and other State institutions. What measures were in place to combat corruption? Were there cases in which politicians had been sentenced for corruption offences? Were there measures to allow citizens to access information held by Government bodies? Would the State party set up an anti-corruption commission or court?

    There was no anti-discrimination law in the Philippines. What steps had been taken to adopt an anti-discrimination bill? How would the State party protect vulnerable persons from discrimination? What measures had the State party taken to increase the representation of women in politics and decision-making positions, and in high income sectors of the economy? How was the State party providing childcare services to empower women to take part in the workforce?

    Responses by the Delegation 

    The delegation said the judiciary was independent and the Judicial Bar Council nominated judges independently. Justice programmes had been included in Government fiscal programmes to ensure that they were appropriately funded.

    The conditional cash transfer programme benefitted the poorest households with family members who were still in school. The poverty rate was at 15.5 per cent as of 2023. This rate had decreased thanks to State support programmes. The State party was investing in physical and digital connectivity for island provinces, which facilitated poor households’ access to growth centres.

    The Philippines was vulnerable to natural disasters. The Government was investing in disaster risk reduction and mitigation. Concerning the Paris Agreement, the State’s goals were to reduce emissions by 75 per cent, reduce dependence on fossil fuels, and increase the use of renewable energy. The Electric Vehicle Industry Development Act reduced tariffs on electric vehicles to encourage their import and use.

    The State party had specific laws on anti-discrimination in different fields. It did not have a bill on sexual orientation and gender identity, but had issued an executive order that concerned discrimination on the basis of gender preferences.

    The State party’s justice system, including the Supreme Court, and its national human rights institution, the Commission on Human Rights, effectively addressed complaints of human rights violations. There was thus no need to ratify the Optional Protocol.

    There were many non-governmental organizations in the Philippines that had expressed opposition to the current bill on human rights defenders. The State party had engaged with civil society organizations on the revision of the bill. The bill called for human rights defenders to not advocate for the violent overthrow of the Government.

    The State party was supporting the participation of women in the labour force. It had advocated for policies and legislation that allowed for nighttime work for women, safe spaces in workplaces, lengthened maternity and paternity leave and telework, and was conducting studies on inclusive work arrangements for women, youth and persons with disabilities.

    The Philippines’ Anti-Terrorism Act supported the country’s response to terrorism and safeguarded the rights of those accused of the crime. The State had issued guidelines on detentions and surveillance that ensured that persons’ rights were not violated. The Philippines’ rank in the Global Terrorism Indexhad fallen thanks to implementation of the Act. Investigations had been launched into all claims of misuse, and arrest warrants had been issued for officers who had misused the law. Enforcement of the Act was carried out with the highest level of responsibility. The State party ensured that its actions adhered to due process and the rule of law.

    The Philippines was a State party to the United Nations Convention against Corruption and had implement a national corruption prevention programme. Recently, it had hosted a regional conference on open governance and enacted a revision to the Government Procurement Act, which closed loopholes. An electronic procurement service had been launched to increase transparency. Many Government processes had been digitised, lessening opportunities for corruption.

    The Indigenous Peoples’ Rights Act protected designated ancestral grounds and cultural heritage as “no-go zones” for development projects and emphasised free, prior and informed consent for all such projects. The Government was mapping and registering indigenous cultural assets to protect them.

    The State had an indirect taxation system, as many families relied on overseas remittances for their income, which were not being taxed. The tax system punished undesirable behaviours such as the consumption of alcohol and cigarettes. Revenues from these taxes were being allocated to the health sector.

    Follow-Up Questions by Committee Experts 

    Committee Experts asked follow-up questions on measures to ensure that internally displaced persons had access to adequate food, basic housing, healthcare, education and social protection services; the status of the bill on the protection of internally displaced persons; measures other than the tax system to reduce disparities in wealth and income; steps to ensure gender parity in Government bodies; whether the State party had an implementation mechanism for recommendations issued to it by international bodies; how the State party linked climate adaptation policies with the land registration system to compensate people affected by natural disasters; how the State party could receive income from major emitters to fund climate adaptation plans; the ramifications of tax policies on economic, social and cultural rights; projects to strengthen anti-corruption bodies; and whether the State party trained judges and prosecutors on the Covenant.

    Responses by the Delegation

    The delegation said the National Commission on Indigenous Peoples was revising guidelines on the Indigenous Peoples’ Rights Act. The Commission had issued 272 approved ancestral domain titles to indigenous peoples.

    The national disaster risk reduction management framework addressed preparedness, rescue, response, recovery and rehabilitation. The State party conducted post-disaster needs assessments and tried to compensate for economic loss. A “digital locker” was being developed to allow citizens to store land titles, which would support reparation claims in cases of disasters.

    Discussions on the national action plan on business and human rights were in advanced stages. The State party sought to develop business and human rights policies that addressed specific issues related to children, indigenous peoples and environmental protection.

    The Government was interested in generating revenues from major emitters. It had developed a law that allocated resources to measuring loss and damage from climate change, which would help in this regard. The State party hosted the Loss and Damage Fund, and there were many international investments in environmental, social and governance projects in the Philippines.

    The Philippines had been recognised by the United Nations for its national recommendations tracking database. Judges were provided with training on the Covenant.

    Women parliamentary members had pushed for policies promoting women’s rights and inclusive governance. Community consultations and education programmes were in place to promote women’s participation in politics.

    The State party had proposed bills to amend taxes on passive income. It provided tax incentives to businesses that chose to operate outside of Manila.

    Questions by a Committee Expert

    SEREE NONTHASOOT, Committee Expert and Member of the Taskforce for the Philippines , expressed concerns about high levels of unemployment and informal employment in the Philippines. The informal sector provided livelihoods for about 60 per cent of the population, the majority of whom were female. What measures were in place to regularise the informal sector? The Committee was concerned about the quality of employment provided to persons with disabilities.

    What measures were in place to inspect sweatshops and to issue sanctions to employers who violated workers’ rights? What measures were in place to address workplace harassment and gender-based violence. Who was excluded from the social security system? It reportedly did not cover persons in street situations.

    There was significant variation between minimum wages in the capital and other regions. How did the State party support adequate living and working standards outside the capital? Did workers who were not paid minimum wages have access to a complaints mechanism? There had been a significant increase in child labour in the State party. How was this being addressed?

    The Committee was concerned by reports of red-tagging and killing of trade union workers. How was the Government promoting freedom of association? What was the role of relevant agencies in protecting trade union rights and the right to strike?

    Responses by the Delegation

    The delegation said the unemployment rate for 2023-2024 was 4.3 per cent. The rate quickly recovered after the pandemic. The State party had determined that less than 40 per cent of workers were in the informal sector. It was developing policy recommendations related to protecting the rights of informal sector workers and revising occupational safety and health standards to protect against accidents. The State was expanding opportunities for skills training and upskilling to help citizens increase their employability. There was a policy and regulatory framework in place to protect the rights of workers in the “gig economy”.

    The Government was encouraging investment outside of the capital. It conducted consultations and examined trends in real wages before setting regional minimum wages. Setting a standard minimum wage for the entire State would discourage businesses from investing in remote provinces.

    There was no State policy to attack human rights defenders. There were remedies to address violations of the right to life, and freedom of association and assembly. The Government rejected the word red-tagging due to the absence of such a policy.

    The “Reach Out” programme aimed to reach out to families in street situations, welcoming them in temporary shelters. Abandoned children were placed in foster families. Over 2,000 individuals had benefitted from the programme in 2023.

    The National Commission against Child Labour had inspected over 10,000 establishments in 2020, identifying violations of child labour laws. Many children identified as labourers were provided with educational materials and support. Family cash transfer programmes included seminars for parents which discouraged child labour. Parents who engaged their children in child labour could be taken off the programme.

    The Government was providing training for persons with disabilities to help them pass eligibility requirements for public sector jobs. It also conducted skills matching to help persons with disabilities access work in the private sector.

    Follow-Up Questions by Committee Experts

    Committee Experts asked follow-up questions on whether regional minimum wages were indexed and reviewed regularly; the role of the Government in protecting Filipino national migrant workers overseas; the number of labour inspections conducted annually; whether the Commission on Human Rights received complaints from workers; whether the State party would adopt policies mandating businesses to adopt diversity and inclusion regulations; plans to revise the Labour Code to remove barriers to forming and joining trade unions; and disaggregated data collected on persons not in employment, education or training.

    Responses by the Delegation

    The delegation said the Government considered regional poverty lines when setting provincial minimum wages. This was a starting wage, and the Government was supporting workers to receive higher wages.

    The State party had created a Department of Migrant Workers, which protected the rights of national migrant workers overseas. The Department was forming bilateral agreements with other countries to protect migrant workers from abuse. Several thousands of workers had been repatriated during the pandemic, many of whom had received assistance. Their children were provided with scholarships.

    Collecting data on persons not in employment, education or training was a goal of the Philippine Development Plan. There were special employment programmes for students and alternative learning systems in place to reduce the number of such persons.

    The State party had intensified efforts to identify and prevent child labour. More than 50,000 child labourers had been provided with necessary services and more than 30,000 child labourers had been removed from labour.

    The Philippines had several thousands of trade unions and workers’ associations with over four million members in total. The State engaged in dialogue with the International Labour Organization regarding incidents in which workers were killed or disappeared, and had adopted measures to prevent such incidents in the future. A committee had been formed to investigate these cases, and investigations into several cases had been concluded.

    In 2023, the State party had inspected more than 400,000 establishments to ensure they complied with health and safety standards.

    Questions by a Committee Expert

    LUDOVIC HENNEBEL, Committee Vice-Chair and Member of the Taskforce for the Philippines , asked about progress made in implementing recommendations from other treaty bodies on polygamy. What measures were in place to reform divorce procedures? 

    Had the State party received complaints regarding the violation of children’s rights during conflict or on the recruitment and use of children in armed conflict? What sanctions were imposed for persons who forced children to work? How was the State party preventing sexual and online exploitation of children, and supporting birth registration for children from indigenous and Muslim communities? What measures were in place to protect victims of rape and to repeal laws allowing perpetrators to avoid punishment by marrying victims?

    How did the State party promote equal access to civil unions for members of the lesbian, gay, bisexual, transgender and intersex community and protect the bodily integrity of intersex persons?

    How were people in the informal sector supported to access housing? What measures were in place to prevent evictions? How did the State party promote access to health for vulnerable groups, to mental health care in rural areas, and to emergency contraception and post-abortion care? How did it promote education on sexual and reproductive health for rural and young people?

    Was the State party planning to decriminalise drugs for personal use and implement alternatives to imprisonment for drug users? What protection was in place to prevent stigmatisation and criminalisation of persons receiving treatment for drug addiction? What measures were in place to put an end to the “war on drugs” and to provide reparations to victims of the war?

    Responses by the Delegation

    The delegation said the Philippines recognised several types of contractual employment, including for work performed outside the employer’s facilities and independent contractors. These workers were able to file complaints with the Government in cases of violations of labour rights.

    A law on agrarian emancipation had freed 6,000 farmers from debt. The State was also implementing agricultural support programmes. The area under the Verde Island Passage would be declared as a protected area, and the State would allocate resources to protecting the area. The State’s Blue Economy Bill would mandate policies for managing marine and coastal resources. The State party had also enacted a law on seafarers’ rights.

    The natural disaster risk reduction and management act regulated support for persons displaced by natural disasters. Such persons could access State-funded shelters. The Government continued to provide support to persons displaced by the 2017 Marawi siege. The Marawi Compensation Board ensured tax-free compensation for housing and property lost during the siege. The State also provided livelihoods, healthcare and educational support for victims.

    The Executive Branch had been advocating for a law on freedom of information, which would be passed soon. A freedom of information programme had been established to grant public access to official, non-confidential documents of public concern. A witness protection programme was also in place. The Anti-Red Tape Authority promoted transparency in Government operations, while the Ombudsman acted on confidential complaints of corruption. Punitive actions for corruption offences were severe.

    In State law, polygamy was illegal, and bigamy was a criminal offence. However, Muslim men with financial ability and their wives’ permission could marry multiple wives under traditional law, which also mandated divorces.

    The Philippines advocated for the protection of children in armed conflict. It had ratified the Optional Protocol to the Convention on the Rights of the Child on the involvement of children in armed conflict. Members of the Armed Forces under the age of 18 did not take part in combat. When violations occurred, investigations were carried out. However, the New People’s Army continued to recruit children. There were over 500 documented cases of this terrorist group’s use of children. The Government continued to exert efforts to ensure that schools were not used to exploit children.

    The State was strengthening efforts to address adolescent pregnancy through the implementation of comprehensive sexuality education and referral networks to reproductive health facilities. Over 100 schools were implementing the education programme, and over 1.1 million leaners had participated. Behavioural change materials had also been developed for schools and health facilities.

    The Philippines remained a prime target for online sexual abuse of children. Legislation had been implemented in 2022 to penalise all forms of online abuse of children. State agencies were cooperating to identify perpetrators.

    The Government was collecting data on malnutrition and stunting. Stunting in children under five had decreased from 33 per cent in 2018 to 23 per cent in 2024.

    Housing had been declared as a national concern by the current Government. The national housing programme had provided an average of 35,000 social housing units per year in recent years. Around 75,000 housing units had been provided to persons living in areas vulnerable to natural disasters and to indigenous peoples.

    The Government was adopting a humanitarian approach to drug use and rehabilitation. The drug clearing project sought to take away drugs from the people and discourage people from using drugs. Rehabilitation support was provided to drug users. Over 60 per cent of regions had been declared “drug cleared”, and over 40 per cent “drug-free”.

    Follow-Up Questions by Committee Experts

    Committee Experts asked follow-up questions on the passage of the extrajudicial killing bill and its relationship with the State drug policy; whether police were prohibited from reporting drug-related deaths to the media; whether detentions of drug users were voluntary; how the State supported people with drug-use records, who were criminalised, to access the work market; issues with the coverage of social security and nutrition programmes; measures to expedite agrarian reform to address high levels of poverty among farmers; measures to protect small-scale fishers from large-scale fishing businesses; indicators to assess multi-dimensional poverty and inform policies to tackle poverty; measures to support and protect the children of overseas workers from domestic abuse; how the energy market was regulated to make access to energy affordable; the impact of the prohibition of abortion on maternal mortality rates and measures implemented to respond to treaty bodies’ recommendations on increasing access to pre- and post-natal care services; and measures to legalise abortion in cases where there was risk to the health of the mother.

    Responses by the Delegation

    The delegation said there were several programmes supporting children in their first 1,000 days of life, including conditional cash transfers. Health workers were provided with training on caring for newborns and there were pre- and post-natal care programmes in place.

    The Philippines was an early adopter of a multidimensional poverty index, which helped to identify areas in which increased support was needed. A community-based monitoring system had been set up to collect data on multidimensional poverty.

    The State party had observed that for families with mothers who migrated overseas, grandparents typically cared for children and family circles also provided support. The Government had instructed teachers on identifying evidence of domestic abuse. Migrant workers were required to develop financial plans before leaving the country. The reintegration programme was being strengthened to help returning migrant workers.

    The State had reached 100 per cent electrification of rural regions, and was now working to address pockets of households that did not have electricity, supporting their access to renewable energy.

    Maternal deaths had been steadily decreasing in recent years. The Government was continuing to strengthen maternal and newborn care programmes, including by upskilling birthing nurses and reducing unsafe abortions.

    The State party prevented commercial fishers from fishing in waters reserved for municipal fishers and spawning grounds. The Clean and Healthy Oceans Programme aimed to reduce illegal and unregulated fishing by improving compliance with regulations. Programmes were in place to develop aquatic parks to support small-scale fishers, who could also access support for livelihoods and fishing tools.

    Questions by a Committee Expert

    LAURA-MARIA CRACIUNEAN-TATU, Committee Chair and Member of the Taskforce for the Philippines , commended the State party on the constant increase in the budget allocated to education, which had reached 3.2 per cent of gross domestic product. However, this was well below the United Nations’ recommendation of at least four per cent of gross domestic product. Were there further plans to increase the education budget? The Philippines’ global ranking in terms of quality of education was in the bottom 25 of 172 nations, the lowest score in Asia. What measures were envisioned to increase access to quality education for all?

    The State party had put in place a five-year development plan for children with disabilities, which ended in 2019. What results were achieved by the plan and what measures were in place to address limited access to education for children with disabilities and indigenous children? In one region, 56 per cent of children were not attending school. What measures were in place to address this issue? What measures were in place to address the impact of COVID-19 lockdowns on access to education? How was the national policy framework on schools as zones for peace implemented? Legislation had been implemented that discontinued mother tongue education for minority groups. What was the rationale behind the adoption of this law?

    There was increasing disparity in access to the internet across different regions. What measures were in place to improve access to the internet for poor households and regions?

    Responses by the Delegation 

    The delegation said that the Constitution mandated that education needed to be given priority in the budget. Overall spending on education amounted for around 5.5 per cent of gross domestic product. The State party had made kindergarten education compulsory and extended compulsory education by two years, and the curriculum had been revised recently to improve education quality. The Government was working to address the inadequate supply of textbooks and computers in schools through decentralisation. The Philippines had over 100 languages and it was difficult to develop learning materials in each of these languages. The State thus decided to discontinue mother tongue language instruction and standardise English as a medium of instruction from grade five.

    The State party was also working to address the impact of the COVID-19 pandemic on learning outcomes. Recently, legislation had been passed on remedial education. During the pandemic, the Government adopted learning continuity plans to support access to education through online and broadcast education.

    The Government had implemented many measures to manage culturally sensitive education in Muslim and indigenous communities. Education on peace and conflict resolution was being promoted, and the State party was working to repair schools damaged by conflicts. The Government promoted the concept of schools as zones of peace in conflict-affected areas such as Mindanao. Local governments and security forces contributed to protecting schools in peace zones from being used in military activities through measures such as school escorts. The Government continued to provide psychosocial support for children affected by armed conflict.

    The indigenous education programme promoted quality, culturally relevant education for indigenous peoples. It had been implemented in over 3,000 schools. Over 75 indigenous languages were used in instruction, and an additional 4,000 teachers, 95 per cent of whom were indigenous, had recently been hired to provide education to indigenous children.

    The Government was working to improve access to education and healthcare for children with disabilities. Legislation mandating inclusive education for children with disabilities had been adopted and disability support officers had been established in educational institutions.

    The State party had improved the policy and regulatory framework on internet access. The national fibre-optic cable network was being expanded to southern regions. The State party was collaborating with Starlink to allow southern provinces to access the internet via satellites. Telecommunications companies were provided with incentives to operate in the Philippines, and wi-fi access points were being set up in schools and public places.

    The State’s campaign against illegal drugs was now geared towards rehabilitation and reintegration of drug users. The House of Representatives had investigated extrajudicial killings occurring in the context of the war on drugs and the Government had decided to amend the Penal Code to increase penalties for extrajudicial killings.

    Follow-Up Questions by Committee Experts

    Committee Experts asked follow-up questions on how the State party promoted education in Spanish and Arabic; the results of the education programme on Islamic values; how the State party protected the expression of indigenous culture and indigenous cultural sites; whether indigenous leaders participated in creating policies impacting their communities; legal and administrative provisions to protect indigenous languages; the number of legal cases invoking economic, social and cultural rights in which reparations had been granted for violations; the role of the Commission of Human Rights in investigating complaints from workers and places of detention; how the State party would protect fishing zones for small-scale fishers; measures for reducing threats and attacks against human rights defenders; plans to decriminalise abortion; and measures to protect the lesbian, gay, bisexual, transgender and intersex community.

    Responses by the Delegation

    The delegation said there were schools in Mindanao that provided Arabic and Islamic education. Education in Spanish and Arabic was an option in mainstream schools. Four-year courses on Arabic teaching were provided in local universities.

    There was no legal framework on cultural misappropriation, but the Government was working to protect intellectual property rights by registering the cultural assets and expressions of indigenous peoples. Indigenous communities needed to be consulted regarding all projects and policies affecting them. Indigenous leaders were included in local development councils.

    Courts had cited the Covenant in decisions upholding standards of living and access to economic, social and cultural rights, including in cases in which remedies were granted for environmental harm caused by mining operations. There needed to be a new Charter governing the mandate of the Commission on Human Rights, which had traditionally focused on civil and political rights but was recently working to promote economic, social and cultural rights.

    Court cases were underway into violations of regulations on fishing zones by commercial fishers. The Government protected the rights of legitimate environmental defenders. Protection of the environment was included as a pillar of the national security policy.

    The State party had pivoted to a community-based approach to illegal drugs. Many drug users were treated in communities rather than in rehabilitation centres. Persons who participated in rehabilitation programmes were removed from criminal offender lists, but not drug user lists.

    The State party had not yet developed a comprehensive bill on the rights of internally displaced persons. Persons affected by the Marawi siege had been provided with access to water and electricity, and reconstruction efforts were ongoing in affected areas.

    The State had created a committee on lesbian, gay, bisexual, transgender and intersex affairs, which was developing policies and programmes to promote equality and inclusion of the community. The Constitution and various State legislation prohibited discrimination based on sexual orientation and gender identity. The police had formulated a gender sensitivity programme to ensure protection of this community.

    Pre-natal checkups were provided free of charge in primary health facilities, and mobile clinics provided maternal health services in isolated areas. The Government, while maintaining the prohibition of abortion, had taken measures to ensure quality post-abortion care was provided without stigmatisation.

    Closing Remarks

    ASRAF ALLY CAUNHYE, Committee Expert and Country Rapporteur for the Philippines , said the dialogue had been fruitful and constructive, addressing a range of issues confronting the Philippines. Discussions had brought to light issues that needed to be addressed to strengthen the implementation of economic, social and cultural rights, and would inform the Committee’s concluding observations. Mr. Caunhye expressed thanks to all persons who had contributed to the dialogue.

    ROSEMARIE G. EDILLON, Undersecretary, Policy and Planning Group, National Economic and Development Authority of the Philippines and head of the delegation, thanked the Committee for the dialogue. The State party was united in its goal of advancing economic, social and cultural rights. The President had a clear vision for national development that focused on improving access to all economic, social and cultural rights. The State party would continue with actions that would create change and realise the economic, social and cultural rights of all citizens.

    LAURA-MARIA CRACIUNEAN-TATU, Committee Chair , thanked the delegation for participating in the dialogue and for providing comprehensive answers. In some instances, additional data would have been appreciated. Human rights mechanisms were not mutually exclusive; they all served to enhance protections of rights holders. The Committee thanked civil society organizations for submitting information to the Committee and called for further cooperation between civil society and the Government.

    __________

    Produced by the United Nations Information Service in Geneva for use of the media; 
    not an official record. English and French versions of our releases are different as they are the product of two separate coverage teams that work independently.

     

    CESCR25.006E

    MIL OSI United Nations News

  • MIL-OSI Europe: President Calviño’s interview with the Süddeutsche Zeitung

    Source: European Investment Bank

    Interview by Matthias Kolb and Alexander Mühlauer (Süddeutschen Zeitung)

    Nadia Calviño is President of the European Investment Bank (EIB), the largest promotional bank in the world. On behalf of the EU Member States, it is tasked with ensuring stability through investments within and beyond the European Union. So it’s little wonder that the former Deputy Prime Minister of Spain would attend the 61st Munich Security Conference. Shortly before the event, Calviño visited Ukrainian President Volodymyr Zelenskyy in Kyiv, signing investment agreements totalling around  €1 billion. Before beginning her interview with the Süddeutsche Zeitung, the 56-year-old wanted to get one thing straight, right from the start: Europe must realise that we are at a turning point in history.

    Something seems to have ruptured between the United States and the European Union. Trump is talking with Putin about the future of Ukraine, without the EU at the table. The US Secretary of Defense says that America will no longer guarantee security in Europe. And US Vice President J.D. Vance says the greatest risk for Europe is not Russia or China, but the alleged internal threat to freedom of expression. How shocked are you by this?

    Calviño: I’m not shocked, or even surprised. I was certain we would see a fundamental change in transatlantic relations. We Europeans need to remember where our strengths lie, stand up for our interests and defend the rules-based world order from which we have benefited so richly over the past 80 years. And the Americans even more so.

    Isn’t the new US government threatening to destroy this world order?

    I am convinced that good transatlantic relations are strategically important for both sides. We must work to create a new foundation for them. In such turbulent times, it is more important than ever for Europe to stand for stability and reliability – not just within our own borders, but also for the rest of the world. That Europe should do even more to uphold a rules-based world order is something I hear often from our partners across the globe.

    But again, do the United States pose a risk to the global order?

    It is in their interest to preserve the things that have made America great. Institutions like the World Bank, the International Monetary Fund or the World Trade Organization, which we founded together. That’s one reason the US dollar is a global reserve currency. There are many win-win situations to be had from working together, and with Europe. But the most important thing is for us to accept that the world of tomorrow is very different from the world of yesterday.

    “We are at a turning point in history.”

    The European Investment Bank is the world’s largest promotional bank. As its president, what can you do to help Europe stand the test of time in this new world?

    We are at a crucial moment in history. And at a turning point in the geopolitical order. The future will depend on the decisions we make today, and every decision counts.

    What does that mean exactly?

    Since I joined the EIB as president in 2024, I have held talks with all 27 EU Member States and our European and international partners, but also with civil society and industry. For the first time, we have set out a clear Strategic Roadmap. 2024 was a record year for us, in which the EIB signed €89 billion in financing to strengthen Europe’s competitiveness and security. These funds will go, for example, to energy infrastructure and renewable projects, to new technologies like artificial intelligence or quantum computers, and to supporting the transport and automotive industries. In 2024, we invested a record amount in energy networks. We also doubled our support for security and defence – to €1 billion – and we expect to double it again in 2025.

    At the Munich Security Conference, we kept hearing the question of where Member States could get the many billions of euros they would need to invest in their armies, including under pressure from Trump. Are they all coming to you now?

    Ursula von der Leyen has already proposed relaxing the rules under the Stability Pact so that EU countries can finance their defence spending. Olaf Scholz has similar ideas. The EIB is not a defence ministry, but there is a lot we can do to help in this area. For example, if Member States want to renovate their roads and bridges to improve military mobility, we can fund that, just like we can fund protection of critical infrastructure like submarine cables, or investments in cybersecurity. We are doing this, and are exchanging with Europe’s finance and defence ministries and with industry.

    What is the EIB financing in Germany in this domain?

    We are currently looking into 14 specific projects across Europe. In 2021, for example, we granted the Munich-based drone startup Quantum Systems a loan of €10 million. Their products are now used by the Ukrainian military, and have both civilian and military applications, so they can be supported by the EIB. The Lithuanian government has just applied to us with a proposal that we are now evaluating. It seeks financial assistance to build the base for the new German army brigade in Rūdninkai, near the border with Belarus.

    Soon 5 000 German soldiers will be permanently stationed in Lithuania, as a deterrent to Russia. Cost projections by the German Defence Ministry for this brigade are over €10 billion. Lithuania would like to invest around €1 billion in the new base. How much money could come from the EIB?

    This is a very important and demanding project, and we’ve only just started looking into the details. Another good example is the EIB support for the expansion of the Danish port in Esbjerg. Going forward, it will be better able to accommodate NATO vessels and the transport of materials for offshore wind farms.

    You just came from a visit to Ukraine. How is the EIB supporting that country?

    The trip to Ukraine was my first one outside the EU as EIB President. We are probably Ukraine’s most important investment partner, and our role is one that our partners value greatly. During my visit, we signed agreements for investment totalling around €1 billion. They will allow major Ukrainian banks to grant more loans to medium-sized companies. And with the country’s government, we have signed packages to finance infrastructure for energy, transport, water and district heating, as well as the construction of bunkers in schools and nurseries. So we are actively investing in all of the important areas for the Ukrainian people to lead normal lives, as far as possible. And, of course, we aim to strengthen the country’s resilience.

    Are you also supporting Ukraine’s defence industry?

    We support the European security and defence industry, which also helps Ukraine. In 2024 we expanded the dual-use approach, so that we can now support a wide range of projects, such as border security, cybersecurity, satellites and drones, and mine clearance.

    The CEO of the Italian arms company Leonardo recently told our reporters that Europe has one main problem: Member States spend more and more money on defence, but don’t work together enough. Is he right?

    It is clear that a common European procurement system would make us stronger and more efficient, especially when it comes to our flagship projects. And yes, I think the European Investment Bank can contribute by acting as an independent appraiser for projects. In 2024, to bring in top expertise, we signed agreements with the NATO Innovation Fund and the European Defence Agency so that we can draw on their technical knowledge in this regard.

    Is there any dispute at the EIB due to differing positions on Ukraine, with member countries like Hungary or Slovakia that have pro-Moscow governments?

    No, not at all.

    “I would never presume to tell a Member State what to do.”

    So you are president of one of the only EU institutions that aren’t divided?

    I told you that I visited the 27 Member States, and listened very carefully to them. On that basis, we drew up our strategy, which was unanimously supported. We are therefore well aligned with the EU priorities and the expectations of the Member States. There is strong support for what we are doing. Including in Ukraine.

    When it comes to Europe’s future, one word always comes up: competitiveness. What does Europe need to do to avoid falling even further behind the US and China economically?

    The different reports, for example by Enrico Letta and Mario Draghi, are quite unanimous: We need market integration, streamlining and investment. So what we need to do is clear. And I think the new Commission is willing to go in that direction. On streamlining, for example, we have teamed up with the Commission to adapt environmental reporting standards so that we can pursue the Paris Agreement and our green transformation objectives in a way that promotes the competitiveness of European industry, as well as green finance and green investment.

    How optimistic are you that Europe will finally begin to react more quickly and actually make decisions? With the capital markets union, we’ve been waiting ten years for things to finally happen. And that’s just one example of many.

    As Spain’s Minister of Finance and its Deputy Prime Minister, I saw lots of things. The euro area crisis, the COVID-19 pandemic. And I have seen how Europe can succeed: Together, we developed the vaccines, and we dealt with the crisis. With the NextGenerationEU package, Spain has made some very far-reaching reforms and, thanks to mobilising investment, it is now the best-performing economy in Europe and a driver of growth and prosperity on the continent. We succeed when we unite, act decisively, truly focus and bring all our energy together.

    In contrast to Spain and other countries, Germany’s economy has been hit hard. Many experts see the debt brake as an obstacle to further growth. What does Germany have to do for things to start looking up again?

    I would never presume to tell a Member State what to do. I simply wish for a strong Germany with a stable, pro-Europe government – because we need a strong Germany at the centre of our union.

    MIL OSI Europe News

  • MIL-OSI Asia-Pac: CDS Gen Anil Chauhan visits Rashtriya Indian Military College

    Source: Government of India (2)

    CDS Gen Anil Chauhan visits Rashtriya Indian Military College

    Gen Anil Chauhan urges Cadets to embrace Technological Advancements, Strategic Thinking, & Adaptability to meet Future Security Challenges

    Posted On: 19 FEB 2025 7:20PM by PIB Delhi

    Chief of Defence Staff Gen Anil Chauhan visited the Rashtriya Indian Military College on 19 February 2025, reaffirming the institution’s pivotal role in shaping the future leadership of the Indian Armed Forces. Gen Chauhan was received with full military honours and accorded a warm welcome by the Commandant, faculty and cadets of RIMC. During his visit, he interacted with cadets and faculty, gaining insights into the carefully structured training, academic curriculum, and leadership development programs at the institution.

    In his address, Gen Chauhan lauded RIMC’s legacy of producing distinguished military leaders and emphasized the values of discipline, integrity, and service to the nation. He appreciated the institution’s commitment to integrating modern education with military traditions, ensuring that cadets are well-equipped for future challenges. Highlighting the evolving nature of warfare, he urged cadets to embrace technological advancements, strategic thinking, and adaptability to meet future security challenges.

    The CDS also visited the Somnath Resource Centre & Museum, which showcases RIMC’s rich history and the contributions of its illustrious alumni to the nation. General Chauhan took keen interest in the exhibits, reflecting on the role of RIMC-trained officers in various military operations. As a mark of commitment to growth and resilience, General Chauhan planted a tree on campus. The visit concluded with cadets expressing gratitude for his inspiring words and reaffirming their dedication to upholding the values and traditions of RIMC.

    The visit of the Chief of Defence Staff reinforced RIMC’s standing as a premier institution dedicated to grooming future military leaders and instilling in them an unwavering spirit of service and patriotism.

    SR/Anand

    (Release ID: 2104807) Visitor Counter : 20

    MIL OSI Asia Pacific News

  • MIL-OSI Economics: 3 ways to improve access to justice through court modernization

    Source: Microsoft

    Headline: 3 ways to improve access to justice through court modernization

    The legal maxim that “justice delayed is justice denied” has long been a rallying cry to encourage judges and courts to operate more efficiently. If legal redress or fair relief are potentially available to an injured party but aren’t promptly provided or supported, that is effectively no remedy at all. Today, the need for accessible and fair judicial systems is at least as relevant as when William Penn voiced it back in the seventeenth century. Fortunately, technology is playing a key role in helping to realize the vision and improve access to justice.

    Worldwide, courts are contending with growing pressures that threaten to bog down judicial processes and erode trust in the judiciary. Antiquated case management systems, critical data stuck in silos, and public demand for digital means of participating in justice contribute to the urgency to find new solutions that are cost-effective and adequately cyber-secure.

    Innovative courts are already busy modernizing systems and taking early steps with generative AI technologies. At Microsoft for government, we help courts and judicial organizations maintain trust within their communities through solutions that transform operations and help to increase fairness, accountability, and transparency. Let’s have a look at some important benefits of court modernization, including a new way for courts to experiment with AI innovation in a safe and productive fashion.

    Explore public safety and justice capabilities

    Better access to justice in 3 key areas

    The adoption of cloud technologies typically has an almost immediate impact in terms of power, scalability, and flexibility. Modernizing tools and systems can further deliver new capabilities that help improve access to justice. Among these:

    1. Streamline court operations

    Courts function better with a more empowered workforce, and modernization makes it possible to quickly realize significant gains in efficiency. For example, by simply adopting Microsoft 365 copilot, 70% of users surveyed across industries reported being more productive and able to focus more on high-value activities and creative work.1

    Even greater benefits are gained by cloud solutions that bring together vast stores of data. Courts are often supported by aging legacy systems that hold data in disconnected silos, making it difficult, if not impossible, to integrate it all. For example, the Orange County Superior Court (OCSC) managed three disparate case management systems (containing more than 70 million paper files), which created serious inefficiencies. So, they integrated it all into a single data warehouse on Microsoft Azure, and realized new benefits in decision making and improved operational efficiency, as well as setting the stage for greater innovation.

