InfraGard is a national
non-profit organization
A nonprofit organization (NPO), also known as a nonbusiness entity, nonprofit institution, not-for-profit organization, or simply a nonprofit, is a non-governmental (private) legal entity organized and operated for a collective, public, or so ...
serving as a
public-private partnership between U.S. businesses and the
Federal Bureau of Investigation
The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and Federal law enforcement in the United States, its principal federal law enforcement ag ...
. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members.
InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States.
History
InfraGard began in the
Cleveland, Ohio
Cleveland is a city in the U.S. state of Ohio and the county seat of Cuyahoga County, Ohio, Cuyahoga County. Located along the southern shore of Lake Erie, it is situated across the Canada–United States border, Canada–U.S. maritime border ...
, Field Office in 1996,
and has since expanded to become a national-level program, with InfraGard coordinators in every FBI field office. Originally, it was a local effort to gain support from the information technology industry and academia for the FBI's investigative efforts in the cyber arena, but it has since expanded to a much wider range of activities surrounding the nation's
critical infrastructure
Critical infrastructure, or critical national infrastructure (CNI) in the UK, describes infrastructure considered essential by governments for the functioning of a society and economy and deserving of special protection for national security. ...
.
The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former
National Infrastructure Protection Center (NIPC) directed by
RADM James B. Plehal and to the FBI's Cyber Division in 2003.
Since 2003, InfraGard Alliances and the FBI said that they have developed a TRUST-based public-private sector partnership to ensure reliability and integrity of information exchanged about various terrorism, intelligence, criminal, and security matters. It supports FBI priorities in the areas of
counterterrorism
Counterterrorism (alternatively spelled: counter-terrorism), also known as anti-terrorism, relates to the practices, military tactics, techniques, and strategies that governments, law enforcement, businesses, and Intelligence agency, intelligence ...
, foreign
counterintelligence
Counterintelligence (counter-intelligence) or counterespionage (counter-espionage) is any activity aimed at protecting an agency's Intelligence agency, intelligence program from an opposition's intelligence service. It includes gathering informati ...
, and
cybercrime
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or Computer network, networks. It has been variously defined as "a crime committed on a computer network, especially the Internet"; Cyberc ...
.
Information sharing
InfraGard chapters participate to assure that the critical infrastructure owners and operators—estimated at 85% private sector—are engaged and represented in local and regional planning efforts. Working on all 16 critical infrastructure sectors, the organization provides resources and information not only on prevention, but also on building resilience and response capabilities.
Training
InfraGard chapters around the nation also provide cyber and physical security training sessions that focus on the latest threats as identified by the FBI. Sessions include threat briefings, technical sessions on cyber and physical attack vectors, response training, and other resources to help CISOs and CSOs protect their enterprise. InfraGard approaches threats to critical infrastructure from both a tactical and strategic level, addressing the needs of those on the front lines of security as well as those decision makers tasked with assessing their enterprise's vulnerabilities and allocating resources to protect it.
The information sharing between the organization and government has been criticized by those protecting
civil liberties
Civil liberties are guarantees and freedoms that governments commit not to abridge, either by constitution, legislation, or judicial interpretation, without due process. Though the scope of the term differs between countries, civil liberties of ...
, concerned the membership would be surrogate eyes and ears for the FBI.
The group has also been the subject of
hacking attacks intended to embarrass the FBI.
Local chapters regularly meet to discuss the latest threats or listen to talks from subject matter experts on security issues,
with membership open to U.S. citizens at no cost.
As of July 2012, the organization reported membership at over 54,677 (including FBI).
Civil liberties
Partnership between government agencies and private organizations has its critics.
Concerned about
civil liberties
Civil liberties are guarantees and freedoms that governments commit not to abridge, either by constitution, legislation, or judicial interpretation, without due process. Though the scope of the term differs between countries, civil liberties of ...
, the
American Civil Liberties Union
The American Civil Liberties Union (ACLU) is an American nonprofit civil rights organization founded in 1920. ACLU affiliates are active in all 50 states, Washington, D.C., and Puerto Rico. The budget of the ACLU in 2024 was $383 million.
T ...
(ACLU) warned that there "is evidence that InfraGard may be closer to a corporate
TIPS program, turning private-sector corporations — some of which may be in a position to observe the activities of millions of individual customers — into surrogate eyes and ears for the FBI". Concluding that "any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future."
While others describing Infragard state "the architecture of the Internet—and the many possible methods of attack— requires governments, corporations, and private parties to work together to protect network security and head off threats before they occur."
Responding to the ACLU criticism, Chairwoman Kathleen Kiernan of the InfraGard National Members Alliance (INMA) denies that InfraGard is anything but beneficial to all Americans stating "It's not an elitist group in any way, shape or form," she says. "We're out there trying to protect everybody. Any U.S. citizen on the planet is eligible to apply to InfraGard."
LulzSec attacks
In 2011,
LulzSec
LulzSec (a contraction for Lulz Security) is a Grey hat, grey hat computer hacking group that claimed responsibility for several high profile attacks, including the 2011 PlayStation Network outage, compromise of user accounts from PlayStation N ...
claimed responsibility for attacking chapter websites managed by local members in Connecticut and Atlanta, in order to embarrass the FBI with "simple hacks".
The group leaked some of InfraGard member e-mails and a database of local users. The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS", accompanied with a video. LulzSec has posted the following message regarding the attack:
2022 breach
On December 10, 2022, a member of
BreachForums identified by the screen name "USDoD" posted a thread offering the sale, for $50,000, of a
database
In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and a ...
containing the information of over 80,000 members of InfraGard. The individual claimed to have obtained access to the portal through a
social engineering attack in which they pretended to be the CEO of an unknown U.S. financial corporation,
applying for InfraGard membership to both Infraguard members and the FBI who later granted the hacker InfraGard membership and access to the InfraGard portal. Once granted access the hacker, used a script to obtain the InfraGard database information.
The FBI has not commented on the hack but was aware of the false account in the InfraGard portal. The hack occurred roughly one year after the
2021 FBI email hack.
On 24 March 2023, the
United States Department of Justice
The United States Department of Justice (DOJ), also known as the Justice Department, is a United States federal executive departments, federal executive department of the U.S. government that oversees the domestic enforcement of Law of the Unite ...
announced the arrest of Conor Brian Fitzpatrick, the alleged administrator of BreachForums, by the FBI. Fitzpatrick was initially charged with conspiracy to commit access device fraud. After the execution of a
search warrant
A search warrant is a court order that a magistrate or judge issues to authorize Police, law enforcement officers to conduct a Search and seizure, search of a person, location, or vehicle for evidence of a crime and to Confiscation, confiscate an ...
, he was additionally charged with possession of
child pornography
Child pornography (also abbreviated as CP, also called child porn or kiddie porn, and child sexual abuse material, known by the acronym CSAM (underscoring that children can not be deemed willing participants under law)), is Eroticism, erotic ma ...
. Fitzpatrick was freed on a $300,000
bond, but was subsequently re-arrested on 2 January 2024 after allegedly violating the conditions of his bail. On 16 January 2024, Fitzpatrick pled guilty to conspiracy to commit access device fraud, solicitation for the purpose of offering access devices and possession of child pornography. He was sentenced by a federal judge to 20 years of
supervised release and is required to register as a
sex offender
A sex offender (sexual offender, sex abuser, or sexual abuser) is a person who has committed a Sex and the law, sex crime. What constitutes a sex crime differs by culture and legal jurisdiction. The majority of convicted sex offenders have convi ...
.
In May 2024, working in-conjunction with domestic and international
law enforcement
Law enforcement is the activity of some members of the government or other social institutions who act in an organized manner to enforce the law by investigating, deterring, rehabilitating, or punishing people who violate the rules and norms gove ...
partners, the Department of Justice seized the BreachForums website.
See also
*
MATRIX
Matrix (: matrices or matrixes) or MATRIX may refer to:
Science and mathematics
* Matrix (mathematics), a rectangular array of numbers, symbols or expressions
* Matrix (logic), part of a formula in prenex normal form
* Matrix (biology), the m ...
– Information sharing partnership between various local, state and federal law enforcement agencies
*
Fusion Center - Information sharing between federal agencies such as the FBI and state, local, and tribal law enforcement. The private sector sometimes provides information and analysis.
*
Operation TIPS – Program to have citizens provide information to law enforcement and intelligence agencies
*
Terrorism Liaison Officer
References
Further reading
* John P. Mello Jr.
"Taking a Byte out of Crime - FBI's new computer network about cyber crime" ''CFO'' magazine, March 2001
* Andrew F. Hamm
''San Jose Business Journal'', June 28, 2002
*
*
Richard Thieme"Center of Attention: An Interview with Ron Dick of NIPC" "Thiemeworks Interviews", 2001
FBI press release, October 4, 2006
* Dan Verto
Computerworld, January 9, 2001
* ARRL New
"FBI's 'InfraGard' Program Courts Amateur Radio as Ally" ARRL News Jul 21, 2006
* Bob Evans
"Business Technology: Security Tips That Will Scare--And Help--You" InformationWeek, August 29, 2005
* D. Ian Hopper
CNN.com, April 28, 2000
* Bernstein James
"LI business focusing on cyber security, fraud" newsday.com, December 7, 2010
External links
InfraGard websiteInfraGard Members Alliance{{FBI
1996 establishments in Ohio
Organizations established in 1996
Information technology organizations based in North America
Federal Bureau of Investigation
Computer security organizations
Non-profit organizations based in Ohio