•1

DEPA

RTMEN

T OF JUSTICE

FEDERAL BUREAU OF IN

VEST

IGATION

FIDELITY

BRAVERY

INTEGRITY

APWA International Congress and Exposition 2005

InfragardSunday September 11, 200PM

Presented byNorman Arendt, CHS-III, PhDShort Elliott Hendrickson Inc.

Board of Directors Infragard Western Wisconsin

Benefits to You to Participate

The Threat What is Infragard

Overview

• The Threat• Critical Infrastructures • Presidential Decision Directive 63• The National Infrastructure

Protection Center• The National InfraGard Program

•2

Strategy ComponentsCyber Security Awareness– Support for National Initiative

Strong Cryptography– Digital Signature– Encryption

Good Security-Enabled Commercial Information TechnologyGlobal Security Management InfrastructureDefense Infrastructure– National Attack Sensing & Warning Capability– Coordinated Response Mechanisms

National Information Assurance

Coupled With

andInternationalAgreements

EnablingNational

Legislation

You are here. They are somewhere.

toU.S. Information and Systems

GROWINGIN NUMBER ANDSOPHISTICATION

•3

If your organization is not susceptible to natural disasters, doesn’t compete

with foreign companies, uses no computers, produces no information or

products of value, has no enemies, and all your past and present

employees are happy and loyal, then congratulations

-- you are

THREAT - FREE!!

state sponsoredactivity

developing nations

criminal elements

non-traditionalterrorists hackers

insiders

WHY TARGET AMERICA?

Insight Magazine

U.S. Holds 70% Of World’s Intellectual Property

Leads In R&D By Spending $125B Annually, And Will

Spend Another $2 Trillion In Research Over Next 10 Years

•4

Allah the almighty legislated the permission and the option to take revenge. Thus if we are attacked then we have the right to attack back. When they destroy our villages and towns then we have the right to destroy their villages and towns. If they steal our wealth then we have the right to destroy their economy. And when they kill our civilians, then we have the right to kill theirs.– Letter to America, Osama bin Laden

Terrorist GroupsOsama’s actions on 9-11

Al QaedaHizballahHAMASArmy of the Pure Lash-e-TaibaALF and ELFFALNThe Secrete Army for Justice – AnthraxTSA (Terrorist Support Agency – FAA Special Agent Steve Elson)

9-11Vigilant Guardian/ WarriorNorthern VigilanceNORADPresident’s ActionsLIHOP (let it happen on purpose)WTC7 – FBI, CIA, DoD Store RoomsMASCAL – Pentagon – 341NRO – Jet into building

•5

MethodologyGather informationKidnappingAssassinateFreeing captured brothersSpreading false rumorsBlasting and destroying places of amusementBlasting and destroying embassiesBlasting and destroying bridges

Weapons

Cold steel weaponsPoisonsPistols and riflesExplosivesSpecial weaponsCyber

Surveillance - IndividualName, age, residenceWorkDepartureReturnRoutesHow he spends free timeFriends and their addressesCar

•6

Surveillance - IndividualWife’s workChildren schoolPhysicianStores where he shopsPlaces where he vacationsHouse detailsWays of sneaking into the houseArmed

Surveillance - IndividualStreet widthsTransportation to placeThe area – physicalTraffic signalsSecurity PersonnelNearby embassies etcEconomic characteristics of areaLightingCharacteristics of the place

AppearanceNot reveal true nameAppearance not IslamicDon’t use common expressionsAvoid Islamic placesCarry falsified documentsHave protection preceding visitKnowledge of those around himMaintain familyNo to letters and messengers

•7

Information

Public sourcesRecordingPhotographyInterrogationBurglaryDruggingSurveillance

Public Sources

NewspapersMagazinesOfficialParty (meetings with officials)Radio and Television

Information - Covert

Information about government personnelInformation about strategic buildingsDrawingDescriptionPhotograph – panoramic

•8

Speculating on Cyber Attacks

As a blended fashionCyber only Why no reports

Concern over securityLack of insight into identityLimits on law enforcementPerception of targetPerception of resultsTried and true

Why Potential Will Grow

Symbolic victoriesMedia attention – first of kindForce multiplier –chaos/vulnerabilitiesEconomic damageTerrorist innovationSCADA weaknesses