    Case management systems are especially being transformed by modernization. Courts are moving away from expensive, limited legacy systems to modern solutions that speed up case processing, help judges access necessary information faster, and even increase the capacity of caseloads. Cloud-based case management systems can also fundamentally change how people interact with courts. For example, the Alabama Appellate Courts System developed a hybrid cloud solution that allowed 6,000 Alabama licensed lawyers to access information and file motions with no need to physically travel to any of its three courts.

    2. Improve everyday access to justice

    Trust in the court is central to justice, but for many people, the cost and friction involved in legal proceedings is high and the results are not always satisfactory. Modernization can help ease the burden with new services and capabilities that are user friendly and engage the public.

    Remote access to court proceedings is a profound benefit of modernization, making it faster, easier, and less expensive for people to participate. Widely adopted during the pandemic, remote hearings with Microsoft Teams are now being enhanced with generative AI features that can do things like generate unofficial transcripts or session recaps.

    The Teams experience can also be expanded to provide additional services. For example, the Federal Regional Court of the 1st Region (TRF1) in Brazil improved access to the court with a new Virtual Support Desk—an integrated online service platform within Teams that offers easy access to important judicial services for people across Brazil. It also provides a personalized work hub for court service agents, giving them access to real-time engagement analytics, proactive notifications, and service governance indicators.

    Modernization is also helping people to better navigate the legal system. Easy to use digital tools can provide guidance in legal processes, assist with document preparation, and help find important resources. Virtual assistants and chatbots can help people understand legal terms, access case information, and represent themselves in litigation in areas such as family law. Translation and transcription capabilities can also be included to make these services even more accessible.

    3. Enhanced experiences through new services

    Innovation with generative AI and advanced cloud services is still evolving for courts, but the early benefits give us a glimpse of how significantly courts will be transformed in the months and years to come.

    Many of the benefits listed above will accelerate dramatically as more courts invest in modernization. For individuals, AI-enabled online portals and mobile applications will provide easier access to case information, explain options, and answer questions about legal processes—providing support that even court staff cannot always offer due to legal restrictions.

    For judges and court staff, modernization promises faster processing of cases, with solutions that speed up administrative tasks, reduce delays caused by paperwork errors, and improve the filing of legal documents. AI can automate the extraction, categorization, and organization of information from documents such as invoices, contracts, and emails.

    Generative AI is increasingly also being integrated into legal workflows to automate tasks like tagging and classification. This promises to advance a key industry initiative called SALI (Standards Advancement for the Legal Industry, in which Microsoft is a participant), that is creating a standardized way to define and document legal matters. By automating tagging and classification of documents (commonly done by hand), AI can help SALI achieve its mission to benefit legal professionals and their clients by fostering innovation and efficiency in legal workflows.

    A low risk way to explore AI innovation in the court

    Many courts are understandably cautious about involving their critical data and systems in innovation with new technology such as AI. That’s why Microsoft endorses an important new initiative called the AI Sandbox, by the National Center for State Courts (NCSC).

    The AI Sandbox helps leaders in judicial organizations explore generative AI and learn how it can improve productivity, efficiency, and citizen service. Designed to serve the needs of courts across geographies, the AI Sandbox lets judges and court staff experiment with generative AI in a secure private cloud environment built on Azure. It supports the development of use cases such as drafting court orders, creating job descriptions, providing legal information, and much more. Best of all, it’s easy to use via the NSCS portal (no travel required).

    To get started, visit the NCSC AI sandbox website.

    Advancing your modernization journey

    Whether it’s the AI Sandbox or early experimentation with Microsoft 365 Copilot, the path to modernization is unique for every court. There are some fundamental elements that every organization will eventually need in order to realize the complete benefits of AI:

    • A cloud platform like Azure delivers proven scalability, security, and compliance.
    • A data and AI platform like Microsoft Fabric provides a common way to reason over your data.
    • A development platform like Azure AI Foundry lets you build world-class AI-native applications.

    Improving access to justice through technology is a long-term journey, but one that delivers benefits early and often. It’s important to define your goals, take a strategic approach, and choose a technology partner who will be with you every step of the way.

    Learn more

    To see how Microsoft is empowering court systems to be more agile, secure, and accessible for all, watch our video. To learn more about how we can help in your court’s modernization journey, visit our website or get in touch with your Microsoft sales representative or technology partner.

    Explore Microsoft for public safety and justice

    1Microsoft Work Trend Index Special Report.

    David Williams

    Director, Global Public Safety and Justice

    As a leader in Microsoft’s worldwide government team, David Williams is passionate about the application of technology to empower the people and organizations dedicated to Public Safety and Justice. He works closely with partners, field teams, and customers to find solutions that meet each organization’s unique requirements. A retired United States Army major, he has worked for more than 10 years in technology roles focused on intelligence, investigations, and data analytics.

    See more articles from this author

    MIL OSI Economics

  • MIL-OSI USA: Defense of Fort Dobbs Remembered

    Source: US State of North Carolina

    Headline: Defense of Fort Dobbs Remembered

    Defense of Fort Dobbs Remembered
    jejohnson6

    STATESVILLE
    Fort Dobbs State Historic Site will offer a glimpse of the harrowing days of the Anglo-Cherokee War on March 1 with a living-history commemoration.
     
    The 265th anniversary program will feature living-history interpreters portraying colonial soldiers and settlers around the time when up to 70 Cherokee warriors attacked the fort in a confusing night-time skirmish on Feb. 27, 1760. Until then, the Cherokee and British had been allies when the French and Indian War started.
    The commemoration will include musket and swivel cannon firing demonstrations and on-going demonstrations of life inside a blockhouse fort including woodworking and cooking.

    The free program will run 10 a.m.-4 p.m., but $2 donations are suggested. For more information, contact Fort Dobbs at (704) 873-5882 or www.fortdobbs.org.

    About Fort Dobbs
    Fort Dobbs State Historic Site’s mission is to preserve and interpret the history of Fort Dobbs (438 Fort Dobbs Rd, Statesville, NC) and North Carolina’s role in the French and Indian War. It is open Tuesday-Saturday, 9 a.m.-5 p.m. Special events and living history weekends are offered throughout the year. It is part of the Division of N.C. State Historic Sites within the N.C. Department of Natural and Cultural Resources.

    About the North Carolina Department of Natural and Cultural Resources
    The N.C. Department of Natural and Cultural Resources (DNCR) manages, promotes, and enhances the things that people love about North Carolina – its diverse arts and culture, rich history, and spectacular natural areas. Through its programs, the department enhances education, stimulates economic development, improves public health, expands accessibility, and strengthens community resiliency.

    The department manages over 100 locations across the state, including 27 historic sites, seven history museums, two art museums, five science museums, four aquariums, 35 state parks, four recreation areas, dozens of state trails and natural areas, the North Carolina Zoo, the State Library, the State Archives, the N.C. Arts Council, the African American Heritage Commission, the American Indian Heritage Commission, the State Historic Preservation Office, the Office of State Archaeology, the Highway Historical Markers program, the N.C. Land and Water Fund, and the Natural Heritage Program. For more information, please visit www.dncr.nc.gov.
    Feb 19, 2025

    MIL OSI USA News

  • MIL-OSI Security: #StopRansomware: Ghost (Cring) Ransomware

    Source: US Department of Homeland Security

    Summary

    Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025.

    Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.

    Ghost actors rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time. Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Samples of ransomware files Ghost used during attacks are: Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

    Ghost actors use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) and gain access to internet facing servers. Ghost actors exploit well known vulnerabilities and target networks where available patches have not been applied.

    The FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Ghost ransomware incidents.

    Download the PDF version of this report:

    For a downloadable copy of IOCs, see:

    Technical Details

    Note: This advisory uses the MITRE ATT&CK® Matrix for Enterprise framework, version 16.1. See the MITRE ATT&CK Tactics and Techniques section of this advisory for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques.

    Initial Access

    The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple CVEs [T1190]. Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances (CVE-2018-13379), servers running Adobe ColdFusion (CVE-2010-2861 and CVE-2009-3960), Microsoft SharePoint (CVE-2019-0604), and Microsoft Exchange (CVE-2021-34473CVE-2021-34523, and CVE-2021-31207— commonly referred to as the ProxyShell attack chain).

    Execution

    Ghost actors have been observed uploading a web shell [T1505.003] to a compromised server and leveraging Windows Command Prompt [T1059.003] and/or PowerShell [T1059.001] to download and execute Cobalt Strike Beacon malware [T1105] that is then implanted on victim systems. Despite Ghost actors’ malicious implementation, Cobalt Strike is a commercially available adversary simulation tool often used for the purposes of testing an organization’s security controls.

    Persistence

    Persistence is not a major focus for Ghost actors, as they typically only spend a few days on victim networks. In multiple instances, they have been observed proceeding from initial compromise to the deployment of ransomware within the same day. However, Ghost actors sporadically create new local [T1136.001] and domain accounts [T1136.002] and change passwords for existing accounts [T1098]. In 2024, Ghost actors were observed deploying web shells [T1505.003] on victim web servers.

    Privilege Escalation

    Ghost actors often rely on built in Cobalt Strike functions to steal process tokens running under the SYSTEM user context to impersonate the SYSTEM user, often for the purpose of running Beacon a second time with elevated privileges [T1134.001].

    Ghost actors have been observed using multiple open-source tools in an attempt at privilege escalation through exploitation [T1068] such as “SharpZeroLogon,” “SharpGPPPass,” “BadPotato,” and “GodPotato.” These privilege escalation tools would not generally be used by individuals with legitimate access and credentials. 

    See Table 1 for a descriptive listing of tools.

    Credential Access

    Ghost actors use the built in Cobalt Strike function “hashdump” or Mimikatz [T1003] to collect passwords and/or password hashes to aid them with unauthorized logins and privilege escalation or to pivot to other victim devices.

    Defense Evasion

    Ghost actors used their access through Cobalt Strike to display a list of running processes [T1057] to determine which antivirus software [T1518.001] is running so that it can be disabled [T1562.001]. Ghost frequently runs a command to disable Windows Defender on network connected devices. Options used in this command are: Set-MpPreference -DisableRealtimeMonitoring 1 -DisableIntrusionPreventionSystem 1 -DisableBehaviorMonitoring 1 -DisableScriptScanning 1 -DisableIOAVProtection 1 -EnableControlledFolderAccess Disabled -MAPSReporting Disabled -SubmitSamplesConsent NeverSend.

    Discovery

    Ghost actors have been observed using other built-in Cobalt Strike commands for domain account discovery [T1087.002], open-source tools such as “SharpShares” for network share discovery [T1135], and “Ladon 911” and “SharpNBTScan” for remote systems discovery [T1018]. Network administrators would be unlikely to use these tools for network share or remote systems discovery.

    Lateral Movement

    Ghost actors used elevated access and Windows Management Instrumentation Command-Line (WMIC) [T1047] to run PowerShell commands on additional systems on the victim network— often for the purpose of initiating additional Cobalt Strike Beacon infections. The associated encoded string is a base 64 PowerShell command that always begins with: powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIA… [T1132.001][T1564.003].

    This string decodes to “$s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(“” and is involved with the execution of Cobalt Strike in memory on the target machine.

    In cases where lateral movement attempts are unsuccessful, Ghost actors have been observed abandoning an attack on a victim.

    Exfiltration

    Ghost ransom notes often claim exfiltrated data will be sold if a ransom is not paid. However, Ghost actors do not frequently exfiltrate a significant amount of information or files, such as intellectual property or personally identifiable information (PII), that would cause significant harm to victims if leaked. The FBI has observed limited downloading of data to Cobalt Strike Team Servers [T1041]. Victims and other trusted third parties have reported limited uses of Mega.nz [T1567.002] and installed web shells for similar limited data exfiltration. Note: The typical data exfiltration is less than hundreds of gigabytes of data.

    Command and Control

    Ghost actors rely heavily on Cobalt Strike Beacon malware and Cobalt Strike Team Servers for command and control (C2) operations, which function using hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS) [T1071.001]. Ghost rarely registers domains associated with their C2 servers. Instead, connections made to a uniform resource identifier (URI) of a C2 server, for the purpose of downloading and executing Beacon malware, directly reference the C2 server’s IP address. For example, http://xxx.xxx.xxx.xxx:80/Google.com where xxx.xxx.xxx.xxx represents the C2 server’s IP address.

    For email communication with victims, Ghost actors use legitimate email services that include traffic encryption features. [T1573] Some examples of emails services that Ghost actors have been observed using are Tutanota, Skiff, ProtonMail, Onionmail, and Mailfence.

    Note: Table 2 contains a list of Ghost ransom email addresses.

    Impact and Encryption

    Ghost actors use Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe, which are all ransomware executables that share similar functionality. Ghost variants can be used to encrypt specific directories or the entire system’s storage [T1486]. The nature of executables’ operability is based on command line arguments used when executing the ransomware file. Various file extensions and system folders are excluded during the encryption process to avoid encrypting files that would render targeted devices inoperable.

    These ransomware payloads clear Windows Event Logs [T1070.001], disable the Volume Shadow Copy Service, and delete shadow copies to inhibit system recovery attempts [T1490]. Data encrypted with Ghost ransomware variants cannot be recovered without the decryption key. Ghost actors hold the encrypted data for ransom and typically demand anywhere from tens to hundreds of thousands of dollars in cryptocurrency in exchange for decryption software [T1486].

    The impact of Ghost ransomware activity varies widely on a victim-to-victim basis. Ghost actors tend to move to other targets when confronted with hardened systems, such as those where proper network segmentation prevents lateral moment to other devices.

    Indicators of Compromise (IOC)

    Table 1 lists several tools and applications Ghost actors have used for their operations. The use of these tools and applications on a network should be investigated further.

    Note: Authors of these tools generally state that they should not be used in illegal activity.

    Table 1: Tools Leveraged by Ghost Actors
    Name Description Source
    Cobalt Strike Cobalt Strike is penetration testing software. Ghost actors  use an unauthorized version of Cobalt Strike. N/A
    IOX Open-source proxy, used to establish a reverse proxy to a Ghost C2 server from an internal victim device. github[.]com/EddieIvan01/iox
    SharpShares.exe SharpShares.exe is used to enumerate accessible network shares in a domain. Ghost actors use this primarily for host discovery. github[.]com/mitchmoser/SharpShares
    SharpZeroLogon.exe SharpZeroLogon.exe attempts to exploit CVE-2020-1472 and is run against a target Domain Controller. github[.]com/leitosama/SharpZeroLogon
    SharpGPPPass.exe SharpGPPPass.exe attempts to exploit CVE-2014-1812 and targets XML files created through Group Policy Preferences that may contain passwords. N/A
    SpnDump.exe SpnDump.exe is used to list service principal name identifiers, which Ghost actors use for service and hostname enumeration. N/A
    NBT.exe A compiled version of SharpNBTScan, a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration. github[.]com/BronzeTicket/SharpNBTScan
    BadPotato.exe BadPotato.exe is an exploitation tool used for privilege escalation. github[.]com/BeichenDream/BadPotato
    God.exe God.exe is a compiled version of GodPotato and is used for privilege escalation. github[.]com/BeichenDream/GodPotato
    HFS (HTTP File Server) A portable web server program that Ghost actors use to host files for remote access and exfiltration. rejitto[.]com/hfs
    Ladon 911 A multifunctional scanning and exploitation tool, often used by Ghost actors with the MS17010 option to scan for SMB vulnerabilities associated with CVE-2017-0143 and CVE-2017-0144. github[.]com/k8gege/Ladon
    Web Shell A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access. Slight variation of github[.]com/BeichenDream/Chunk-Proxy/blob/main/proxy.aspx
    Table 2: MD5 File Hashes Associated with Ghost Ransomware Activity
    File name MD5 File Hash
    Cring.exe c5d712f82d5d37bb284acd4468ab3533
    Ghost.exe

    34b3009590ec2d361f07cac320671410

    d9c019182d88290e5489cdf3b607f982
    ElysiumO.exe

    29e44e8994197bdb0c2be6fc5dfc15c2

    c9e35b5c1dc8856da25965b385a26ec4

    d1c5e7b8e937625891707f8b4b594314
    Locker.exe ef6a213f59f3fbee2894bd6734bbaed2
    iex.txt, pro.txt (IOX) ac58a214ce7deb3a578c10b97f93d9c3
    x86.log (IOX)

    c3b8f6d102393b4542e9f951c9435255

    0a5c4ad3ec240fbfd00bdc1d36bd54eb
    sp.txt (IOX) ff52fdf84448277b1bc121f592f753c5
    main.txt (IOX) a2fd181f57548c215ac6891d000ec6b9
    isx.txt (IOX) 625bd7275e1892eac50a22f8b4a6355d
    sock.txt (IOX) db38ef2e3d4d8cb785df48f458b35090

    Ransom Email Addresses

    Table 3 is a subset of ransom email addresses that have been included in Ghost ransom notes.

    Table 3: Ransom Email Addresses
    Email Addresses
    asauribe@tutanota.com ghostbackup@skiff.com rainbowforever@tutanota.com
    cringghost@skiff.com ghosts1337@skiff.com retryit1998@mailfence.com
    crptbackup@skiff.com ghosts1337@tuta.io retryit1998@tutamail.com
    d3crypt@onionmail.org ghostsbackup@skiff.com rsacrpthelp@skiff.com
    d3svc@tuta.io hsharada@skiff.com rsahelp@protonmail.com
    eternalnightmare@tutanota.com just4money@tutanota.com sdghost@onionmail.org
    evilcorp@skiff.com kellyreiff@tutanota.com shadowghost@skiff.com
    fileunlock@onionmail.org kev1npt@tuta.io shadowghosts@tutanota.com
    fortihooks@protonmail.com lockhelp1998@skiff.com summerkiller@mailfence.com
    genesis1337@tutanota.com r.heisler@skiff.com summerkiller@tutanota.com
    ghost1998@tutamail.com rainbowforever@skiff.com webroothooks@tutanota.com

    Ransom Notes

    Starting approximately in August 2024, Ghost actors began using TOX IDs in ransom notes as an alternative method for communicating with victims. For example: EFE31926F41889DBF6588F27A2EC3A2D7DEF7D2E9E0A1DEFD39B976A49C11F0E19E03998DBDA and E83CD54EAAB0F31040D855E1ED993E2AC92652FF8E8742D3901580339D135C6EBCD71002885B.

    MITRE ATT&CK Tactics and Techniques

    See Table 4 to Table 13 for all referenced threat actor tactics and techniques in this advisory. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, version 16.1, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

    Table 4: Initial Access
    Technique Title  ID Use
    Exploit Public-Facing Application T1190 Ghost actors exploit multiple vulnerabilities in public-facing systems to gain initial access to servers.
    Table 5: Execution
    Technique Title  ID Use
    Windows Management Instrumentation T1047 Ghost actors abuse WMI to run PowerShell scripts on other devices, resulting in their infection with Cobalt Strike Beacon malware.
    PowerShell T1059.001 Ghost actors use PowerShell for various functions including to deploy Cobalt Strike.
    Windows Command Shell T1059.003 Ghost actors use the Windows Command Shell to download malicious content on to victim servers.
    Table 6: Persistence
    Technique Title  ID Use
    Account Manipulation T1098 Ghost actors change passwords for already established accounts.
    Local Account T1136.001 Ghost actors create new accounts or makes modifications to local accounts.
    Domain Account T1136.002 Ghost actors create new accounts or makes modifications to domain accounts.
    Web Shell T1505.003 Ghost actors upload web shells to victim servers to gain access and for persistence.
    Table 7: Privilege Escalation
    Technique Title  ID Use
    Exploitation for Privilege Escalation T1068 Ghost actors use a suite of open source tools in an attempt to gain elevated privileges through exploitation of vulnerabilities.
    Token Impersonation/Theft T1134.001 Ghost actors use Cobalt Strike to steal process tokens of processes running at a higher privilege.
    Table 8: Defense Evasion
    Technique Title  ID Use
    Application Layer Protocol: Web Protocols T1071.001 Ghost actors use HTTP and HTTPS protocols while conducting C2 operations. 
    Impair Defenses: Disable or Modify Tools T1562.001 Ghost actors disable antivirus products.
    Hidden Window T1564.003 Ghost actors use PowerShell to conceal malicious content within legitimate appearing command windows.
    Table 9: Credential Access
    Technique Title  ID Use
    OS Credential Dumping T1003 Ghost actors use Mimikatz and the Cobalt Strike “hashdump” command to collect passwords and password hashes.
    Table 10: Discovery
    Technique Title  ID Use
    Remote System Discovery T1018 Ghost actors use tools like Ladon 911 and ShapNBTScan for remote systems discovery.
    Process Discovery T1057 Ghost actors run a ps command to list running processes on an infected device.
    Domain Account Discovery T1087.002 Ghost actors run commands such as net group “Domain Admins” /domain to discover a list of domain administrator accounts.
    Network Share Discovery T1135 Ghost actors use various tools for network share discovery for the purpose of host enumeration.
    Software Discovery T1518 Ghost actors use their access to determine which antivirus software is running.
    Security Software Discovery T1518.001 Ghost actors run Cobalt Strike to enumerate running antivirus software.
    Table 11: Exfiltration
    Technique Title  ID Use
    Exfiltration Over C2 Channel T1041 Ghost actors use both web shells and Cobalt Strike to exfiltrate limited data.
    Exfiltration to Cloud Storage T1567.002 Ghost actors sometimes use legitimate cloud storage providers such as Mega.nz for malicious exfiltration operations.
    Table 12: Command and Control
    Technique Title  ID Use
    Web Protocols T1071.001 Ghost actors use Cobalt Strike Beacon malware and Cobalt Strike Team Servers which communicate over HTTP and HTTPS.
    Ingress Tool Transfer T1105 Ghost actors use Cobalt Strike Beacon malware to deliver ransomware payloads to victim servers.
    Standard Encoding T1132.001 Ghost actors use PowerShell commands to encode network traffic which reduces their likelihood of being detected during lateral movement.
    Encrypted Channel T1573 Ghost actors use encrypted email platforms to facilitate communications. 
    Table 13: Impact
    Technique Title  ID Use
    Data Encrypted for Impact T1486 Ghost actors use ransomware variants Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe to encrypt victim files for ransom.
    Inhibit System Recovery T1490 Ghost actors delete volume shadow copies.

    Mitigations

    The FBI, CISA, and MS-ISAC recommend organizations reference their #StopRansomware Guide and implement the mitigations below to improve cybersecurity posture on the basis of the Ghost ransomware activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections.

    • Maintain regular system backups that are known-good and stored offline or are segmented from source systems [CPG 2.R]. Ghost ransomware victims whose backups were unaffected by the ransomware attack were often able to restore operations without needing to contact Ghost actors or pay a ransom.
    • Patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed timeframe [CPG 1.E].
    • Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization [CPG 2.F].
    • Require Phishing-Resistant MFA for access to all privileged accounts and email services accounts.
    • Train users to recognize phishing attempts.
    • Monitor for unauthorized use of PowerShell. Ghost actors leverage PowerShell for malicious purposes, although it is often a helpful tool that is used by administrators and defenders to manage system resources. For more information, visit NSA and CISA’s joint guidance on PowerShell best practices.
      • Implement the principle of least privilege when granting permissions so that employees who require access to PowerShell are aligned with organizational business requirements.
    • Implement allowlisting for applications, scripts, and network traffic to prevent unauthorized execution and access [CPG 3.A].
    • Identify, alert on, and investigate abnormal network activity. Ransomware activity generates unusual network traffic across all phases of the attack chain. This includes running scans to discover other network connected devices, running commands to list, add, or alter administrator accounts, using PowerShell to download and execute remote programs, and running scripts not usually seen on a network. Organizations that can successfully identify and investigate this activity are better able to interrupt malicious activity before ransomware is executed [CPG 3.A].
      • Ghost actors run a significant number of commands, scripts, and programs that IT administrators would have no legitimate reason for running. Victims who have identified and responded to this unusual behavior have successfully prevented Ghost ransomware attacks.
    • Limit exposure of services by disabling unused ports such as, RDP 3398, FTP 21, and SMB 445, and restricting access to essential services through securely configured VPNs or firewalls.
    • Enhance email security by implementing advanced filtering, blocking malicious attachments, and enabling DMARC, DKIM, and SPF to prevent spoofing [CPG 2.M].

    Validate Security Controls

    In addition to applying mitigations, the FBI, CISA, and MS-ISAC recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory.

    To get started:

    1. Select an ATT&CK technique described in this advisory (see Table 3 to Table 13).
    2. Align your security technologies against the technique.
    3. Test your technologies against the technique.
    4. Analyze your detection and prevention technologies’ performance.
    5. Repeat the process for all security technologies to obtain a set of comprehensive performance data.
    6. Tune your security program, including people, processes, and technologies, based on the data generated by this process.

    Reporting

    Your organization has no obligation to respond or provide information back to the FBI in response to this joint advisory. If, after reviewing the information provided, your organization decides to provide information to the FBI, reporting must be consistent with applicable state and federal laws.

    The FBI is interested in any information that can be shared, to include logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, and/or decryptor files.

    Additional details of interest include a targeted company point of contact, status and scope of infection, estimated loss, operational impact, date of infection, date detected, initial attack vector, and host and network-based indicators.

    The FBI, CISA, and MS-ISAC do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, the FBI and CISA urge you to promptly report ransomware incidents to FBI’s Internet Crime Complain Center (IC3), a local FBI Field Office, or CISA via the agency’s Incident Reporting System or its 24/7 Operations Center (report@cisa.gov) or by calling 1-844-Say-CISA (1-844-729-2472).

    Disclaimer

    The information in this report is being provided “as is” for informational purposes only. The FBI, CISA, and MS-ISAC do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the FBI, CISA, and the MS-ISAC.

    Version History

    February 19, 2025: Initial version.

    MIL Security OSI

  • MIL-OSI USA: Reed, Colleagues Request Information on Elon Musk’s Access to VA Medical Records

    US Senate News:

    Source: United States Senator for Rhode Island Jack Reed
    WASHINGTON, DC — U.S. Senator Jack Reed (D-RI) is teaming up with Senator Jon Ossoff, the Ranking Member of the Appropriations Subcommittee on Military Construction and Veterans Affairs (Milcon-VA) to safeguard veterans’ private information, asking questions about unelected billionaire Elon Musk’s access to veterans’ medical records and Musk’s dysfunctional and ineffective cost-cutting directives that could make it harder for veterans to get the care they deserve. 
    Reed and Ossoff, along with Appropriations Committee Vice Chair Patty Murray (D-WA) and fellow Subcommittee members Senators Martin Heinrich (D-NM), and Gary Peters (D-MI) are pressing U.S. Department of Veterans Affairs (VA) Secretary Doug Collins to protect veterans, their families, and VA staff from unprecedented access to sensitive information by Elon Musk and the so-called Department of Government Efficiency (DOGE).
    The Trump Administration is severely reducing VA staffing levels.  And according to a recent report by Military.com, DOGE employees had accessed VA computer systems at the Department’s headquarters in Washington, DC.
    “We understand that personnel reporting to Mr. Musk have recently visited VA facilities,” the five senators wrote to VA Secretary Collins. “Senators, veterans, and members of the public have serious concerns regarding Mr. Musk’s extraordinary and unprecedented activities and the lack of transparency surrounding them, including his potential access to and handling of sensitive or personal information.”
    “Accordingly, we seek specific information regarding VA’s engagement with Elon Musk and the Department of Government Efficiency (“DOGE”),” they continued.
    The U.S. Senators requested a list of DOGE personnel who have visited VA facilities, the systems they accessed, and whether veteran data — including medical and service records — may have been viewed, run through AI/LLM programs, copied, or transferred. The group also requested that Secretary Collins reveal the nature of the agreement under which DOGE personnel are governed by in their engagement with the VA.
    The VA’s mission is to help veterans successfully transition to civilian life and assists them in their post-service journey by ensuring they have access to the benefits they earned.  The VA offers veterans and their families a wide range of services, including healthcare, housing, education, training, disability compensation and pension assistance, and more.
    Read the full letter here.

    MIL OSI USA News

  • MIL-OSI Security: Defense News: Reserve Cyber Warfare Technicians and Maritime Cyber Warfare Officers Elevate Navy Cyber Operations

    Source: United States Navy

    Just as adversaries seek exploitable vulnerabilities in traditional warfare, they also leverage cyber-operations in an effort to gain operational advantage. Cyber capabilities function both as a non-kinetic offensive weapon and force multiplier supporting other domains—such as anti-missile defense at sea or the protection of space-based assets.

    Prior to the creation of the MCWO community, the Navy relied on Information Warfare (IW) officers, including Cryptologic Warfare (CW) and Information Professional (IP) specialists, to fill cyber-related billets within the cyber operations forces. With the establishment of the Reserve MCWO specialty, Reserve officers can build focused expertise, deepening the Navy’s bench of cyber talent.

    “Reserve Maritime Cyber Warfare Officers bolster U.S. Navy Reserve Information Warfare Community (IWC) cyber capabilities, ensuring the Navy maintains a decisive edge in modern warfare,” said Rear Adm. Gregory Emery, Commander, Naval Information Force Reserve. “Their specialized skill sets enable us to confront emerging threats and strengthen our strategic advantage.”

    To meet the growing complexity of the cyber domain, the Navy Reserve’s MCWO and CWT communities continue to refine their training pipelines and development programs. CWTs and MCWOs, working alongside other IW professionals, are advancing in proficiency and readiness. The Reserve component aligns closely with supported commands, predominantly contributing to cyberspace planning and defense activities—ensuring cyber warfare is a core element of warfare planning and execution.

    “The seamless integration of Reserve Sailors into active-duty missions is critical to our success,” said Capt. Daniel Krowe, Reserve Maritime Cyber Warfare Community Lead. “Readiness is essential to operationalizing our Reserve IW Sailors and amplifying their effectiveness.”

    Cyber operations play an indispensable role at the OLW. Sailors within the IWC must be both technically skilled and strategically minded, recognizing that cyberspace is a domain where state and non-state actors pose significant threats to U.S. interests. Effective cyber operations require both technical expertise and a comprehensive understanding of the operational environment and implications of each action.

    “Repeated and intentional application of OLW concepts during exercises and training will strengthen Reserve Component MCWO and CWT expertise,” Capt. Krowe continued. “This iterative approach ensures our Sailors maintain a decisive warfighting edge.”

    Training exercises, particularly those simulating realistic cyber threats, play a pivotal role in readying Sailors for complex, contested environments. Through events like the MAKO Exercise series—annual Reserve OLW Maritime Operation Center (MOC) exercises—CWT and MCWO personnel refine their skills on simulated watch floors. These scenarios mirror real-world challenges, enabling Reserve Sailors to improve coordination, decision-making, and the delivery of cyber capabilities alongside their active-duty counterparts.

    The Navy’s investment in cyber operations reflects a broader acknowledgment of cyberspace as a decisive warfare domain. By cultivating and deploying highly trained CWTs and MCWOs, the Navy ensures it can project influence, defend critical infrastructure, and maintain forward presence in both traditional and digital arenas.

    “As we focus on current and future security landscapes, our ability to operate effectively in cyberspace will be a decisive factor in future maritime operations and conflicts,” said Rear Adm. Emery. “Our commitment to mastering cyber operations at the OLW is both a tactical necessity and a strategic imperative.”

    In an era where digital networks underpin combat systems, communications, and logistics, the Navy’s integration of cyber capabilities into OLW activities is essential for mission success. Through the dedication and readiness of its Reserve cyber professionals, the Navy will sustain operational superiority in every domain.

    As global tensions escalate and adversaries sharpen their cyber tactics, the Navy’s emphasis on cultivating a robust cyber security Reserve Force underscores its resolve. By strengthening the training, expertise, and operational readiness of CWTs and MCWOs, the Navy Reserve is poised to maintain its formidable presence and protect U.S. interests across the physical and digital battlespaces.

    MIL Security OSI

  • MIL-OSI Global: Bolsonaro’s indictment over alleged coup plot signals shift in Brazil’s approach to political accountability

    Source: The Conversation – UK – By Felipe Tirado, PhD Candidate in Law, King’s College London

    Brazil’s top prosecutor has filed federal charges against Jair Bolsonaro, alleging that the former president attempted a coup in 2023. Focus Pix / Shutterstock

    The Brazilian attorney-general has charged the country’s former president, Jair Bolsonaro, with participating in a plot to cling to power through a coup d’etat in 2022. If Bolsonaro is convicted, he could spend between 38 and 43 years in prison.

    Bolsonaro, who governed Brazil between 2019 and 2022 but lost his attempt at re-election to current president Luiz Inácio “Lula” da Silva, is one of 34 people to be formally charged for offences related to the alleged coup. These include high-ranking serving and retired members of the military, as well as former ministers and politicians.

    The charges levelled against them are involvement in an attempted coup d’etat, violent abolition of the democratic rule of law, and criminal organisation.

    According to the attorney-general’s 272-page indictment, Bolsonaro became increasingly inclined to pursue anti-democratic measures in the months before the election. He allegedly considered taking steps to retain power even before the first round of voting.

    Then, after his defeat by an extremely narrow margin, the indictment claims that Bolsonaro and his alleged accomplices decided to implement the plan before Lula took office in January 2023.

    An investigation by Brazil’s federal police in November found that the insurrection in the country’s capital Brasília on January 8 2023, where rioters invaded the presidential palace, congress and supreme court, was part of this plan. The same investigation suggested the plan also included a plot to assassinate Lula and his vice-president Geraldo Alckmin, as well as supreme court judge Alexandre de Moraes.

    Bolsonaro denies any wrongdoing and – at least in public – is bullish about his fate. Speaking to journalists hours before the charges were filed, he said: “I have no concerns about the accusations, zero.”

    The case will now be considered by the Supreme Court, whose judges will decide whether to initiate criminal proceedings against Bolsonaro and the other defendants. This is expected to happen over the coming weeks. If the judges accept the charges and proceedings are established, the defendants will be called to answer them.

    This is the first time in Brazilian history that high-ranking members of the armed forces have been indicted and charged with crimes associated with a coup d’etat. According to the indictment, the intention was for the armed forces to be called upon to act as a “moderating power”, with the aim of overturning the election result.

    Army generals Augusto Heleno, Walter Braga Netto and Paulo Sérgio Nogueira de Oliveira are among those who have been charged. These men served as ministers in the Bolsonaro government, with Braga Netto also running as the vice-president on Bolsonaro’s ticket in 2022.

    Another high-ranking member of the armed forces charged by the attorney-general is Almir Garnier Santos, the commander of the Brazilian navy. These four men were allegedly part of the inner nuclei that planned and prepared the attempted coup.

    Several other servicemen, including generals, colonels and other officers, were charged with crimes related to the planning and execution of the initial phases of the coup. The sentences for all of these men could amount to up to 30 years in prison.

