FBI’s InfraGardFBI’s InfraGard

OverviewOverview Today’s FBIToday’s FBI The FBI’s role in cyberspace The FBI’s role in cyberspace

– FBI’s Cyber DivisionFBI’s Cyber Division– Critical Infrastructure protectionCritical Infrastructure protection

InfraGardInfraGard– OverviewOverview– MembershipMembership– InitiativesInitiatives

Today’s FBIToday’s FBI

After the terrorism acts of After the terrorism acts of 9/119/11

FBI Mission StatementFBI Mission Statement

The Mission of the FBI is to protect The Mission of the FBI is to protect and defend the United States and defend the United States against terrorist and foreign against terrorist and foreign intelligence threats, to uphold and intelligence threats, to uphold and enforce the criminal laws of the enforce the criminal laws of the United States, and to provide United States, and to provide leadership and criminal justice leadership and criminal justice services to federal, state, services to federal, state, municipal, and international municipal, and international agencies and partners. agencies and partners.

Organization of the FBIOrganization of the FBI

Field OfficesField Offices– 5656– 400 satellite or resident agencies400 satellite or resident agencies

InternationalInternational– 45 Legal Attache offices45 Legal Attache offices

PersonnelPersonnel

Special Agents - 11, 633 (6/30/03)Special Agents - 11, 633 (6/30/03) Training at QuanticoTraining at Quantico 17 weeks17 weeks Academics, Firearms, Physical ExercisesAcademics, Firearms, Physical Exercises

– Assigned as needs dictateAssigned as needs dictate Professional Support - 15, 904Professional Support - 15, 904 Recruit and hire own directly through 56 Field Recruit and hire own directly through 56 Field

OfficesOffices www.fbi.govwww.fbi.gov

FBI HeadquartersFBI Headquarters

FBIFBI AcademyAcademy

The FBI’s RoleThe FBI’s Role

In CyberspaceIn Cyberspace

Cyber DivisionCyber Division

June 2002, Director Mueller approved June 2002, Director Mueller approved organizational structureorganizational structure

Addresses cyber threats in a coordinated Addresses cyber threats in a coordinated manner by examining all violations with a manner by examining all violations with a cyber nexuscyber nexus

Supports FBI priorities across program lines: Supports FBI priorities across program lines: counterterrorism, counterintelligence, counterterrorism, counterintelligence, criminalcriminal

Forms and maintains public/private Forms and maintains public/private alliances alliances

Assistant Director

Deputy Assistant DirectorOperational

Support Staff

COMPUTER INTRUSION

SECTIONCYBER CRIME SECTION

CYBER DIVISION

CRIMINAL COMPUTER

INTRUSION UNIT (CCIU)

CYBER INTELLIGENCE ACTION UNIT

COUTERTERRORISM/

COUNTERINTELLIGENCE

INTRUSION UNIT (C3IU)

INTELLECTUAL PROPERTY

RIGHTS UNIT

INTERNET FRAUD --- INTERNET

CRIME COMPLAINT CENTER

(IFCC)

INNOCENT IMAGES NATIONAL

INITIATIVES UNIT (IINI)

SPECIAL TECHNOLOGIES AND

APPLICATIONS SECTION

INFRASTRUCTURE and ENGINEERING UNIT

RESEARCH and DEVELOPMENT UNIT

TECHNICAL ANALYSIS UNIT

CYBER OPERATIONS DEPLOYMENT UNIT

OUTREACH, CAPABILITY AND

DEVELOPMENT SECTION

SPECIALIZED TRAINING UNIT

CYBER TASK FORCE UNIT

PUBLIC and PRIVATE ALLIANCE UNIT

INTERNATIONAL INVESTIGATIVE SUPPORT

UNIT

Special Assistant

To detect, prevent and investigate Cyber-based attacks and high technology crimes

Mission Statement

The FBI’s RoleThe FBI’s Role

Critical Infrastructure Critical Infrastructure ProtectionProtection

Critical InfrastructureCritical Infrastructure “Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

USA Patriot Act, Section 1016(e)

Is there a threat to theIs there a threat to theCritical Infrastructure?Critical Infrastructure?

Terrorist OrganizationsTerrorist OrganizationsState Sponsored ActivityState Sponsored ActivityRecreational HackersRecreational HackersHactivistsHactivistsOrganized CrimeOrganized CrimeTrusted Insiders Trusted Insiders Foreign and Domestic Foreign and Domestic

CompetitorsCompetitorsLone CriminalsLone CriminalsInformation Warfare Units Information Warfare Units The UnknownThe Unknown

Critical Infrastructure ProtectionCritical Infrastructure Protection

How do we protect or secure infrastructure, How do we protect or secure infrastructure, including cyber systems?including cyber systems?– Reduce/Eliminate Vulnerabilities - educationReduce/Eliminate Vulnerabilities - education– Reduce/Eliminate Threats – information sharingReduce/Eliminate Threats – information sharing– Reduce/Eliminate Consequences with planningReduce/Eliminate Consequences with planning

Who protects the infrastructure?Who protects the infrastructure?– #1, the owners & operators #1, the owners & operators – FBI/Law Enforcement – investigationFBI/Law Enforcement – investigation– DHS – threat warning and analysisDHS – threat warning and analysis

It is no longer possible to separate our country’s It is no longer possible to separate our country’s economic well-being from its national securityeconomic well-being from its national security

•Identify, prioritize, and mitigate vulnerabilities

•Develop incident response plans

•Educate employees on best security practices

•Maintain audit logs

•Practice due diligence

•Report suspicious activity within organization

•Network with like-minded professionals

•Develop a relationship with law enforcement•Share information

•InfraGard concept

What can be done?

Law Enforcement’s RoleLaw Enforcement’s Role

Assist owners and operators with Assist owners and operators with threat reductionthreat reduction– Information sharingInformation sharing

New era requires new solutions – partnerships New era requires new solutions – partnerships with industrywith industry

– Investigation Investigation Law Enforcement has legal authorities and Law Enforcement has legal authorities and

ability to seek resource leveraging to ability to seek resource leveraging to determine who is (are) behind an attack(s) determine who is (are) behind an attack(s)

InfraGardInfraGard

– OverviewOverview– InitiativesInitiatives– MembershipMembership

InfraGardInfraGard

OverviewOverview

InfraGard Program InfraGard Program Mission StatementMission Statement

To support an information sharing partnership between the private and public sectors for the purpose of protecting the nation’s critical infrastructures against attacks or failure caused by either foreign or domestic threats, and to support all FBI investigative programs, especially Counterterrorism, Counterintelligence, and Cyber Crime.

What is InfraGard?What is InfraGard?Program with 11,500+ members spread across Program with 11,500+ members spread across 84 local chapters nationwide84 local chapters nationwideWho: business executives, entrepreneurs, Who: business executives, entrepreneurs, military and government officials, computer military and government officials, computer security professionals, academia, state and security professionals, academia, state and local LE, and concerned citizenslocal LE, and concerned citizensWhy: public/private partners share expertise, Why: public/private partners share expertise, strategies, and information adding to strategies, and information adding to intelligence and criminal casesintelligence and criminal cases

What is InfraGard?What is InfraGard?

www.InfraGard.netwww.InfraGard.net - - public web sitepublic web site withwith DHS threat alerts, warnings, DHS threat alerts, warnings, vulnerabilitiesvulnerabilities

Intelligence Bulletins from FBIHQIntelligence Bulletins from FBIHQ Essence is information sharing, primarily Essence is information sharing, primarily

from FBI Agents assigned to each Chapter, from FBI Agents assigned to each Chapter, bringing meaningful news and informationbringing meaningful news and information

FBI’s Role in InfraGardFBI’s Role in InfraGard

Gather information and distribute Gather information and distribute it to membersit to members

Process membership applicationsProcess membership applications Perform background checks for Perform background checks for

secure net accesssecure net access Organize and facilitate local Organize and facilitate local

chapter meetingschapter meetings Recruit new membersRecruit new members

Non-FBI InfraGard RolesNon-FBI InfraGard Roles PartnersPartners

– National Center for Manufacturing SciencesNational Center for Manufacturing Sciences– National Institute of Standards and TechnologyNational Institute of Standards and Technology– Small Business AdministrationSmall Business Administration

Board of Directors (7)Board of Directors (7)– InfraGard National Member AllianceInfraGard National Member Alliance– Voluntary, two-year termsVoluntary, two-year terms– Responsible for representing membership in their Responsible for representing membership in their

alliance with the FBIalliance with the FBI InfraGard Member Alliances – per each InfraGard Member Alliances – per each