Blended Attacks

Cyber to Exacerbate Physical

Cyber to Facilitate Physical

Physical to Exacerbate Cyber

Physical to Facilitate Cyber

•9

SCADA Security

ComplexOutdated computer systemsHave inherent security problems and weaknessesNo built in security

Nation’s Infrastructure

Crowded SchoolsTraffic Choked RoadsTransit Cutbacks12 Infrastructures per ASCE slipped to a D-

The Beginning1976 – Warning to Cheney (Pres. Ford)1996 – PCCIP1996 – InfraGard - Cleveland1997 – EPA1998 - NIPC1998 - ISACs – PDD 632002 – Public Health Security and Bioterrorism Preparedness and Response Act

•10

What Can You Do?

Join InfragardNIMS – www.fema.gov/nimcastNRPAre You ReadyISACBe Aware of the ThreatsDesign Accordingly

InfraGard

“ A cooperative undertaking between the U.S. Government (the FBI) and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of United States critical infrastructures. “

Critical Infrastructures

Services so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States.

- Executive Order 13010

•11

MODEM

SATELLITE

COMPUTER

FAX

PHONE

PAGER

MICROWAVE

CABLE

PALM PILOTCELL PHONE

Vulnerabilities:A New Dimension

• Physical vulnerabilities are known

• Cyber vulnerabilities are growing and are not well understood

•12

THE ENVIRONMENT:VOLUME, VELOCITY, AND VARIETY

Every Minute: 5 Million E-mails are sent

Every Hour: 35 Million VoiceMail messages are left

Every Day: 50,000 new wireless users join existing 200 million-plus and 37 Million users log into the Internet

Every Week: 630,000 phone lines are installed

Every 100 Days: Internet traffic DOUBLESSource: Lucent Technologies

PDD-63: Organizational Diagram

Secretary----------------------------------

Deputy Secretary

Under SecretaryScience and Technology

Under Secretary Information Analysis and Infrastructure Protection

Under SecretaryBorder &

Transportation Security

Under Secretary Emergency

Preparedness and Response

Under SecretaryManagement

Inspector General

Director of theSecret Service (1)

Commandant ofCoast Guard (1)

Director, Bureau of Citizenship & Immigration Services (1)

General Counsel

State and Local Coordination

Special Assistant to the Secretary(private sector)

National Capital Region Coordination

Shared Services

Citizenship & Immigration Service

Ombudsman (1)

Legislative Affairs

Public Affairs

Civil Rights and Civil Liberties

Department of Homeland Security

Chief of StaffPrivacy Officer

International Affairs

Counter Narcotics

Small & Disadvantaged Business

Executive Secretary

•13

NIPC is now known as the Department of Homeland

Security Information Analysis and Infrastructure Protection

IAIP for short

InfraGard

A Government and Private Sector Alliance

Why InfraGard?

• Presidential Decision Directive 63

• Vulnerability information not always being shared by owners and operators

• Computer expertise is identified and enhanced

• Relationships are established between private industry and government agencies

•14

Why InfraGard?

• Most infrastructure components are privately owned

• Both sectors have wealth of information to be shared

• Systems are interconnected

• Reliance on automation is increasing

Why InfraGard?

• Tools to do harm are widely available and do not require technical skill

• Globalization increases exposure

• Sophisticated systems exist in the hacker community

• Victims do not report cyber intrusions

Membership

• Interest in infrastructure protection

• Commitment to participate and assist other members

• Pledge to maintain sensitive information as confidential

• Signing of membership agreements

•15

• Forum for members to communicate • Prompt dissemination of threat

warnings • Help in protecting computer systems • Education and training on

infrastructure vulnerabilities • A community that shares information

in a trusted environment

Benefits to Members

• More intrusions reported • Satisfies PDD63 for the FBI to play an

active role in protecting critical infrastructure

• New channel to disseminate threat warnings to the private sector

• New contacts in the business community

Benefits to Government

• Prompt threat warnings from the FBI and other Infragard members

• Better understanding of the FBI/other resources to combat cyber crime

• Opportunity to interact and share information law enforcement/academia/private/public

• Education and training on cyber/physical security topics

Benefits to Government

•16

Unified Membership -Benefits

Membership is tied to the individual rather than their organization.– A member does not have to complete another

application if he/she leaves their job

Members have access to the secure website (As of August, over 500 articles posted)

Members are given SmartPass VPN software for secure communications

Unified Membership -Benefits

Members will have an InfraGard email address– Email sent within the InfraGard network is

secure and encrypted– Free virus scanning of InfraGard email

Access to secure membership ListServ (alerts, advisories, program updates)

Members will receive discounts to 3rd

party vendor conferences (e.g. SANS)

Substitutes For Records Checks

Individuals with an existing U.S. Government issued security clearance do not have to undergo additional records checks:– Confidential– Secret– Top Secret

An InfraGard Applicant/Member may submit evidence of their possession of one of the above clearances to expedite the initial processing and periodic renewal of their InfraGard membership.