    Like Bolsonaro, Braga Netto denies any guilt. In a statement released on February 18, his lawyers called the charges a “fantasy”. Lawyers for Garnier Santos and Heleno have chosen not to comment until having fully reviewed the charges.

    Unlike those in the military, some of the political figures charged by the attorney general had criminal antecedents. One of the politicians named in the indictment is Filipe Martins, Bolsonaro’s former international affairs adviser and a “disciple” of the deceased far-right polemicist, Olavo de Carvalho. Martins’ lawyers released a statement on February 18 calling the accusations “unfounded”.

    In December 2024, Martins was convicted of making a gesture alluding to white supremacy during a virtual session of the senate. He initially received a sentence of two years and four months in prison for inciting racial prejudice, which was replaced by 850 hours of community service.

    Far-right commentator Paulo Figueiredo Filho, the grandson of Brazil’s last military dictator, João Figueiredo, was also charged. He appeared on a podcast on February 19 to criticise the charge. Figueiredo lives in the US, where he was arrested in 2019 because of problems with his immigration status.

    Lessons from and to Brazil

    Brazil has already offered some lessons to other countries facing similar authoritarian challenges. Its response to the insurrection in Brasília was swift and robust. Within days, hundreds of rioters had been arrested and the state governor of the federal district was suspended for his sluggish response.

    Then, in 2023, Bolsonaro was banned from running for office for eight years over false claims that the electronic ballots used in the previous year’s election were vulnerable to hacking and fraud. Those involved with the attempted military coup have also been investigated and some subsequently arrested.

    But the coup plot case can also serve as a lesson to the country. Brazil has a history both of successful and unsuccessful military coups. The last successful military coup led to a dictatorship that lasted from 1964 until 1985.

    Brazil also has a history of amnesties, whereby crimes committed during these coups and authoritarian regimes have been pardoned. There have been 48 amnesties in Brazil since 1889, with the most recent one, in 1979, allowing the dictatorship to self-amnesty its crimes.

    For over 45 years, this amnesty hindered criminal accountability for the perpetrators of crimes. This included the murder of politician Rubens Paiva, whose disappearance was the focus of the 2024 Oscar-nominated film, I’m Still Here. The amnesty was declared void by the Inter-American Court of Human Rights in 2011.

    Bolsonaro and other individuals charged, as well as their supporters and aligned politicians, have been demanding a “humanitarian amnesty” for those who allegedly participated in the coup plot.

    Given Bolsonaro’s history, this seems paradoxical. Throughout his decades-long public career, Bolsonaro has consistently celebrated the crimes of the military dictatorship and supported violations of human rights. At the same time, he has also opposed individuals and organisations that advocate for victims of the dictatorship.

    If Bolsonaro and his alleged accomplices are found guilty, it could be an unparalleled lesson for Brazil. Punishing anyone convicted would be an opportunity to step away from the country’s tradition of impunity and move towards addressing systemic injustices.

    Felipe Tirado receives funding from the Centre for Doctoral Studies – King’s College London.

    ref. Bolsonaro’s indictment over alleged coup plot signals shift in Brazil’s approach to political accountability – https://theconversation.com/bolsonaros-indictment-over-alleged-coup-plot-signals-shift-in-brazils-approach-to-political-accountability-250300

    MIL OSI – Global Reports

  • MIL-OSI United Nations: ‘Fragile stability’ in Libya increasingly at risk, Security Council hears

    Source: United Nations 2

    Peace and Security

    The dream of a civil, democratic and prosperous Libya remains unfulfilled 14 years after the revolution that led to the overthrow of the Gaddafi regime, the head of UN Political and Peacebuilding Affairs told the Security Council on Wednesday. 

    Rosemary DiCarlo said entrenched divisions, economic mismanagement, continued human rights violations, and competing domestic and external interests, continue to erode unity and stability in the country.

    “The fragile stability in Libya is increasingly at risk,” she warned. “The country’s leaders and security actors are failing to put the national interest ahead of their competition for political and personal gain.”

    Support new UN envoy

    She urged Council members to support the newly appointed UN Special Representative for Libya Hanna Tetteh “in her work to help break the political impasse, resolve Libya’s protracted crisis and support the Libyan people towards unifying Libya’s institutions and holding inclusive national elections.”

    The North African country has been split between two rival administrations for over a decade, with the internationally recognized Government of National Unity (GNU) based in the northwest while the Government of National Stability (GNS) is in the east.

    Landmark elections scheduled for December 2021 were cancelled, including due to disputes over the eligibility of candidates.

    Advisory Committee established

    Ms. DiCarlo stressed the urgent need for progress in Libya. She said the UN Mission there, UNSMIL, is taking steps to revive a political process anchored in the principles of inclusivity and national ownership.

    UNSMIL recently established an Advisory Committee that will provide recommendations for resolving outstanding contentious issues that have prevented national elections from taking place.

    The Committee is composed of 20 members who include legal and constitutional experts. More than a third are women. She emphasized that it is not a decision-making body, but its proposals will support efforts to remove obstacles to holding national elections.

    Many Libyan stakeholders, including political parties, social movements, and women and youth groups, have publicly welcomed its establishment as an opportunity to move the political process forward,” she said.

    Supporting inclusive dialogue

    UNSMIL convened the Committee’s inaugural meeting in the capital, Tripoli, last week. Members are meeting again over three days this week to examine the contentious issues in detail and begin considering ways to overcome them.

    “In parallel, UNSMIL is also taking steps to convene a structured dialogue among Libyans on ways to address longstanding drivers of conflict and develop an inclusive, bottom-up vision for their country’s future,” she said.

    The Mission is also facilitating consultations among Libyan economic experts to identify priorities, barriers and solutions to achieve sound economic governance.  

    Divisions and competition

    Ms. DiCarlo said divisions and competition over the control of State institutions continue to dominate the political and economic landscape. No progress has been made on a unified budget or agreed spending framework despite UNSMIL engagement with all relevant stakeholders.

    “It is critical to address the issue to support the efforts of the Central Bank of Libya to stabilize the financial situation of the country and enable transparent and equitable public spending,” she explained.

    A dispute over the position of president of the High Council of State, a top governing body, also remains unresolved even after six months of litigation and contradictory rulings. The Council now stands “deeply divided and unable to fulfil its institutional role.” 

    UNSMIL

    People gather at a market in Tripoli, the capital of Libya. (file)

    National reconciliation at risk

    Politicization and political divisions are also hindering progress on national reconciliation, she added. 

    Last December, UNSMIL facilitated an agreement among three key institutions – the Presidential Council, the House of Representatives, and the High Council of State – on a draft law on the issue. 

    However, subsequent amendments to the draft law by parliamentarians have raised concerns over the independence of a National Reconciliation Commission.

    A charter for reconciliation was agreed earlier this month through a process led by the African Union.  It was adopted on 14 February in the margins of the bloc’s summit in Addis Ababa, Ethiopia.

    “While some Libyan stakeholders have supported the charter, others did not,” she said, noting that UNSMIL continues to engage with all relevant parties.

    Security threats persist

    Meanwhile, the activities of non-State and quasi-State armed groups continue to pose a threat to Libya’s fragile stability. 

    Ms. DiCarlo called for a full and transparent investigation into an armed attack on a Government of National Unity (GNU) Minister in Tripoli on 12 February.

    She said the Libyan National Army took control of a military base in the south previously held by a GNU-affiliated military officer. Furthermore, the 2020 Ceasefire Agreement has only been partially implemented. 

    “Renewed efforts by Libyan authorities to implement its remaining provisions are crucial to improve the fragile security situation and to create conditions for the reunification and reform of security institutions,” she said. 

    Migrants and mass graves

    Turning to other challenges, she said the continuing trend of arbitrary arrests and enforced disappearances is deeply concerning and the increasing number of deaths in custody is troubling, with 15 cases recorded since March 2024. 

    Migrants and asylum-seekers, including children, also continue to face serious human rights violations including torture and cruel and inhumane treatment. 

    The alarming and tragic discovery of mass graves following raids on human trafficking sites highlights the severe danger faced by migrants in Libya,” she said.

    On 7 February a mass grave was discovered on a farm in Jikharra in the northeast; another was found a day later in Al-Kufra in the southeast. To date, 93 bodies have been exhumed.

    “A full and independent investigation is critical to bring the perpetrators to justice. “This is yet another reminder of the urgent need to protect migrants and combat human trafficking,” she said.

    Last December, a joint UNSMIL and UN mission to Al-Kufra engaged with local authorities, partners, refugees and host communities to strengthen humanitarian response for Sudanese refugees, who continue to flee to Libya.

    Ms. DiCarlo said the chapter of the 2025 Sudan Refugee Regional Response Plan relating to Libya targets 446,000 people and requires $106 million – double the support from 2024. 

    She appealed to donors for their continued support to address the growing needs of Sudanese refugees in Libya and across the region. 

    MIL OSI United Nations News

  • MIL-OSI Europe: ASIA/MYANMAR – “I only kneel before God”: the last words of Father Martin Ye Naing Win

    Source: Agenzia Fides – MIL OSI

    Wednesday, 19 February 2025

    Archdiocese of Mandalay

    by Paolo AffatatoMandalay (Agenzia Fides) – When on the evening of February 14 a commando of ten armed men arrived at the rectory of the Church of Our Lady of Lourdes in the village of Kangyi Taw (in the Shwe Bo district of the Sagaing region), Father Donald Martin Ye Naing Win, a 44-year-old priest of the Archdiocese of Mandalay, fearlessly confronted the ten militiamen who threatened him. They had first threatened and silenced two women, teachers and parish workers, who were on the church premises and were helping the priest to organize classes for the children of the parish’s about 40 Catholic families. In the Sagaing region, affected by the clashes between the Burmese army and the resistance forces, the state system has collapsed, there are no public services and education is only guaranteed by spontaneous initiatives such as those of the parishes.It is the two women who were present at the events and are now in a protected place for security reasons who tell the details of the incident. Their testimony, which Fides has received, has already reached the Ministry of Justice of the National Unity Government (NUG) in exile, on which the People’s Defense Force (PDF) depends, which controls the territory in the so-called “liberated areas”, i.e. those taken from the control of the military junta by the opposition forces.The men who attacked Father Donald, the women reported, were in an an evident abnormal mental state, either due to alcohol or drugs. They came from the neighboring village. It is not clear why they attacked the priest with such violence, whom the leader ordered to kneel. Father Donald watched them and replied with the gentleness and inner peace that characterize him as a man and priest with an upright conscience: “I only kneel before God”. And then he continued quietly: “What can I do for you? Is there a matter we can discuss?”.One of the men responded to his words by striking him from behind with a dagger that was still in its sheath. However, with this weapon he accidentally hit the leader of the armed group. The leader, who was already in a state of drunkenness and rage, which was also due to Father Donald’s reaction, pulled out a knife and angrily attacked the priest, repeatedly stabbing him brutally in the body and neck. Father Donald did not utter a word or complain. He endured the senseless violence without reacting, like an innocent man, “like a lamb to the slaughter,” as the witnesses report. The other men stood by and watched the murder being carried out. The repeated blows to the throat almost severed the head from the body, which sank in a lake of blood. After the crime, the group of men left the scene.The women raised the alarm and called the villagers, who, in shock and tears, took the lifeless body with them. The soldiers of the People’s Defence Force were then alerted, who tracked down and arrested the attackers. The two women’s testimonies were recorded and sent to the Government of National Unity, which stressed in a statement that it was “deeply saddened by the murder of Father Donald Martin, a priest from Mandalay” and that it would “commit itself to punishing the alleged murderers according to the law”. “The People’s Defence Forces (PDF) of Shwebo district arrested ten suspects on the same day” and began the relevant investigations, the statement continued. “The accused belong to a local defence group,” the text said. “As it is known that they belong to the armed forces, the Government of National Unity and the Ministry of Defence will take legal action”, applying the law provided for the military. “The National Unity Government,” it concludes, “strongly condemns attacks on civilians, including religious leaders, by any organization.”As the Association for the Assistance of Political Prisoners (AAPP) explains, in the areas controlled by the resistance – which constitute a kind of “parallel state” – “there is no definitive legal framework to guide governance, administration and legislation.” In some liberated areas, “there is a judicial system with district judges who establish a procedure and, in some cases, apply their own legal framework.”On the other hand, in the current context, it is difficult to draft and implement completely new laws, so in many liberated areas, national laws are still applied. However, efforts are being made to selectively enforce laws that are “consistent with international human rights standards” enacted and amended by the army for Myanmar in recent years, with a focus on laws enacted by the country’s successive military juntas that “give the authorities excessive power and disproportionate punishments”. The AAPP points to the need for “comprehensive judicial reform” and a “fair and just system” in which no authority (judges, administrative bodies, local police officers and other armed groups), regardless of their status, “is above the law”.It is pointed out that, meanwhile, anyone accused of a crime must have the opportunity to defend themselves. Currently, in the liberated areas, a district judge has the power to impose the death penalty. If the accused is sentenced to death, he has de facto no right of appeal.(Agenzia Fides, 19/2/2025)
    Share:

    MIL OSI Europe News

  • MIL-OSI USA: Citizen Airman wins Integrator of the Year for creating a warrior culture  in the Cowboy Guard

    Source: US State of Wyoming

    CHEYENNE, Wyo. — Melissa Mendez has always believed in the power of people. As a first sergeant with the 153rd Security Forces Squadron in the Wyoming Air National Guard, she takes pride in her role as a mentor, coach, and advocate for her Airmen. 

    But Mendez isn’t just a leader in uniform. Off-duty, she serves as a Wyoming National Guard primary prevention specialist, a role focused on addressing issues before they escalate and creating a positive environment for service members across 97,000 square miles.

    “Melissa was one of three IPPW specialists, nationally, to be selected as Integrator of the Year out of hundreds,” she added. “And the only lead. Knowing that Wyoming, as a small state, has the ability to stand out and rise above brings a level of pride to the entire team and motivates all of us to keep doing great things. We will never be the largest state in the room, but we can lead the way.”

    “People are my passion,” Mendez said. “If we can support individuals and help them thrive, we’re not just building stronger teams—we’re creating a better future for everyone.”

    As a Citizen Airman, Mendez balances her dual responsibilities to the military and her community. In her prevention role, she dives deep into data to identify areas where service members may be struggling—whether with financial stress, relationship challenges, or mental health concerns. By analyzing trends and collaborating with legacy programs like suicide prevention and sexual assault prevention and response, she ensures that targeted training and resources reach those who need them most.

    One notable success story highlights her ability to turn data into action. When a unit reported high levels of financial stress in surveys, Mendez coordinated with local financial advisors to provide targeted workshops. The results were transformative, with members expressing relief and gratitude for the support.

    “Melissa continues to grow and excel in her leadership role. She is constantly helping others, guiding conversations and projects, and leading the way,” said Kristin Malone, Cowboy Guard integrated primary prevention manager. “The leadership she demonstrates doesn’t stop with the IPPW, but extends to her role as a 1st Shirt in the WYANG.”

    Mendez’s ability to connect with people and turn data into actionable solutions is unmatched, Malone said. 

    Her leadership has directly contributed to initiatives such as distributing over $61,000 in gun locks and lock boxes, expanding suicide prevention efforts across the state’s 97,000 square miles. She also spearheaded the alignment of the Wyoming Military Department with the Governor’s Challenge initiatives, ensuring strategic coordination to bolster lethal means safety and resilience programs.

    As the first generation of her family born in the United States and the fourth generation to serve in the military, Mendez’s journey is one of resilience and hope. “Hope is what keeps people going,” she said. “Sometimes it’s as simple as reminding someone that they’re not alone. Whether I’m in uniform or in my civilian role, my goal is to help people find that hope and build on it.”

    In her role as a first sergeant, Mendez leans on her background as a mental health technician to support her Airmen. Whether she’s assisting with professional development or helping someone navigate personal challenges, she approaches each situation with empathy and determination.

    “Being a first sergeant is about seeing the person behind the uniform,” she said. “It’s about helping them be the best version of themselves, not just for the mission but for their families and their own well-being.”

    For Mendez, her role as a prevention specialist and first sergeant is not just a job; it’s a calling. Over her career, she has seen firsthand the power of hope and support in transforming lives. One of her most memorable experiences was helping an Airman at rock bottom. The individual was struggling with personal issues, failing fitness tests and facing challenges at work.

    “I asked them, ‘What else is going on? Rank aside, human to human, let’s talk,’” Mendez recalled. “Sometimes people just need someone to listen without judgment.”

    Through consistent mentorship and connecting the Airman to available resources, Mendez saw a remarkable transformation. The individual passed their fitness test with high marks, earned awards and regained confidence. Years later, they reached out to Mendez to express gratitude, saying her support had inspired them to help others.

    Her impact extends beyond individual Airmen. She implemented the first Wyoming IPPW Care Team Meeting, bringing together 15 different stakeholders to improve interagency collaboration. She also developed a helping agency resource matrix to assist approximately 3,000 Guard members in navigating work-life challenges and preventing crises.

    “Wyoming is a large state with a small population,” she said. “That makes it even more important to build strong networks and ensure no one falls through the cracks.”

    MIL OSI USA News

  • MIL-OSI Security: Driving Innovation and Reducing Waste: Cherry Point Service Members, Civilians Complete Lean Six Sigma Training

    Source: United States Navy (Medical)

    Members of the Marine Corps Air Station Cherry Point community are now better prepared to improve processes and reduce waste after attending a weeklong course held aboard the base in late January 2025.

    Sailors, Marines and civilians serving aboard MCAS Cherry Point graduated Friday, January 31 from the five-day Lean Six Sigma Green Belt course held aboard Naval Health Clinic Cherry Point.

    “These individuals acquire valuable skills to improve operational efficiency, reduce waste and enhance the quality of care,” said Commander Brendon Tillman, who helped organize the class. “Lean Six Sigma Green Belt-trained Sailors bring practical tools and strategies that drive continuous improvements.”

    A clinic staff member with a Lean Six Sigma Green Belt certification will focus on small-scale process improvements within Naval Health Clinic Cherry Point using tools like the Define, Measure, Analyze, Improve, Control framework, commonly referred to as DMAIC. A team of LSS-trained Green Belts will work together under the supervision of an LSS-trained Black Belt.

    Green Belt projects in the clinic have improved lab specimen handling protocols, streamlined the Limited Duty completion process, enhanced the Ambulatory Procedure Unit and Dental supply inventory management process and increased the usage rate of evidence-based treatments for Post Traumatic Stress Disorder and depression.

    “The continuous improvement mindset instilled by LSS helps clinics develop stronger organizational resilience, enabling them to adapt to changing demands,” said Tillman. “These sailors become valuable leaders who can mentor others, drive process improvement initiatives, and contribute to the overall mission readiness of the clinic.”

    To earn their Green Belt certification, graduates from the course must prove their knowledge by completing two process improvement projects. An LSS certification, according to Tillman, demonstrates a Sailor and staff member’s drive towards professional development and innovation, setting them apart from their peers.

    MIL Security OSI

  • MIL-OSI USA: Boozman, Colleagues Mark 80th Anniversary of Iwo Jima

    US Senate News:

    Source: United States Senator for Arkansas – John Boozman

    WASHINGTON—U.S. Senator John Boozman (R-AR) joined Senators Todd Young (R-IN) and Mark Warner (D-VA) to introduce a bipartisan resolution recognizing the 80th anniversary of the Battle of Iwo Jima. The major clash between U.S. and Japanese forces in World War II’s Pacific theater began on February 19, 1945, and lasted until March 26, 1945.

    “The 80th anniversary of the Battle of Iwo Jima is a solemn yet important reminder of the sacrifice of the Greatest Generation,” said Boozman. “The resilience and courage of our U.S. Marines was famously characterized as a display of uncommon valor. Decades later, we continue to remember and honor our servicemembers’ heroism. I am proud to join my colleagues in recognizing them, this milestone and the vital partnership between our nation and Japan today.”                            

    “For myself, every Marine, and many Americans, Iwo Jima is a symbol of duty and sacrifice,” said Young. “I’m proud to lead this resolution that recognizes the heroic servicemembers who gave their lives at Iwo Jima, honors those who fought in the battle, and reaffirms our reconciled friendship with Japan.” 

    “I’m proud to introduce this resolution to pay tribute to the service and the sacrifice of all the heroes who fought for our country at Iwo Jima, which included my late father, Marine Corporal Robert Warner. The 80th anniversary of this pivotal battle offers us an opportunity to reflect on the bravery and perseverance of the Greatest Generation, and is an enduring reminder about the power of courage and unity in the face of adversity,” said Warner

    More specifically, the resolution:

    • Honors the Marines, Sailors, Soldiers, Army Air Crew and Coast Guardsmen who fought bravely on Iwo Jima;
    • Remembers the brave servicemembers who lost their lives in the battle;
    • Commemorates the iconic and historic raising of the United States flag on Mount Suribachi that occurred on February 23, 1945;
    • Encourages Americans to honor the veterans of Iwo Jima; and
    • Reaffirms the bonds of friendship and shared values that have developed between the United States and Japan over the last 80 years.

    The resolution is also cosponsored by Senators Richard Blumenthal (D-CT), Dan Sullivan (R-AK), Chris Coons (D-CT), Catherine Cortez Masto (D-NV), Kevin Cramer (R-ND), Ruben Gallego (D-AZ), Ted Cruz (R-TX), Tim Kaine (D-VA), Joni Ernst (R-IA), Angus King (I-ME), Rick Scott (R-FL), Amy Klobuchar (D-MN), Thom Tillis (R-NC), Jacky Rosen (D-NV), Jack Reed (D-RI), Chris Van Hollen (D-MD), Elizabeth Warren (D-MA), Deb Fischer (R-NE), Tom Cotton (R-AR), Tammy Duckworth (D-IL), Jim Justice (R-WV), Mike Rounds (R-SD) and Adam Schiff (D-CA).

    Click here for full text of the resolution.

    MIL OSI USA News

  • MIL-OSI USA: Governor Lamont Proposes New Law To Protect Veterans’ Disability Benefits From Claim Sharks

    Source: US State of Connecticut

    (HARTFORD, CT) – Governor Ned Lamont today announced that he is urging the Connecticut General Assembly to approve legislation he is proposing this session that will enact a new state law protecting veterans against being exploited by for-profit companies that charge exorbitant fees for filing disability claims on their behalf with the U.S. Department of Veterans Affairs (VA).

    Commonly known as “claim sharks,” these unaccredited companies solicit veterans with the promise that their services can help them get disability claims approved by the VA. Frequently, these companies wait until after the claim has been approved to notify the veteran that they will be charged fees for this service, sometimes taking a large cut of the veteran’s future disability benefits, which could amount to thousands of dollars.

    Claim sharks also expose veterans to fraud and identity theft. Since unaccredited actors do not have access to the VA claim system, some require the veteran to share system logins, passwords, and bank account information so fees can be immediately withdrawn even before the veteran learns claim money has been deposited.

    “Veterans deserve the disability benefits they’ve earned, and taking a cut of these benefits for one’s own profit through manipulative schemes is morally wrong and disturbing,” Governor Lamont said. “We need stronger laws that bring transparency to these practices so that veterans can make informed decisions and are able to avoid these kinds of exploitative practices that we’ve seen happening across the country.”

    While federal law currently prohibits companies without VA accreditation from charging veterans fees to file disability claims, there are no criminal penalties for violating the law and recent legislative efforts to rein in this profit-driven shadow industry have stalled in Congress.

    Governor Lamont is proposing to require more transparency around this practice and obligate these companies to provide veterans with information on all fees prior to beginning their services. Specifically, he is proposing a law that will:

    • Require companies that provide these services to notify recipients of all fees in advance of the services being provided and create a written agreement signed by both parties; and
    • Require companies that provide these services to explicitly notify veterans in advance that they are not endorsed or affiliated with the VA or the Connecticut Department of Veterans Affairs and that local and federal veteran service organizations may provide this service free of charge. These same notices must also be included in any advertising related to these services.

    Attorney General William Tong has also proposed legislation on this topic and is supportive of Governor Lamont’s proposal.

    “Applying for VA benefits is free, and accredited, vetted, veteran service officers are available to assist at no cost,” Attorney General Tong said. “Unaccredited, illegitimate services waste veterans’ money and time, and may expose veterans to potential fraud and identity theft. Connecticut veterans cannot afford to wait for federal action – we need strong state accountability and oversight, including real penalties for anyone who abuses the claims process to take advantage of veterans and their families.”

    “Governor Lamont and Attorney General Tong, we thank you for taking on this important topic of protecting our veterans and families from claim sharks,” Connecticut Veterans Affairs Commissioner Ronald P. Welch, a retired U.S. Army brigadier general, said. “The Connecticut Department of Veteran Affairs wants to ensure our 146,000, Connecticut veterans and their families are protected against the predatory activities of claim sharks and others not properly accredited to legally represent those that have served our great state and nation. We fully support legislation that holds claim sharks and others attempting to take advantage of our veterans who have service-connected injuries or illnesses accountable for their reprehensible actions.”

    “Veterans put their lives on the line for our country, and the last thing they should face is fraud and exploitation when accessing the benefits they’ve already earned,” State Senator Paul Honig (D-Harwinton), co-chair of the legislature’s Committee on Veterans’ and Military Affairs, said. “We won’t stand for bad actors preying on our vets here in Connecticut.”

    “Our veterans earned their benefits through service and sacrifice – no one should exploit them for profit,” State Representative Jaime Foster (D-East Windsor, Ellington, Vernon), co-chair of the legislature’s Committee on Veterans’ and Military Affairs, said. “This bill enforces existing federal protections with real accountability, ensuring transparency and safeguarding veterans from predatory claim sharks. I applaud Attorney General Tong for his leadership on this issue and I look forward to working with my colleagues to advance these critical protections.”

    Applying for benefits through the VA is free, as is talking to an accredited veteran service officer who can help veterans navigate the process. In Connecticut, the VA operates Veterans Service Offices in all five of its district offices:

    • 1st District – Newington Office: (860) 594-6606
    • 2nd District – Norwich Office: (860) 887-9162
    • 3rd District – Milford Office: (203) 874-6711
    • 4th District – Fairfield Office: (203) 418-2005
    • 5th District – Waterbury Office: (203) 805-6343

    Additional information on accredited Veterans Service Organization representatives, attorneys, and claims agents can be found online at www.benefits.va.gov/vso.

    The governor’s legislative proposal is House Bill 6874, An Act Establishing Protections for Veterans From Benefits Claim Sharks. It is currently pending in the Committee on Veterans’ and Military Affairs.

    **Download: Fact sheet on Governor Lamont’s proposal to protect veterans’ disability benefits from claim sharks

     

    MIL OSI USA News

  • MIL-OSI Africa: Is Nigeria in danger of a coup? What the country should do to avoid one – political analyst

    Source: The Conversation – Africa – By Abdul-Wasi Babatunde Moshood, Senior Lecturer Department of Political Science, Lagos State University

    African countries have had nine successful military coups since 2020. In west and central Africa, there have been at least 10 coup attempts in the same period. Those of Niger, Mali, Burkina Faso, Gabon and Guinea were successful. A number of social, economic and political factors have been identified as responsible for the truncation of democracy in those countries.

    In this interview, The Conversation Africa asks political scientist Abdul-Wasi Babatunde Moshood, who has recently published research on preventing military coups in Nigeria, about what drives coups, whether those factors are present in Nigeria and what steps Nigeria could take to protect its democracy.

    What are the drivers of recent coups in Africa?

    One major reason is leaders who have used the idea of democracy to advance their own economic gains. The result is corruption, which has deepened the gap between the rich and the poor.

    While liberal democracy widens opportunity in developed countries, the reverse is the case in Nigeria, due largely to corruption and lack of effective leadership.

    Also, democracy in parts of Africa, including Nigeria, has not been able to advance development and make a positive impact on the people. To ringfence democracy from military intervention, it must advance development for the people.

    Another factor is the strategic importance of Africa, which has historically attracted foreign powers. With the partitioning of Africa in Berlin in 1884, European powers created spheres of influence which have continued to haunt many African countries.

    These strategic interests have continued to infiltrate politics and cause instability on the continent.

    In my recent work, I argued that foreign influence and strategic importance make coups more likely to occur in African countries including Nigeria.

    Just like coups in the post-independence era, some recent coups in west Africa have the fingerprints of foreign powers. For instance, Russia is implicated in the 2020 and 2021 coups in Mali and the Burkina Faso coup.

    The UK, the US, China and France are all interested in Africa. Since the expulsion of France from Burkina Faso, Mali and Niger, the former colonial power has been seeking another regional haven in Nigeria. This has raised suspicion in some quarters.

    Also, colonialism left a legacy of division between a country’s people and their army. Recruitment dislocated the previous warriors and empowered new ones. The military under colonialism was perceived by civilians as protecting the interests of the colonial ruling elite.

    In the post-colonial period, the military is perceived as protecting the interests of the African ruling elite. This arrangement goes on until the military, having been exposed to politics, decides to seize power for itself. Oftentimes, citizens give legitimacy to this kind of coup because they have always seen the political elite as self serving. Military coups in Sudan and Mali are examples of this.

    Are these factors present in Nigeria today?

    The sociopolitical and economic conditions that led to coups in other countries in west Africa are present in Nigeria.

    Nigeria is still largely divided along lines of clans and religion. Insecurity is at high levels across the country. The removal of the petrol subsidy has caused economic problems.

    Commodity prices have skyrocketed. Food inflation reached 40.75% in 2024 – its highest level in 25 years.

    The colonial legacy in Nigeria is still evident in the north versus south divide that plagues the country’s politics. Bad leaders exploit the division for their own selfish gain by using marginalisation rhetoric.

    Nigeria is still strongly tied to the apron strings of the western powers. This explains why Nigeria’s presidential aspirants prefer to go to Chatham House, London to speak rather than talk to the people they intend to lead.

    Nigeria’s President Bola Tinubu’s relationship with France is raising eyebrows in the country. The president recently signed new deals with France in the areas of renewable energy, transportation, agriculture and critical infrastructure. There are concerns because this is coming soon after nearly all former French allies in west Africa have broken ties with the European country.

    These factors often lead to increasing disaffection, which in turn can ignite a military takeover, as happened in Niger, Guinea and Gabon.

    How can a military comeback be prevented in Nigeria?

    Effective leadership would help reduce colonial legacies, improve democracy and mitigate foreign influence. This would foster confidence among dissimilar ethnic communities as policies towards inclusiveness and development of the country were implemented.

    Military professionalism would further specialise the military and give them focus. There should be less involvement of the military in politics.

    In peace time, the military can also be kept engaged as a service provider in agriculture, health and social work as done, for instance, in the US.

    Regional organisations like the Economic Community of West African States and the African Union should be proactive in condemning any derailment in democratic practices and values by political actors. They should not only react by imposing sanctions after a military takeover.

    Nigeria needs to think about developing a homegrown democracy as advocated by the late Claude Ake, the Nigerian political scientist.

    The process and method of democratisation should be affordable to all to participate. Democratic leaders must be scrutinised and their level of wealth ascertained before and after leaving office.

    Democratic institutions must be strengthened to prevent corrupt people from taking over offices. Democratic leaders in Nigeria and other African countries must seek indigenous solutions to their challenges.

    – Is Nigeria in danger of a coup? What the country should do to avoid one – political analyst
    – https://theconversation.com/is-nigeria-in-danger-of-a-coup-what-the-country-should-do-to-avoid-one-political-analyst-248281

    MIL OSI Africa

  • MIL-OSI Security: Defense News: USCGC Clarence Sutphin Jr. rescues seven mariners

    Source: United States Navy

    Following a distress signal from the mariners, the Coastguardsmen embarked a rigid-hull inflatable boat to offer assistance. After determining the vessel was no longer sea worthy, the Coastguardsmen brought the mariners back to their ship. Devastator provided back-up support during the operation.

    None of the mariners appeared to be injured.

    “Providing assistance at sea to mariners in distress is a core Coast Guard mission,” said Coast Guard Lt. Michael O’Dell, Clarence Sutphin, Jr.’s commanding officer. “It is inherently dangerous, but the team executed without hesitation – without fear – to extend their compassion to people in a dire situation. I’m incredibly proud of to be a part of this team.”

    Clarence Sutphin, Jr. is forward deployed to the U.S. 5th Fleet area of operations as part of Patrol Forces Southwest Asia. Devastator is an Avenger-class mine countermeasures ship also forward deployed to U.S. 5th Fleet. Both ships help ensure maritime security and stability in the Middle East region.

    The U.S. 5th Fleet area of operations encompasses about 2.5 million square miles of water area and includes the Arabian Gulf, Gulf of Oman, Red Sea and parts of the Indian Ocean. The expanse is comprised of 20 countries and includes three critical choke points at the Strait of Hormuz, the Suez Canal and the Strait of Bab al Mandeb at the southern tip of Yemen.

    MIL Security OSI

  • MIL-OSI Security: Defense News: Navy Region EURAFCENT sweeps Retention Excellence Awards for FY24

    Source: United States Navy

    Commander, Navy Region EURAFCENT, Naval Support Activity (NSA) Bahrain, Naval Support Activity Naples, Naval Air Station (NAS) Sigonella, Naval Support Activity Souda Bay, and Naval Support Facility (NSF) Deveselu all received retention recognition.

    The Retention Excellence Awards evaluation is conducted on 19 platforms and is earned by commands that meet or exceed their specified platforms’ reenlistment rate benchmarks and do not exceed their specified platforms’ attrition rate benchmarks for at least two quarters.

    Commander Navy Region Europe, Africa, and Central, Rear Adm. Brad Collins, remarked on the excellence and talent across the region at a time when it is most needed. Collins said, “We live in critical times, where threats to American security are ever-present. We rely heavily on our qualified, subject matter experts to ensure we answer the Nations call to deter, protect, and sustain a combat-ready force. Retaining skilled operators is of the highest importance at this critical juncture. ”

    NSA Bahrain not only received the REA for a seventh consecutive year but has also received the first Best-In-Class (BIC) distinction for the large installation category. NSA Bahrain achieved a 68% or higher retention rate and in honor of their achievement, they have been authorized to fly a blue pennant on their installation.

    In a press release, Capt. Zachariah Aperauch, commanding officer of NSA Bahrain, stated “Our installation earning the REA for the seventh straight year and first-ever best-in-class is a remarkable achievement; one that is shared by the entire team, from our most junior Sailors to our most senior leaders. The Navy is able to retain the highest-caliber talent because of this installation’s commitment to development and excellence.”

