Content

On guard: InfraGard makes strides under new leadership

With federal law enforcement veteran Kathleen Kiernan leading the way, InfraGard is ready for its coming-out party, reports Dan Kaplan.

In one of her first acts as chairwoman of the InfraGard National Members Alliance (INMA), Kathleen Kiernan distributed the first-ever “Chairman's Corner” e-newsletter to the organization's 27,000 members.

While a meticulous editor may have taken off points for some basic style miscues and the abundance of white space, the six-page newsletter accomplished what it was designed to do.

It promoted the notion of communication, a fundamental theme of InfraGard since the initiative was launched 12 years ago as a way to unite the law enforcement community and the private sector in their fight against cybercrime.

The newsletter also underscored the 53-year-old Kiernan's commitment toward connecting INMA – the national nonprofit arm of InfraGard that was established in 2004 – with the 86 local InfraGard chapters scattered across the United States.

“I think I'm a natural collaborator, a natural leader,” says Kiernan, a federal law enforcement veteran who was appointed chairwoman in July. “I have the ability to excite people for a cause.”

Cybersecurity observers say that under Kiernan's auspices, InfraGard appears ready to shed its youth and become an ever more pervasive asset in protecting the nation's 18 critical infrastructure sectors, which include finance and banking, food and agriculture, energy, government and public health.

An FBI brainchild, InfraGard is an effort that seeks to share information, expertise and knowledge among public and private bodies, especially important considering 85 percent of those critical infrastructure sectors are owned and operated by private industry.

“[Kiernan] is taking the helm at a time when InfraGard is poised to break out of its adolescence into a period of greater cooperation with private companies,” Steve Hunt, CEO of Hunt Business Intelligence, an Evanston, Ill.-based research and advisory firm, wrote soon after she was appointed chair. “InfraGard is already doing that, of course, by making the FBI more approachable. However, I expect InfraGard to jump in membership and influence during Dr. Kiernan's tenure as chair.”

Phyllis SchneckKiernan's extensive law enforcement background serves as stark contrast to the experience of previous chairwoman, Phyllis Schneck (right), which was rooted in technology.

Now chairwoman emeritus, Schneck is vice president of cyberintelligence and critical infrastructure protection at McAfee. During her tenure, the private sector portion of InfraGard blossomed, as did its relations with the Department of Homeland Security.

Enter Kiernan, who said she plans to leverage her credibility within law enforcement circles to grow the organization. She wants to brush aside petty politics to cultivate symbiotic relationships among INMA members and law enforcement agencies.

As proof that she means business, Kiernan reminds people simply to look at her résumé. She spent 26 years at the Bureau of Alcohol, Tobacco and Firearms and Explosives (ATF), most recently serving as the agency's assistant director for the Office of Strategic Intelligence. Now, she's leading an FBI organization.

ATF and the FBI, especially in the five or so years since they were merged under the U.S. Justice Department in order to battle terrorism, have been immersed in a power struggle that often has led to duplicate efforts and that has cost the two agencies both time and money.

The rivalry apparently has become so extreme that, on a number of occasions, FBI and ATF agents have threatened to arrest one another over access to evidence, the Washington Post reported last May, citing law enforcement sources and internal documents. But, Kiernan says she has no patience for frivolous bickering.

Becoming chair of the INMA “sent a clear signal that this is a collaborative effort and that it impacts the entire country,” Kiernan says.

Force multiplying

Chief among Kiernan's 2009 goals is to establish partnerships beyond the FBI and DHS, she says.

INMA plans to establish relationships with a host of security-related organizations, including the Major Cities Chiefs Association, comprised of the chiefs of the 64 largest police departments in the United State; the Major County Sheriffs Association; and the International Association of Fire Chiefs.

Kiernan says these relationships will allow for law enforcement outreach to communities at all times – not just if there is a crisis.

She recognizes that if InfraGard can establish buy-in from law enforcement groups, everyone will benefit, right down to the municipal level. “Homeland security starts with neighborhood security,” Kiernan says.

Bill Casey, deputy superintendent of the Boston Police Department and a member of the InfraGard board of directors, says his department is often tasked with investigating identity theft cases.

“[InfraGard] gives you somebody, a person you can call up and ask a question, where you might not have had that resource before,” he says. “It's nice to be able to pick the brain of a guy or a woman who has the expertise that you may be weak on.”

Kiernan will not just be going after industry groups in her quest to grow the InfraGard network. She also has her mind set on building bridges with a number of government agencies, including the Federal Emergency Management Agency and U.S. Immigration and Customs Enforcement.

But perhaps her crowning achievement could come by building rapport with super secret intelligence agencies, such as the Office of the Director of National Intelligence and the National Security Agency, so that those organizations can use tips from INMA members to help protect the nation against foreign cyberthreats, Schneck says.

“A lot of what defined our role before Kathleen, was really understanding how our private sector community could leverage and contribute to the efforts of the homeland security community,” Schneck says. “The intelligence community is where we have not yet explored how our membership could help them, and vice versa.”

Rick Jones, president and CEO of the InfraGard chapter in Los Angeles, says that during his four years with the group, he has watched with enjoyment the infusion of two traditionally disparate groups working together for a common good.

“I've watched law enforcement have a great appreciation for the needs and the assets and the capabilities of the private sector,” Jones says. “And that is so cool.”

Now, InfraGard may be close to getting the intelligence community on board, as well. Hunt, a founding member of the Chicago chapter of the Information Systems Security Association, says Kiernan is a “natural communicator” who can help bridge existing gaps that may exist between entities not used to working together.

“She's known in law enforcement and in the public sector as someone who can bring people to the table and get over the hump,” Hunt says. “If you can build trust and achieve that feeling of camaraderie that we're all in it together and it's in our best interest to work together, then we can share some information more freely.”

Information resources

At its core, InfraGard is an information-sharing network.

Sure, much of that communication occurs at the grassroots level, where local chapters regularly meet to discuss the latest threats or listen to talks from accomplished speakers. But soon INMA members should also be able to tap into a more high-tech information resource.

InfraGard is establishing a pilot program with DHS that will allow members access to the agency's Homeland Security Information Network (HSIN), a computer-based counterterrorism communications system that connects the 50 states with 50 major urban locations.

Rob PateThe resource will serve as a complement to the existing CyberCop Portal from the FBI, helping to fill in some of the holes at the state and local level, says Rob Pate (left), vice president for special projects at InfraGard.

“It's designed to provide a more complete picture,” he says. “It's going to give you a bottom-up view of what's going on. One of the things that we want to ensure is that information gets to people that need to take action. If there are gaps in information that is shared, that can be problematic.”

And even though the information shared among InfraGard members is not classified, the concept that a select few Americans have real-time access to threat data not available to all citizens has been a cause for criticism of InfraGard.

A 2004 report from the American Civil Liberties Union, titled “The Surveillance-Industrial Complex,” questioned whether the public might suffer because of the way in which InfraGard is set up.

“There is evidence that InfraGard may be…turning private-sector corporations – some of which may be in a position to observe the activities of millions of individual customers – into surrogate eyes and ears for the FBI,” the report says. “Any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future.”

The ACLU did not respond to interview requests for this story. Schneck denies that InfraGard is anything but beneficial to all Americans.

“It's not an elitist group in any way, shape or form,” she says. “We're out there trying to protect everybody. Any U.S. citizen on the planet is eligible to apply to InfraGard.”

Kiernan points to its successes: In the past 2? years, cases opened up as a result of InfraGard information and led to 14 arrests, 23 indictments and more than $3 million in restitution. (She could not reveal specifics about the cases).

“These folks aren't paid to cooperate,” she says. “They just choose to because they care about their community and this is their way to give back, not just to their community, but on the national level as well.”




[sidebar]


INFRAGARD: Become a member

  • Complete the application at www.infragardmembers.org or www.infragard.net
  • Enter information, such as name, address and date of birth (must be U.S. citizen)
  • Select a local chapter with which you want to affiliate
  • An FBI coordinator reviews the application, which includes a records check
  • The FBI may deny membership for reasons such as felony conviction or lying on the application


Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.