ChapterChapter– An FBI Field Office may have more than one ChapterAn FBI Field Office may have more than one Chapter

Non-FBI InfraGard RolesNon-FBI InfraGard Roles

InfraGard Program OfficeInfraGard Program Office– Under contract with FBI to support Under contract with FBI to support

InfraGard and Law Enforcement OnlineInfraGard and Law Enforcement Online Sustains InfraGard’s ability to collect and Sustains InfraGard’s ability to collect and

disseminate informationdisseminate information Principal point of contact for daily Principal point of contact for daily

operations operations

– Significant assistance:Significant assistance: Processes member applications; assists Processes member applications; assists

with organizing training conferences; with organizing training conferences; moderates 190 Listservsmoderates 190 Listservs

Non-FBI InfraGard RolesNon-FBI InfraGard Roles

Formats and uploads daily public and Formats and uploads daily public and secure web site contentsecure web site content

24/7 technical support for members24/7 technical support for members Administers InfraGard and LEO, Administers InfraGard and LEO,

reducing overall costsreducing overall costs

Why InfraGard?Why InfraGard? Sharing of FBI & DHS informationSharing of FBI & DHS information Protection requires assistance from owners Protection requires assistance from owners

and operators of critical infrastructures and operators of critical infrastructures Computer and physical security expertise Computer and physical security expertise

shared and enhancedshared and enhanced Relationships help establish trust between Relationships help establish trust between

private industry and government agenciesprivate industry and government agencies Aids Law Enforcement and intelligence Aids Law Enforcement and intelligence

gatheringgathering

How accomplished?How accomplished? Jointly with DHSJointly with DHS Intelligence product for dissemination to Intelligence product for dissemination to

InfraGard secure webInfraGard secure web– Produced by Analyst/Agent -- Field Intelligence Produced by Analyst/Agent -- Field Intelligence

Group – dissemination – FBIHQ to InfraGardGroup – dissemination – FBIHQ to InfraGard InfraGard LES admonishments and InfraGard LES admonishments and

accompanying question or statementaccompanying question or statement– Assimilation of new information into Assimilation of new information into

intelligence or case workintelligence or case work Electronic communication – FBI field officeElectronic communication – FBI field office

What Chapters have doneWhat Chapters have done Philadelphia: CIDDAC – automated cyber attack Philadelphia: CIDDAC – automated cyber attack

early warning system prototype early warning system prototype Las Vegas: aided investigation allowing LE to Las Vegas: aided investigation allowing LE to

capture a criminal who used a computer to capture a criminal who used a computer to embezzle $150,000+embezzle $150,000+

Los Angeles: participated in a two-day nationwide Los Angeles: participated in a two-day nationwide simulated terrorist attack training exercisesimulated terrorist attack training exercise

San Francisco: trained FBI Agents on hacker toolsSan Francisco: trained FBI Agents on hacker tools Vermont: offers free classes to teach local Vermont: offers free classes to teach local

residents how to protect themselves from online residents how to protect themselves from online threatsthreats

Portland: Phishing authority added to FBI Subject Portland: Phishing authority added to FBI Subject Matter Expert allianceMatter Expert alliance

InfraGardInfraGard

MembershipMembership

Who should join?• You, if you, your company or government

agency supports the critical infrastructures

• Anyone who works for organizations that can assist in assessing vulnerabilities and minimizing risks

• Persons capable of accepting Law Enforcement Sensitive, unclassified information and providing feedback to aid criminal cases or intelligence gathering

• Good citizen

InfraGardInfraGard

InitiativesInitiatives

Special Interest GroupsSpecial Interest Groups AgGard & ChemGardAgGard & ChemGard InfraGard & WMD sponsored portals designed InfraGard & WMD sponsored portals designed

to allow sector sharing of sensitive B2B to allow sector sharing of sensitive B2B information w/o government’s direct information w/o government’s direct involvementinvolvement– Facilitate sharingFacilitate sharing– Know when to contact LEKnow when to contact LE

LSU facilitatingLSU facilitating Online application to WMD Unit for admissionOnline application to WMD Unit for admission

– WMD gatekeeper of info to determine valueWMD gatekeeper of info to determine value Commencement TBDCommencement TBD