    Navy Region EURAFCENT received the Legacy REA, representative of their installations and have been authorized to fly a gold pennant. NSA Naples, NAS Sigonella, NSA Souda Bay, and NSF Deveselu met the criteria required for BIC consideration and have been authorized to fly a gold pennant on their installations, in recognition of their achievement.
    Each Sailor within Navy Region EURAFCENT, whether located in NSF Deveselu or NSA Souda Bay is an integral part of the larger mission.

    Collins stated, “The fervent commitment of the Sailors throughout the largest Navy Region, a region that spans three combatant commands, is needed to execute decisive and timely support. The Retention Excellence Awards are a testament to every Sailor’s dedication to the mission. Leadership’s ability to encourage retention along with the institutional knowledge and expertise that it preserves is what keeps our operations not only running but constantly improving.”

    The retention requirements to receive these awards take into account not only retention but also attrition rates, or Sailors who do not remain in the Navy for various circumstances. Each installation and command cannot exceed a certain percentage of attrition, based on a sliding scale of personnel density and makeup. For example, Sailors who have been in the Navy six years or less are considered ‘Zone A’ and an installation must remain at or below a 4% attrition rate amongst their 1-6 year Sailors in order to be eligible for the REA. Taking into consideration attrition rates ensures the data for retention accurately shows a positive trend in manning numbers.

    Navy Region EURAFCENT provides mission-critical logistics and support to the warfighter, their families, and the fleet across seven countries, enabling U.S., allied, and partner nation forces to be where they are needed, when they are needed to maintain security, stability, and freedom of navigation in the European, African, and Central Command areas of responsibility.

    MIL Security OSI

  • MIL-OSI Global: Is Nigeria in danger of a coup? What the country should do to avoid one – political analyst

    Source: The Conversation – Africa – By Abdul-Wasi Babatunde Moshood, Senior Lecturer Department of Political Science, Lagos State University

    African countries have had nine successful military coups since 2020. In west and central Africa, there have been at least 10 coup attempts in the same period. Those of Niger, Mali, Burkina Faso, Gabon and Guinea were successful. A number of social, economic and political factors have been identified as responsible for the truncation of democracy in those countries.

    In this interview, The Conversation Africa asks political scientist Abdul-Wasi Babatunde Moshood, who has recently published research on preventing military coups in Nigeria, about what drives coups, whether those factors are present in Nigeria and what steps Nigeria could take to protect its democracy.

    What are the drivers of recent coups in Africa?

    One major reason is leaders who have used the idea of democracy to advance their own economic gains. The result is corruption, which has deepened the gap between the rich and the poor.

    While liberal democracy widens opportunity in developed countries, the reverse is the case in Nigeria, due largely to corruption and lack of effective leadership.

    Also, democracy in parts of Africa, including Nigeria, has not been able to advance development and make a positive impact on the people. To ringfence democracy from military intervention, it must advance development for the people.

    Another factor is the strategic importance of Africa, which has historically attracted foreign powers. With the partitioning of Africa in Berlin in 1884, European powers created spheres of influence which have continued to haunt many African countries.

    These strategic interests have continued to infiltrate politics and cause instability on the continent.

    In my recent work, I argued that foreign influence and strategic importance make coups more likely to occur in African countries including Nigeria.

    Just like coups in the post-independence era, some recent coups in west Africa have the fingerprints of foreign powers. For instance, Russia is implicated in the 2020 and 2021 coups in Mali and the Burkina Faso coup.

    The UK, the US, China and France are all interested in Africa. Since the expulsion of France from Burkina Faso, Mali and Niger, the former colonial power has been seeking another regional haven in Nigeria. This has raised suspicion in some quarters.

    Also, colonialism left a legacy of division between a country’s people and their army. Recruitment dislocated the previous warriors and empowered new ones. The military under colonialism was perceived by civilians as protecting the interests of the colonial ruling elite.

    In the post-colonial period, the military is perceived as protecting the interests of the African ruling elite. This arrangement goes on until the military, having been exposed to politics, decides to seize power for itself. Oftentimes, citizens give legitimacy to this kind of coup because they have always seen the political elite as self serving. Military coups in Sudan and Mali are examples of this.

    Are these factors present in Nigeria today?

    The sociopolitical and economic conditions that led to coups in other countries in west Africa are present in Nigeria.

    Nigeria is still largely divided along lines of clans and religion. Insecurity is at high levels across the country. The removal of the petrol subsidy has caused economic problems.

    Commodity prices have skyrocketed. Food inflation reached 40.75% in 2024 – its highest level in 25 years.

    The colonial legacy in Nigeria is still evident in the north versus south divide that plagues the country’s politics. Bad leaders exploit the division for their own selfish gain by using marginalisation rhetoric.

    Nigeria is still strongly tied to the apron strings of the western powers. This explains why Nigeria’s presidential aspirants prefer to go to Chatham House, London to speak rather than talk to the people they intend to lead.

    Nigeria’s President Bola Tinubu’s relationship with France is raising eyebrows in the country. The president recently signed new deals with France in the areas of renewable energy, transportation, agriculture and critical infrastructure. There are concerns because this is coming soon after nearly all former French allies in west Africa have broken ties with the European country.

    These factors often lead to increasing disaffection, which in turn can ignite a military takeover, as happened in Niger, Guinea and Gabon.

    How can a military comeback be prevented in Nigeria?

    Effective leadership would help reduce colonial legacies, improve democracy and mitigate foreign influence. This would foster confidence among dissimilar ethnic communities as policies towards inclusiveness and development of the country were implemented.

    Military professionalism would further specialise the military and give them focus. There should be less involvement of the military in politics.

    In peace time, the military can also be kept engaged as a service provider in agriculture, health and social work as done, for instance, in the US.

    Regional organisations like the Economic Community of West African States and the African Union should be proactive in condemning any derailment in democratic practices and values by political actors. They should not only react by imposing sanctions after a military takeover.

    Nigeria needs to think about developing a homegrown democracy as advocated by the late Claude Ake, the Nigerian political scientist.

    The process and method of democratisation should be affordable to all to participate. Democratic leaders must be scrutinised and their level of wealth ascertained before and after leaving office.

    Democratic institutions must be strengthened to prevent corrupt people from taking over offices. Democratic leaders in Nigeria and other African countries must seek indigenous solutions to their challenges.

    Abdul-Wasi Babatunde Moshood receives funding from TETFUND Institution Based Research IBR, He is a Member of Academic Staff Union of University, Network for Democracy and Development NDD, among others. He is currently the Acting Head of Department of Political Science, Lagos State University.

    ref. Is Nigeria in danger of a coup? What the country should do to avoid one – political analyst – https://theconversation.com/is-nigeria-in-danger-of-a-coup-what-the-country-should-do-to-avoid-one-political-analyst-248281

    MIL OSI – Global Reports

  • MIL-OSI USA: Budd Leads Bipartisan Inquiry Into Chinese DeepSeek on Pentagon Devices

    US Senate News:

    Source: United States Senator Ted Budd (R-North Carolina)
    Washington, D.C. — Today, Senators Ted Budd (R-NC), Eric Schmitt (R-MO), Mark Kelly (D-AZ), and Tommy Tuberville (R-AL) sent a letter to Acting Chief Information Officer at the Department of Defense, Leslie A. Beavers, requesting information on, “how many Department employees connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application”.
    Read the text of the letter:
    We write to express our concern that Department of Defense (DOD) employees accessed the Chinese artificial intelligence application DeepSeek on their work devices and, as a result, Chinese servers.
    We understand that the National Security Council (NSC) is currently reviewing the national security implications of DeepSeek and expect this will be an ongoing conversation between Congress, the NSC, and relevant agencies. However, in the immediate term, we request that the Department provide information regarding potential impacts to the Defense Information Systems Network (DISN) and the Department of Defense Information Network (DODIN) of the recent incident.
    The office of the Director of National Intelligence’s 2024 Annual Threat Assessment states that “China remains the most active and persistent cyber threat to the U.S. Government, private-sector and critical infrastructure networks”. This is evidenced by the recent Salt Typhoon Hack, a breach of at least eight U.S. telecommunications providers, among many other reports of cyberattacks originating from China.
    It is also our understanding, based on the DoD’s Use of Mobile Applications 2023 report, that misuse of mobile applications on DoD personnel devices may not be simply a series of isolated incidents. While our immediate concern is to understand the impact of DoD employees’ access to DeepSeek on national security, we are also interested in understanding the DoD’s policy regarding mobile device applications to the end of ensuring we are diminishing cybersecurity risks associated with certain platforms.
    Therefore, we request answers to the following questions by no later than March 4, 2025.
    How many Department employees connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application?
    Has the DeepSeek app now been deleted from all DoD devices? If not, what steps will you take to ensure the DeepSeek app is removed from all DoD devices?
    What steps have been made to limit access on DoD devices to only those applications with a justified and approved need?
    What is the Defense Information Systems Agency’s (DISA’s) initial assessment about whether Chinese servers were able to access and exfiltrate sensitive information due to Department personnel use of DeepSeek?
    How has the use of the DeepSeek app by Department personnel impacted the operational and cybersecurity risks to the DISN as well as the DODIN?
    What guidance or training has DISA shared with Department employees regarding accessing Chinese AI app DeepSeek or any other Chinese-affiliated app?
    We understand that the Navy issued guidance against using open-source AI systems for official work. What guidance (if any) are the other services and/or the Department issuing to employees?
    What is DISA’s process for assessing which networks, websites and or applications have a connection to the People’s Republic of China and what are DISA’s standard operating procedures when made aware of such a connection?
    What action (if any) has been taken regarding the DoD employees who connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application?
    Have all of the recommendations from Management Advisory: The DoD’s Use of Mobile Applications (Report No. DODIG-2023-041) been implemented? If not, why not?
    Thank you for your consideration and we look forward to hearing from you and working with the Department of Defense to keep our networks safe from persistent cyber threats.

    MIL OSI USA News

  • MIL-OSI Security: London — Toys for the North 2024 brings joy to thousands of children in remote communities

    Source: Royal Canadian Mounted Police

    The holiday spirit was in full swing this season as the 14th annual Toys for the North campaign delivered over 28,000 toys to children in remote communities across Canada. Organized by the RCMP and supported by a network of dedicated partners, the campaign highlights the power of teamwork and generosity in spreading joy to underserved areas.

    This year’s effort was made possible through the collective work of numerous organizations and volunteers. After months of coordination, thousands of donated toys were collected at Thomson Terminals Ltd. in Toronto, where they were stored and packaged with care. From there, Gardwine, North Star Air, and the Royal Canadian Air Force (RCAF) ensured the toys reached their final destinations in Northern Ontario, Newfoundland and Labrador, Yukon, Northwest Territories, and Nunavut.

    In December, RCMP members got the best gift of all—delivering the toys to children, and spreading holiday cheer across Canada’s North. This incredible initiative provided over $615,000 worth of toys to communities, thanks to the Canadian Toy Association, Thomson Terminals Limited, North Star Air, Gardewine, and the RCAF, without whom this initiative would not be possible.

    Sgt. Angelique Dignard, who has led the campaign for the past three years, expressed her gratitude for the dedication and support of all involved: “It’s truly inspiring to see how much we can accomplish when we work together. Each toy delivered represents a moment of joy and a touch of magic for each child during the holiday season. Last year we were able to deliver gifts from coast-to-coast for the first time, and this year, we had our largest donation of toys to date. I’m incredibly proud of everyone involved, and on behalf of the communities, thank you to everyone for your generosity and hard work.”

    The Toys for the North campaign demonstrates the RCMP’s commitment to building meaningful connections with communities, particularly in remote and underserved regions.

    As this year’s campaign wraps up, the RCMP and its partners thank everyone who contributed their time, effort, and resources to bring holiday magic to thousands of children. Together, we’ve made a difference—one toy at a time.

    MIL Security OSI

  • MIL-OSI Security: Defense News: NUWC Division, Keyport embraces wartime readiness culture

    Source: United States Navy

    Led by NUWC Division, Keyport wartime readiness director Troy Kelley and chief logistician Wendy Kierpiec, the WRAT is focused on ensuring the command’s ability to anticipate and respond to warfighter needs across the entire spectrum of operations, from peacetime to active conflict. Its goal is to achieve initial operational capability for wartime readiness by Sept. 30, 2025.

    The team includes senior command leaders, technical experts from each department, and advisory and ad-hoc members with specialized subject matter expertise. Its work is part of a broader effort to shift the Navy’s focus from peacetime efficiency to wartime effectiveness, driven by the need to counter the growing potential for military and economic challenges from China between now and 2027, a period known as the “Davidson window.”

    This period takes its name from Adm. Phil Davidson, former commander of U.S. Indo-Pacific Command, who warned, in testimony to Congress four years ago, about the potential for China to take action against Taiwan by 2027.

    Kelley elaborated on the need to adopt a posture of wartime effectiveness.

    “Everything we [currently] do is about return on investment: How can we produce more with less and be the most efficient organization out there,” said Kelley. “When you get into a time of conflict, that measure flips the opposite way. Effectiveness becomes your measure.”

    To drive this shift, the WRAT has been developing wartime response plans, identifying and addressing readiness gaps, improving command communication, and establishing a crisis response center to coordinate and respond to wartime-related activities.

    Kierpiec, who developed the command’s wartime concept of operations and crisis response posture, emphasized the importance of being prepared for any scenario and the need for a flexible, adaptable response plan.

    “We haven’t had to tackle in so many decades, and since the end of the Cold War, we’ve downsized a lot of our military resources,” said Kierpiec. “As a result, we’re building the airplane as we’re flying it—we’re still figuring things out and developing our plans and processes in real time, which can be difficult, but it’s also an opportunity for us to be innovative and adaptable in our approach.”

    Kierpiec stressed the need to prepare for various wartime scenarios, including communication disruptions, damage or destruction to military assets, and contested environments where commercial transportation and shipping may be restricted, necessitating the use of other means to deploy personnel. She added that these challenges would likely be particularly pronounced in the context of a war in the Indo-Pacific Command area of operation, given its distance from Keyport.

    “We’ve got approximately 7,000 nautical miles between Keyport and the Straits of Taiwan,” said Kierpiec. “How do we overcome that from a logistics perspective? What’s the communication flow? Who would we be getting direction and orders from? How can we still provide our expertise to support the problem from stateside? Or should we be sending someone out there, and how do we get them out there? Do we have to get them on a military transport aircraft? Are they prepared to go in theater?”

    These are among the many questions the WRAT has been actively working to address through planning, exercises and drills.

    Held monthly in the CRC, the drills use realistic wartime scenarios to assess and refine the team’s communication strategies, response times and logistical capabilities. To simulate real-world conditions, they are unannounced and involve the use of secure communication channels and classified networks.

    Common scenarios include responding to an attack on a naval vessel, providing emergency repairs to a damaged ship, and supporting a large-scale military operation in a contested or degraded environment.

    Each of the command’s departments is represented during these drills, with key personnel assuming the roles of watch stander, battle watch captain and assistant battle watch captain. The watch stander monitors and reports on the command’s crisis response efforts, while the battle watch captain oversees the crisis response and provides strategic guidance, and the assistant battle watch captain supports the battle watch captain as needed.

    The team must work together to assess the situation, develop a response plan and allocate resources as needed. It is evaluated on its ability to collaborate, make decisions quickly and decisively, and communicate effectively both internally and with higher headquarters.

    Jeff Kistler, head of NUWC Division, Keyport’s Information Technology Support Services Branch, and Amy Abbott, the command’s emergency management officer, have been instrumental in establishing and maintaining the CRC. Kistler oversees its IT infrastructure, while Abbott manages its operational and procedural aspects.

    “We’ve spent hundreds of hours developing things that make us as lethal and prepared as possible,” said Abbott. “We’ve spent a lot of time really pulling apart the nuts and bolts of our processes. We’ve developed standard operating procedures, directives and desk guides, and we’ve developed them in such a way that anybody could walk in, sit at a departmental desk, open the book from page one and know what they’re doing without guidance.”

    Kistler stressed the CRC’s vital role in enabling the command to quickly respond to and support naval operations in real-world scenarios.

    “If we’re in a wartime scenario and there are casualties out in the fleet, we may be called upon to help get that ship back into the fight,” said Kistler. “[Providing that type of support] takes a lot of knowledge of what Keyport does, and that’s the kind of expertise that our personnel in the room collectively bring to the table.”

    Effective communication is crucial in such situations, and to this end, Kistler is tasked with ensuring the command’s communication systems are robust and reliable. This involves developing redundant communication paths, planning for continuity of operations in the event of disruptions or outages, and identifying and mitigating single points of failure in the CRC’s command and control systems.

    A key aspect of wartime readiness is the ability to anticipate ways in which one may need to pivot and redirect resources to address emerging priorities and gaps.

    “To support wartime efforts, we need to be able to pivot and change the way we conduct our business, prioritize our business and increase the tempo of our operations,” said Bryan Duffey, head of NUWC Division, Keyport’s Enterprise Systems Engineering Division and WRAT team lead for his division’s parent unit, the Fleet Readiness Department. “We need to be able to redirect resources to reinforce priority areas, increase op tempo areas, or leverage other technical capabilities and skills to fill emerging gaps.

    Duffey is responsible for ensuring his department is prepared to support the fleet during wartime. In the event of a conflict, this support would involve providing expeditionary repair capabilities and technical expertise for ship and submarine maintenance and repair.

    Among Kierpiec’s top priorities is identifying and addressing NUWC Division, Keyport’s readiness gaps and pivot points. The latter are capabilities the command has today that might need to be expanded or accelerated to support the warfighter.

    One pivot point of particular interest is NUWC Division, Keyport’s additive manufacturing capability.

    “We have a pretty a robust infrastructure in place for that,” said Kierpiec. “How would we respond to a request to do additive manufacturing for potentially a different customer? Maybe we get asked to make helicopter blades because [another customer] cannot for some reason. How could we rise to that occasion?”

    Wartime readiness gaps often stem from the challenges of operating in a contested or denied environment. These can include disruptions to communications and logistics, limited access to transportation and the need for rapid technical support to address emerging fleet requirements.

    According to program analyst Havalah Noble, WRAT team co-lead for the Unmanned and Theater Undersea Warfare Systems Department, the command is on track to meet its wartime readiness goals.

    “I feel like Keyport is ready and we will meet the NAVSEA and Navy goals of the Davidson window of 2027,” said Noble. “We’re perpetuating a culture of readiness now and there is urgency and dedication and vigilance in the practice, and it is important that we continue to do this work.”

    Command policy officer Melissa Berry, who oversees policy for the WRAT, agrees.

    “I think the clarity coming down from the Chief of Naval Operations and from NAVSEA on what we’re trying to accomplish, has really resonated with the team and provided a sense of urgency,” Berry said. “I am optimistic that come 2027, we will be in a strong place.”

    But the real goal of the 2027 target is not to get ready for war, but to make war unnecessary.

    “We want to demonstrate that our Navy is prepared to fight a war in 2027, but obviously our goal is to not have to do that,” said Jack Smith, lead exercise planner for the Naval Sea Systems Command’s Warfighting Readiness Directorate and a WRAT team lead for the Undersea Weapons Department. “We want to demonstrate the strength and the capability, so that potential enemies decide that 2027 is not when they want to fight a war.”

    Abbott emphasized the importance of wartime preparedness not just at work, but also at home.

    “We need to be thinking not only about how we support our warfighters who are out there on the water, but also how we support our brothers, our sisters, our husbands, our wives and other family members out there,” said Abbott. “This means being prepared at home, having discussions with our families, and having a plan in place, so that we can take care of our loved ones and be the best asset we can be for our warfighters in a time of crisis.”

    Abbott recommends having an emergency kit, establishing local emergency contacts, drafting powers of attorney for children’s care, and planning for how to manage everyday responsibilities such as school schedules and childcare in the event of a crisis.

    For additional resources and guidance on emergency preparedness, visit Ready.gov.

    Naval Undersea Warfare Center Division, Keyport is headquartered in the state of Washington on the Puget Sound, about 10 miles west of Seattle. To provide ready support to Fleet operational forces at all major Navy homeports in the Pacific, NUWC Division, Keyport maintains detachments in San Diego, California and Honolulu, Hawaii, and remote operating sites in Guam; Japan; Hawthorne, Nevada; and Portsmouth, Virginia. At NUWC Division, Keyport, our diverse and highly skilled team of engineers, scientists, technicians, administrative professionals and industrial craftsmen work tirelessly to develop, maintain and sustain undersea warfare superiority for the United States.

    Are you ready to join one of the largest and most dynamic employers in Kitsap County? We are continually hiring engineers, scientists and other STEM professionals—as well as talented experts in business, finance, logistics and support roles—so if you are eager to be at the forefront of undersea research and development, we want you on our team. Explore our exciting job opportunities at nuwckeyport.usajobs.gov and take the first step toward building your career at NUWC Division, Keyport.

    MIL Security OSI

  • MIL-OSI Global: Is Donald Trump on a constitutional collision course over NATO?

    Source: The Conversation – Canada – By Aaron Ettinger, Associate Professor, International Relations, Carleton University

    Over the past few weeks, United States President Donald Trump has let loose a flurry of executive orders aiming to impose the MAGA agenda unilaterally.

    The legal challenges and judicial stays that have followed speak to the degree to which the limits of presidential authority are at risk in America. These limits include the making and breaking of international treaties.

    In the crosshairs is NATO, the very existence of which is threatened by Trump more than anything else.



    Read more:
    Allies or enemies? Trump’s threats against Canada and Greenland put NATO in a tough spot

    But can he sign an executive order and unilaterally denounce the North Atlantic Treaty — which forms the legal basis of NATO — or any international treaty, for that matter? The answer is uncertain, but perhaps not for long.

    Vice President J.D. Vance has stated on social media that “judges aren’t allowed to control the executive’s legitimate power,” suggesting that Trump won’t be checked or balanced by the judiciary or other branches of government. This sets up a high stakes battle over the limits of “legitimate” presidential authority.

    Any unilateral termination of the North Atlantic Treaty would likely end up in the U.S. Supreme Court. This question therefore is about more than just NATO. It’s about the power of the presidency to override Congress, ignore courts, terminate treaties and reshape the international order.

    How to quit an alliance

    To leave NATO, all a member needs to do is say so. Article 13 of the North Atlantic Treaty lays out simple instructions: give notice of denunciation to the U.S. government, which will then tell the other members. Basically, Trump can inform himself and likely post something to social media and the one-year countdown clock begins.

    But can Trump unilaterally withdraw from NATO in a way that’s constitutional? This is where things get ambiguous.

    The more appropriate question is: “Can the U.S. president unilaterally terminate an act of Congress?”

    The U.S. Constitution requires that international treaties have the “advice and consent” of “two-thirds of senators present” to become law. America’s adoption of the North Atlantic Treaty of 1949 followed this process. But on treaty termination, the constitution is silent.

    This is remarkable because the U.S. has been terminating treaties since 1798. Naturally, the authority over treaty termination has been debated for just as long.

    The arguments boil down to this: if treaties are regarded as analogous to domestic law, then Trump needs the consent of two-thirds of the Senate to terminate the North Atlantic Treaty.

    If the domestic analogy is rejected or treaties are regarded as falling under the vested powers of the presidency — or as giving the president wiggle room to suspend elements of the agreement — then Trump can do what he wants.

    The Supreme Court’s stance

    Does the Supreme Court have anything to say? No, and deliberately so.

    In 1979, the court dismissed a suit brought by Sen. Barry Goldwater against President Jimmy Carter after Carter terminated a 25-year-old mutual defence treaty with Taiwan. The court dismissed the case as a non-justiciable political question.

    A similar outcome occurred in 2002 when President George W. Bush unilaterally withdrew from the Anti-Ballistic Missile treaty with Russia. Members of Congress filed suit, but the case was dismissed by a federal court on the same grounds.

    What we have now is a practice of treaty termination that is governed by the norms of shared power over foreign policy between Congress and the presidency, exactly the kind of guardrails that Trump loves to ignore.

    So it seems that Trump could have a path to denouncing the North Atlantic Treaty. But there’s a twist.

    The Marco Rubio twist

    At the end of 2023, Congress passed the Defense Department budget that included a provision meant to forestall any unilateral withdrawal from NATO.

    Buried deep in the 974-page National Defense Authorization Act is a provision that prohibits the president from “suspending, terminating, denouncing, or withdrawing” from NATO “except with the advice and consent of 2/3 of the Senate.” That clause, spearheaded by then-senator and current Secretary of State Marco Rubio, is critical because of a court decision that’s nearly as old as NATO itself.

    In 1952, in the Youngstown Sheet & Tube Co. v. Sawyer case, the Supreme Court clarified the parameters on executive power. It argued presidential authority on any matter is “is at its lowest ebb” when working against congressional authority.

    The Rubio clause may be the exact constitutional authority that stops Trump in his tracks. But stay tuned: this is all subject to change.

    What’s next?

    In 2025, the conditions for unilateral withdrawal seem to align perfectly for Trump: constitutional ambiguity, antiquated norms of polite governance and deferential courts.

    It might seem that Trump could denounce the North Atlantic Treaty with a few thumbstrokes, but that obscure provision in the Pentagon budget changes things. Any unilateral denunciation of NATO by Trump would set him on a collision course with Congress, and the matter would rocket toward the Supreme Court.

    So far, though, Trump hasn’t raised the spectre of termination. Instead, he has been more interested in increasing the NATO defence spending target to five per cent of GDP, up from two per cent, a requirement that would be difficult for many members to meet.

    It’s possible that including that language in the next NATO summit declaration would be enough for Trump. He’d look tough without the constitutional fight at home. Supporters of NATO, the durability of U.S. treaties and the separation of powers in America can only hope that will be enough.

    Aaron Ettinger does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

    ref. Is Donald Trump on a constitutional collision course over NATO? – https://theconversation.com/is-donald-trump-on-a-constitutional-collision-course-over-nato-248363

    MIL OSI – Global Reports

  • MIL-OSI Global: How medical treatments devised for war can quickly be implemented in US hospitals to save lives

    Source: The Conversation – USA – By Vikhyat Bebarta, Professor of Emergency Medicine and Medical Toxicology, Pharmacology, University of Colorado Anschutz Medical Campus

    Military medicine moves faster than traditional research. Tech. Sgt. Darius Sostre-Miroir/920th Rescue Wing

    For decades, military doctors faced a critical challenge: What’s the best way to safely and effectively deliver oxygen to patients in remote combat zones, rural hospitals or disaster-stricken areas?

    Oxygen tanks are heavy, costly and dangerous in combat zones. A direct hit from a missile or a bullet can turn a lifesaving resource into a deadly hazard.

    Marine Corps Gen. Ernest T. Cook once said, “Logistics is the hard part of fighting a war.” It goes beyond oxygen. For deployed U.S. troops, the supplies available during combat for treating wounded soldiers can mean the difference between life and death.

    The Department of Defense turned to us, military physicians and academic researchers in military medicine at the University of Colorado Center for COMBAT Research, to study whether the military needs to bring oxygen to the battlefield for soldiers – and, if so, how much.

    This approach to research is known as a military-civilian partnership. These partnerships aim to save lives on the battlefield. But they also save lives across the U.S. by turning military medical gains into better health care for all.

    Innovation and agility

    In the civilian world, it takes 17 years on average for a research discovery to change medical practice. One of the most well-known examples of this is the use of tranexamic acid for trauma patients. Tranexamic acid is injected to stop bleeding during surgery or after trauma. It was discovered in 1962 but not approved by the FDA until 1986. It wasn’t used for traumatic bleeding until 2012.

    The changing nature of war and threats against U.S. forces require military medicine to move faster. Injuries and infections in combat push researchers to find better ways to save lives, often faster than in civilian health care.

    Military medicine must move quickly to keep up with the pace of war.
    Contributor/Anadolu via GettyImages

    At the center, scientists work side by side with military medical teams to study, develop and test solutions tailored for the battlefield.

    Whether it’s addressing oxygen use, traumatic brain injuries, burn treatments or trauma care, these partnerships allow military and civilian researchers to translate discoveries into practice rapidly.

    Rethinking oxygen

    The immediate administration of oxygen to an injured or ill patient has long been a cornerstone of trauma and burn care. The logic seemed simple: When patients are in shock or have severe injuries, their bodies struggle to get enough oxygen, so doctors provided extra.

    Our research, and that of others, found that too much oxygen can actually be harmful. Excess oxygen triggers oxidative stress – an overload of unstable molecules called free radicals that can damage healthy cells. That can lead to more inflammation, slower healing and even organ failure.

    In short, while oxygen is essential, more isn’t always better.

    We conducted a series of military-civilian collaborative trials called Strategy to Avoid Excessive Oxygen, or SAVE-O2. We discovered that severely injured patients often require less oxygen than previously believed. In fact, little or no supplemental oxygen is needed to safely care for 95% of these patients.

    This finding challenges decades of conventional medical wisdom. It will reshape how medical professionals approach critical care in not only military settings, but civilian hospitals as well.

    Within a year of presenting our findings to military medical leaders, these insights have already influenced changes and updates to patient care guidelines, medic training and even decisions on medical equipment purchases.

    To build on our findings, we’ve launched a trial to study the use of artificial intelligence to automate oxygen delivery. This military-funded study could provide better care for wounded soldiers in remote combat zones and for injured civilians in ambulances or rural hospitals before they reach large referral and trauma centers.

    An oxygen mask that uses artificial intelligence could help medics in rural combat zones and rural U.S. hospitals.
    John Moore/GettyImages

    In rural or remote areas of the U.S., access to supplemental oxygen can be limited due to supply chain challenges, high costs and shortages. This is particularly true in small hospitals and affects first responders after a natural disaster or accident. In the intensive care units of these hospitals, using oxygen more efficiently could preserve limited oxygen supplies for patients who need it.

    Prolonged casualty care: A new frontier

    While researching oxygen needs in combat zones, we realized another pressing issue: the challenges of prolonged casualty care. During a conflict, military medics often need to treat critically injured soldiers for hours or even days before the wounded person can be evacuated.

    In a future conflict with a “near-peer” adversary such as China or Russia, the U.S. may not have the ability to evacuate wounded troops quickly. Without reliable helicopter or airplane transport, many casualties may not reach trauma care within the “golden hour.” This is the critical first 60 minutes after a severe injury, when rapid treatment is essential.

    The ongoing war in Ukraine illustrates the challenge of prolonged casualty care. In hospitals across Ukraine, doctors are increasingly having trouble treating the wounds of civilian and military patients because of rising antibiotic resistance.

    Future military conflicts in the Indo-Pacific regions will present similar challenges, including long patient transport times and concerns about wound infections due to prolonged casualty care.

    However, this challenge isn’t unique to the battlefield. Prolonged casualty care also happens in civilian crises. For example, during a natural disaster, emergency responders must manage patients without quick access to hospitals.

    Once patients are treated in the field or in disaster scenarios, providers must often sustain care with limited resources. They have to prioritize essential interventions, minimize resource use and stabilize patients for eventual transfer to higher levels of care.

    Innovation in health care thrives on collaboration. Military-civilian partnerships are one way to advance medical solutions faster and more effectively. These innovations save lives in combat, improve care and allow us to apply our 98% survival rate in war to our trauma centers, rural hospitals and disaster zones in the U.S.

    The views expressed in this publication are those of the author and do not necessarily reflect the official policy or position of the Department of Defense (DoD), the United States Government, or any of its agencies. The appearance of external links or mention of specific commercial products does not constitute endorsement by the DoD.

    Adit Ginde receives research funding from the U.S. Department of Defense. The views expressed in this publication are those of the author and do not necessarily reflect the official policy or position of the Department of Defense (DoD), the United States Government, or any of its agencies. The appearance of external links or mention of specific commercial products does not constitute endorsement by the DoD.

    Arthur Kellermann previously served as dean of the school of medicine at the Uniformed Services University of the Health Sciences. His views are his own and do not neccessarily represent those of the U.S. Department of Defense.

    ref. How medical treatments devised for war can quickly be implemented in US hospitals to save lives – https://theconversation.com/how-medical-treatments-devised-for-war-can-quickly-be-implemented-in-us-hospitals-to-save-lives-247752

    MIL OSI – Global Reports

  • MIL-OSI Video: THIS WE’LL DEFEND! HOOAH!

    Source: US Army (video statements)

    : AMVID

    Do you serve? Have you served? What was your MOS?

    About the U.S. Army:
    The Army Mission – our purpose – remains constant: To deploy, fight and win our nation’s wars by providing ready, prompt & sustained land dominance by Army forces across the full spectrum of conflict as part of the joint force.

    Interested in joining the U.S. Army?
    Visit: spr.ly/6001igl5L

    Connect with the U.S. Army online:
    Web: https://www.army.mil
    Facebook: https://www.facebook.com/USarmy/
    X: https://www.twitter.com/USArmy
    Instagram: https://www.instagram.com/usarmy/
    LinkedIn: https://www.linkedin.com/company/us-army
    #USArmy #Soldiers #Military #Army250

    https://www.youtube.com/watch?v=eQt8KvQi4eo

    MIL OSI Video

  • MIL-OSI: Hobson & Company Analysis of KnowBe4 Finds 200-400% ROI in Reducing Human Risk

    Source: GlobeNewswire (MIL-OSI)

    Tampa Bay, FL, Feb. 19, 2025 (GLOBE NEWSWIRE) — KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released the findings from a new report from Hobson & Company titled “From Risk to Return: How KnowBe4 Helps Deliver Measurable ROI”.

    Despite multiple security layers, breaches remain costly, with IBM reporting a 10% increase in the average data breach cost, reaching $4.88 million in 2024.

    The independent analysis from Hobson & Company found that organizations implementing KnowBe4’s Human Risk Management platform can achieve payback in just 3.5 months. For a typical organization with 2,000 employees,  KnowBe4 delivered over $537,000 in operational savings and $415,500 in reduced risk exposure over three years.

    “In today’s evolving threat landscape, organizations cannot afford to overlook the human element of cybersecurity,” said Stu Sjouwerman, CEO, KnowBe4. “This new research shows that organizations implementing comprehensive security awareness training and phishing simulation programs are seeing dramatic returns on their investment. With cyber threats becoming more sophisticated through AI-driven social engineering, the ability to transform employees from a potential vulnerability into a strong human firewall has never been more critical.”

    Key findings from the study include:

    • 80% reduction in time spent delivering security awareness training
    • 95% reduction in time spent conducting phishing simulations
    • 85% reduction in time investigating and remediating malicious emails
    • 25% decrease in risk of data breaches and ransomware attacks
    • The monthly cost of delaying the implementation of KnowBe4 would be $19,000
    • 20% decrease in cyber insurance premiums and potential compliance fines 

    To download the report, visit https://www.knowbe4.com/resources/whitepapers-and-ebooks/risk-to-return-how-knowbe4-delivers-roi

    About KnowBe4
    KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization’s biggest asset.

    The MIL Network