InfraGard is a non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to prevent hostile acts against the United States. InfraGard's mutual nondisclosure agreements among its members and the FBI promotes trusted discussions of vulnerabilities and solutions that companies and individuals may be hesitant to place in the public domain and provide access to additional threat information from the FBI.
History
InfraGard began in the Cleveland, Ohio, Field Office in 1996, and has since expanded to become a national-level program, with InfraGard coordinators in every FBI field office. Originally, it was a local effort to gain support from the information technology industry and academia for the FBI's investigative efforts in the cyber arena, but it has since expanded to a much wider range of activities surrounding the nation's critical infrastructure. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center directed by RADM James B. Plehal and to the FBI's Cyber Division in 2003. Since 2003, InfraGard Alliances and the FBI said that they have developed a TRUST-based public-private sector partnership to ensure reliability and integrity of information exchanged about various terrorism, intelligence, criminal, and security matters. It supports FBI priorities in the areas of counterterrorism, foreign counterintelligence, and cybercrime.
Purpose
InfraGard is focused on protecting the 16 critical infrastructures outlined by Presidential Directive 21: Critical Infrastructure Security & Resilience by sharing threat information, assisting the FBI in finding and prosecuting those who attack critical infrastructure through physical or cyber means, provide training for active shooter scenarios, cyber defense, and any other threats against the nation. The organization is committed to providing the tools and resources needed by those who own and operate the nation's critical infrastructure to protect their enterprises and maintain the services necessary for a safe and prosperous nation.
Information sharing
InfraGard chapters also participate to assure that the critical infrastructure owners and operators—estimated at 85% private sector—are engaged and represented in local and regional planning efforts. Working on all 16 critical infrastructure sectors, the organization provides resources and information not only on prevention, but also on building resilience and response capabilities.
Training
InfraGard chapters around the nation also provide cyber and physical security training sessions that focus on the latest threats as identified by the FBI. Sessions include threat briefings, technical sessions on cyber and physical attack vectors, response training, and other resources to help CISOs and CSOs protect their enterprise. InfraGard approaches threats to critical infrastructure from both a tactical and strategic level, addressing the needs of those on the front lines of security as well as those decision makers tasked with assessing their enterprise's vulnerabilities and allocating resources to protect it. The information sharing between the organization and government has been criticized by those protecting civil liberties, concerned the membership would be surrogate eyes and ears for the FBI. The group has also been the subject of hacking attacks intended to embarrass the FBI. Local chapters regularly meet to discuss the latest threats or listen to talks from subject matter experts on security issues, with membership open to U.S. citizens at no cost. As of July, 2012, the organization reported membership at over 54,677.
Critical infrastructure
InfraGard focuses on the development, management and protection of critical infrastructure. InfraGard has a nationwide focus group that reviews threats that could disrupt critical infrastructure nationwide for a month or more named the electromagnetic pulsespecial interest group. This is an all-hazards approach that looks at manmade and natural electromagnetic pulse, cyber attack, coordinated physical attack, pandemics or insider threats and mitigating actions that could minimize such threats. Mitigation strategies include hardening and prevention strategies in addition to the development of local infrastructure that could make local communities more robust and sustainable.
Civil liberties
Partnerships between government agencies and private organizations has its critics. Concerned about civil liberties, the American Civil Liberties Union warned that there "is evidence that InfraGard may be closer to a corporate TIPS program, turning private-sector corporations — some of which may be in a position to observe the activities of millions of individual customers — into surrogate eyes and ears for the FBI". Concluding that "any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future." While others describing Infragard state "the architecture of the Internet—and the many possible methods of attack— requires governments, corporations, and private parties to work together to protect network security and head off threats before they occur." Responding to the ACLU criticism, Chairwoman Kathleen Kiernan of the InfraGard National Members Alliance denies that InfraGard is anything but beneficial to all Americans stating "It's not an elitist group in any way, shape or form," she says. "We're out there trying to protect everybody. Any U.S. citizen on the planet is eligible to apply to InfraGard."
In 2011, LulzSec claimed responsibility for attacking chapter websites managed by local members in Connecticut and Atlanta, in order to embarrass the FBI with "simple hacks". The group leaked some of InfraGard member e-mails and a database of local users. The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS", accompanied with a video. LulzSec has posted the following message regarding the attack: