THE NATIONAL INFRAGARD PROGRAM
Guarding the Information Infrastructure

Contributed by The Federal Bureau of Investigation

Introduction

The National InfraGard Program began as a pilot project in 1996, when the Cleveland FBI Field Office asked local computer security professionals to assist the FBI in determining how to better protect critical information systems in the public and private sectors. From this new partnership, the first InfraGard Chapter was formed to address both cyber and physical threats.

As part of its mission, the NIPC conducts outreach and information sharing with the public and private-sector owners and operators of critical infrastructures. The National InfraGard Program is now an essential part of the NJPC’s outreach efforts. The Program establishes a mechanism for two-way information sharing about intrusion incidents and system vulnerabilities and provides a channel for the NIPC to disseminate analytical threat products to the private sector.

The NIPC, in conjunction with representatives from the private industry, the academic community, and the public sector, further developed the “InfraGard” initiative to expand direct contacts with the private sector infrastructure owners and operators and to share information about cyber intrusions, exploited vulnerabilities, and infrastructure threats. The initiative, encouraging the exchange of information by government and private sector members, continued to expand through the formation of additional InfraGard chapters, within the jurisdiction of each FBI Field Office. All 56 field offices of the FBI have opened an InfraGard chapter, with hundreds of company members across the nation.

PROGRAM OBJECTIVES

The National InfraGard Program is designed to address the need for a private and public-sector information sharing mechanism at both national and local levels. Its objectives are as follows:

• Provide members a forum for education and training on infrastructure vulnerabilities and protection measures

• Provide members prompt, value-added threat advisories, alerts, and warnings

• Ensure the protection of computer intrusion/threat data shared among InfraGard members, FBI Field Offices, and the NIPC through compliance with proprietary, legal, and security requirements

• Increase the quantity and quality of infrastructure intrusion/threat reports provided to local FBI Field Offices (for investigation and follow-up) and the NIPC (for national-level analysis)

• Increase interaction and information sharing among InfraGard members, their associated local FBI Field Offices, and the NIPC, on infrastructure threats, vulnerabilities, and interdependencies.

PROGRAM SERVICES

The National InfraGard Program provides four basic capabilities or services to its members. Members of InfraGard participate in local chapter activities; have access to an Alert Network to voluntarily report actual or attempted illegal intrusions, disruptions, and vulnerabilities of information systems; can access a Secure InfraGard Website with recent information about infrastructure protection; and can call the Help Desk at the NIPC to ask questions about the program. These services establish secure communications among members and facilitate the cooperative effort for which InfraGard was founded.

LOCAL CHAPTER ACTIVITIES

Each InfraGard chapter develops a specialized program that addresses the unique needs of the local membership. Representatives from the local FBI Field Office assist InfraGard members in identifying their infrastructure protection concerns and needs. The following list illustrates some of the activities that Local Chapters may offer:

• Seminars and conferences on infrastructure protection

• Regular chapter meetings where members present discussion topics

• Infrastructure protection education and training

• A local newsletter

• A Contingency Plan for using alternative systems in the event of a successful large scale attack on the information infrastructure

• A Cyber-Awareness campaign for members and nonmembers.

THE ALERT NETWORK

The Alert Network is designed to provide each InfraGard member with a mechanism to voluntarily notify the FBI in the event of a physical or cyber attack. When a member determines that a report is appropriate, the member can use encryption technology furnished by the NIPC to send two descriptions of the incident to the NJPC:  

• A ‘sanitized’ description of the incident provides relevant information but does not   identify the victim member. At the member’s option, this description is furnished by the NJPC to other InfraGard members who have signed a non-disclosure agreement. If the member agrees it could also be provided to the public so that they may take action to protect their own systems.  
  

• A detailed description of the incident gives the NJPC information about the     victim’s identity and enough background to conduct an in-depth analysis of the threat. The FBI uses the detailed report to determine if an investigation is warranted.  

The NIPC also takes information supplied by the members of InfraGard, the Intelligence Community, and criminal investigative sources to produce periodic threat reports for InfraGard members.

INFRAGARD SECURE WEB SITE

The InfraGard Secure Website provides members with information about recent intrusions, research related to infrastructure protection, and the capability to communicate securely with other members. The Website has the following features:

• What’s New 

• Real-time information about infrastructure protection

• Sector News 

• Critical Infrastructure related links, recent news articles and press releases

• Chapter 

• News Internal links for each chapter to post chapter-specific information

• Discussion Groups 

• A secure, integrated electronic discussion group capability

• Related Links 

• External links to NIPC Web Page and additional infrastructure protection resources

• Archives and Research 

• Internal links to recent intrusion summaries, computer security technical papers, and hacker case summaries

• Contact/Feedback 

• Links to all FBI Field Offices and the National InfraGard Program Office can be found at  www.fbi.gov
  
  

• To email the Infragard program go to: [email protected]

INFRAGARD PUBLIC WEBSITE

Please visit the InfraGard public website at www.infragard.net

This site provides the most complete picture of the latest InfraGard initiatives and activities and helpful contact information for local InfraGard chapters across the country.

Visit Author's Web Site

Disclaimer

The Business Forum, its Officers, partners, and all other
parties with which it deals, or is associated with, accept
absolutely no responsibility whatsoever, nor any liability,
for what is published on this web site.    Please refer to: