The terrorist attacks of 9/11 in 2001 demonstrated the need for information to be shared between organizations and agencies, in numerous disciplines, not only at all levels of government but also, and of perhaps greater importance, in the private sector as well. However, although it was and is easy to recognize that need, it was not quite as easy to implement the actions needed to achieve the informational goals implied. Terms such as “information sharing,” for example, can be overused, making the precise meaning of that term somewhat vague.
From the creation of the U.S. Department of Homeland Security, which now has over 240,000 employees, to the development and implementation of cross-sector policies such as the National Infrastructure Protection Plan (NIPP), many efforts have been made not only to formalize information sharing but to mandate it. The now national awareness and use of such key words as partnership, coordination, integration, and alliance demonstrate how prolific such efforts have become.
Today, the homeland security posture of the United States continues to improve and in the past decade has become significantly stronger – thanks in large part to new technology, awareness campaigns, drills and exercises, etc. However, all of the state-of-the-art tools, organizations, marketing, and policies now in place are and would be of little use without one critical success factor: human relationships.
InfraGard, SMEs & Citizen Volunteers
Founded in the Cleveland, Ohio, field office of the Federal Bureau of Investigation (FBI) in 1996, as a collaborative effort with private-sector cyber professionals, InfraGard was later expanded by the FBI to every field office in the country to provide agencies, at all levels of government, with unmatched access to the expertise and experience of critical infrastructure owners and their key operating professionals. In 2003, the private-sector members of InfraGard formed the “InfraGard National Members Alliance” (INMA), which provides its members unmatched opportunities to promote the physical and cyber security of their organizations through access to a trusted national network of “Subject Matter Experts” (SMEs) – those public and private sector individuals working in the environment everyday who possess an abundance of knowledge on any of a broad spectrum of topics.
As is true in many other organizations, InfraGard lists “information sharing” as its principal but not only purpose. With 84 InfraGard chapters in the United States and Puerto Rico and well over 47,000 members (as of 21 January), the national InfraGard program has already proved, many times over, its ability to quickly and comprehensively carry out its stated mission – namely, “to provide a trusted forum for the exchange of knowledge, experience, and information related to the protection of our nation’s critical infrastructure from both physical and cyber threats.” The organization’s official motto, not incidentally, is “Partnership for Protection.”
InfraGard, like many other organizations, has implemented programs and information technology (IT) systems and venues – such as meetings, the formation of special interest groups (SIGs), secure portals, listservs, websites, and secure mailing lists – to enhance what has become a highly respected and extremely trusted forum – and national asset. However, the true value of these tools lies not in the tools themselves but in the quality of information they deliver.
To become a member of InfraGard, an individual citizen must submit an application to the FBI for a records check. InfraGard itself, however, does not grant members security clearances, nor does it require clearance for open and trusted communications in, on, or about U.S. homeland security. In that respect, the organization’s trusting attitude on such matters emphasizes the fact that the best information is not necessarily, or always, “Top Secret.” What is often the most important piece of the puzzle, in fact – context – comes from the subject matter experts (SMEs). An intelligence analyst therefore may have access to state-of-the-art IT systems and the most highly ified data available, but without understanding such information in the proper context these systems and mountains of ified information may be all but useless.
Something of Value: The Official Reports
Gaining timely access to the knowledgeable volunteers in the organization and the context they can provide is one of the primary values provided by InfraGard. Numerous FBI reports confirm that there have been impressively higher numbers of cases initiated, cases enhanced, and intelligence products developed as a result of the InfraGard program and the trusted relationships that have been formed between FBI agents and InfraGard members. The importance of these success stories lies in the fact that although most FBI agents have impressive academic and/or professional backgrounds – usually but not always in such fields as accounting, business, law, or engineering – very few if any of them can possibly possess all of the sometimes esoteric background knowledge needed to fully understand the intricacies of each and every case they investigate.
For example, an agent in the white-collar crime unit may be working on a case involving the commodities market. However, because he or she has only limited experience in that field, he/she contacts the local InfraGard coordinator in their field office (who is also an agent) to locate members with special expertise in securities and trading. The coordinator introduces the FBI agent to an appropriate SME, who is able and willing to share his/her knowledge of the commodities market.
The same agent could, of course, use internet searches and other knowledge-based systems to research the topic, but the InfraGard process enables the two principals to discuss specifics of the case, and the commodities market itself, more quickly, in greater detail, and with much greater confidence. (Here it should be noted that the SME does not necessarily know what the case is, or who it involves, but simply provides his or her specialized knowledge requested by the individual FBI agent.)
For practical purposes, what this means, among other things, is that the case has now progressed – usually faster and with a more accurate focus – without the agent having to make inquiries that might in at least some cases jeopardize the investigation. This scenario, and numerous other success stories (many of which cannot be made public because of the sensitivity of the subjects involved), highlight the importance of the personal, and trusted, relationships between FBI agents and InfraGard SMEs that have been and continue to be developed.
Although InfraGard is an FBI program, memoranda of understanding (MOU) between the private-sector side of InfraGard (the InfraGard National Members Alliance, or INMA) and other government agencies can be equally beneficial for everyone and all agencies involved. For example, an MOU with the Department of Homeland Security (DHS) propagated such efforts as regional conferences on sector-specific issues. Another beneficial effort has been the introduction of the 93 DHS protective security advisors (PSAs) to their local InfraGard chapters.
Today, the PSAs – which are now deployed throughout the United States (and Puerto Rico) to gain additional insights into the risks to critical infrastructures at the regional, state, and local levels – provide local perspectives, which are then incorporated into the development of national risk assessments to help ensure more accurate protection, mitigation, and response efforts. DHS provides its PSAs, who almost always become InfraGard members themselves, with information on the local InfraGard chapters in the geographic areas for which they are responsible. Not only are PSAs helped significantly, therefore, in carrying out their own responsibilities, the InfraGard members also benefit from the expertise of the PSAs and ensure that their concerns are addressed and communicated to those in DHS who develop the nation’s risk assessments and protection plans.
The second value proposition then is the benefit that the InfraGard members and their organizations gain from these interactions. Physical and cyber security efforts are enhanced not only through the interactions these members have with the FBI and DHS, they are also improved through similar interactions with other SMEs both locally and nationally. Local members have access to individuals in other critical infrastructures whose proximity and environmental experiences also are shared. For example, members of the banking and finance sector may share information about a recent string of robberies at their branch ATMs. While at an InfraGard meeting, or through local information-sharing portals, members from the local transit authority share similar experiences occurring at their ticket stations. Comparisons of the information that each member of the InfraGard team possesses often leads directly (and quickly) to the law enforcement agencies for each of the shareholder entities involved in closing the case.
In addition to local sharing, members have the opportunity to interact nationally with SMEs within their own sectors through Special Interest Groups (SIGs). The SIGs are groups of InfraGard members subdivided by specialty in order to discuss and shareeas and information about their sector. These efforts are carried out primarily via a secure portal maintained by the FBI for InfraGard use. Current SIGs focus on such major national priorities and infrastructure resources as chemicals, food/agriculture, research & technology, and electromagnetic pulse (EMP).
Volunteerism: A Critical Infrastructure
Individuals, rather than organizations, are InfraGard members. These individuals are in some way affiliated with a particular sector of the critical infrastructure within their communities. Therefore, participation in the InfraGard program may benefit the individual’s organization through knowledge the member gains via his or her membership. However, the individual member, as well as officers and directors, participates voluntarily and often sacrifices much of his or her personal time to do so.
In fact, a credible case could perhaps be made that “Volunteerism” should be regarded as the 19th critical infrastructure sector (in addition to the 18 sectors previously defined by the U.S. Department of Homeland Security). In fact, the USA Patriot Act of 2001 has already defined “critical infrastructure” as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” The InfraGard National Members Alliance similarly believes that volunteerism is also an “asset[s] … so vital to the United States that the incapacity or destruction … would have a debilitating impact.”
Whether the term “volunteer” is taken to mean offering services without expectation of compensation or freely providing information without first being asked, it is or should be obvious to all Americans that volunteerism is critical to securing the health and safety of the nation. Without volunteers, in fact, the technologies, policies, IT systems, and operational structures of the entire nation simply could not function at their full potential. It is the individual citizen, therefore – and his or her willingness to serve and share – that makes these other assets and resources, both tangible and intangible, so successful.
____________
For more information on: INMA’s 19 April 2012 conference on volunteerism, visit www.infragardmembers.org
Sheri Donahue
Sheri Donahue is cyber security and strategic partnerships director for Humana Inc. in Louisville, Kentucky (KY). She previously served as: program manager for security and intelligence at the Indian Head Division of the Naval Surface Warfare Center; director of customer support for DisastersNet Inc.; managing director of the INMA; and executive director and president of the Cyber Conflict Studies Association (CCSA) at the Norwich University Applied Research Institutes. She also served, for 16 years, as an engineer and special programs manager for the Department of the Navy. She has been with InfraGard since 2003, served on the National Board from 2004 to 2012, and has been national president since 2012. As a member of the KY InfraGard chapter in 2003, she co-created the first Sector Chief Program.
- Sheri Donahuehttps://www.domesticpreparedness.com/author/sheri-donahue
- Sheri Donahuehttps://www.domesticpreparedness.com/author/sheri-donahue