•17

Security Clearances

Record checks performed for InfraGard membership will not be granting you a security clearance.

Periodic Re-ConfirmationApplicants must agree to periodic re-confirmation of membership requirements.

The FBI will automatically perform subsequent records checks on or near every 5th anniversary of a member’s acceptance as an InfraGard member– Results evaluated against the most current

standards and criteria as published in the Federal Register.

Members that were vetted through the former Secured Application will be re-confirmed at the 5th anniversary of their acceptance as a Secured member.

Appeals ProcessIn the event that InfraGard Membership is denied or a periodic re-confirmation fails, the applicant may request an appeal– Applicant receives notification that their

application for InfraGard Membership has been denied

– Applicant completes an Appeal Request Form and submits to the Membership Appeals Committee

– The Committee, based on all available information and at its’ sole discretion, will make the final determination of Applicant’s membership status.

•18

Completing the Application

Application is a writeable pdf which allows filling out the application online.Print the completed application and mail it to your state FBI office:

FBIAttention: Eric Brelsford330 East Kilbourn Ave, Suite 600Milwaukee, WI 53202

New application available on the web– www.infragard.net– www.wi-infragard.com

Steps Toward An EffectiveNational Defense

Uninhibited Exchange of Actionable Incident Data

Do you really know

what’s on

your web page?

biographical data of high-level employees

military exercise planning

personal data

organizational structure

AIS-equipment connectivity

•19

Public Private

•Web Pages•Phone Books•News Media

•OpPlans •Privacy Information•Classified Information

Protection of Information

Organizations have information they choose to make publicand information they protect to keep private.

Availability of InformationWhat is Really Available?

Public Private

Known

Unaware

•Web Pages•Phone Books•News Media

•OpPlans •Privacy Information•Classified Information

•Web Pages•News Media•Emissions•Shared Networks

• Shared Networks• Auto Backup File

?

?

Overall GoalsPublic Private

Known

Unaware

Clearly Define Public Private

Boundary

Base Risk Management Decisions on Facts, Not Mis-Perceptions !

Expand Awareness

of Your Information

•20

Information Assurance Elements

Successful Mission ExecutionInformation Assurance

People Technology Operations

Defense In Depth StrategyDefense In Depth Strategy

Robust & Integrated Set ofInformation Assurance Measures & Actions

InfraGard Services

• Secure Web Site

• Alert Network

• Chapter Activities

• Help Desk

Chapter Activities• Members establish relationships with

others interested in Infrastructure Protection

• Chapter committees are formed to focus on local issues

• Seminars, conferences, and training sessions are offered

•21

Secure Web Site Features• Real-time information on

infrastructure protection• Infrastructure-related information• Chapter information• Chat and conference capability • Links to other security sites• Archives of intrusion

incidents • Original research on

security issues

Alert Network• Member sends an encrypted

message to the FBI via E-mail• FBI distributes sanitized

description to othermembers

• FBI analyzes incident• Trends identified and reported• Investigation opened if

appropriate

•22

Goals: Provide a balanced security protection system with appropriate resources dedicated to reducing risk.

Goals

RISK RESOURCES

It’s a Different Game

No Time-Outs

Offense and Defense

on the Field at theSame Time

Most often the team that wins

is the one whose DEFENSE

makes the fewer mistakes

ARE WE PREPARING TO WIN?

•23

Conclusion• The cyber threat is real and growing: the

physical threat is proven

• There is a need for a greateralliance between public andprivate sectors

• Cooperation and informationsharing will enhance aneffective response

For More Information:Contact Your Local FBI Officewww.infragard.net

For More Information:Contact Norm Arendt, CHS-III, PhD–Madison, Wisconsin–608-270-5364 / narendt@sehinc.com