Waiting for InfraGard

Posted on 1 July 2011 by


I discovered that I was wrong yesterday and have updated the article accordingly. In my defense, the mention is vague, and could read as if IG is blaming members for it, so I readily forgive myself for missing it on the first three passes through. The higher point – that they’re not being transparent enough – is absolutely still valid.  – Nick

I am thrilled – and I am not being sarcastic – to be a member of Infragard. I think that anyone with the ability to provide public service to protect and defend our nation’s critical infrastructure has a moral duty to join.

Yet I have been highly frustrated by my membership.

When I joined at the request of some members in New York, Washington and Texas, I was expecting to receive a lot of requests for help, invitations to meetings, etc.

So far I’m a bit disappointed, but after reaching out on Twitter and by email, I am confident that this will change.

I stand ready to help with public or private speaking, with documentation, with consulting and with other resources I can offer.

I was highly disappointed today to receive by email a link to Chairman’s Corner, the InfraGard National Members Alliance newsletter for June 2011 (Volume 3, Issue 4).

“Oh, boy!” I thought! Here we’ll hear about what’s been happening; read firsthand about that is being done to counter the direct and highly publicized and public computer attacks upon InfraGard by Lulzsec and other criminal hackers in the past month (see here, here and here for our discussion of these attacks, and attacks on police computer networks)!

Well, not exactly.

The word “cyber” is mentioned 30 times.

The attacks against the InfraGard Atlanta and Connecticut websites are not mentioned. are mentioned thusly:

Finally, I would like to remind all InfraGard members to keep an eye on their IT security. The many high profile breaches that have occurred over the last few weeks, of which some of our IMAs have been included, serves as a reminder to use different strong passwords for each site, to ensure that your systems are patched, and to not open links or attachments you don’t know. If you have questions about these and other security procedures I would encourage you to discuss it at IMA meetings. We have an incredible wealth of knowledge amongst our membership on these topics

Is it just me, or does this appear to be implying that it was the members who allowed, somehow, these breaches against Infragard infrastructure?

Ironically, the IT ISAC report on cyber threats does talk in far more detail about attacks  –  against the CIA!

Recent successful cyber attacks against government and industry have been well documented and publicized in the media. These include Denial of Service (DoS) attacks against the CIA website and complex attacks targeting sensitive data from specific companies. While these are indeed newsworthy events, they tend to distract from the success companies achieve each day in repelling countless attacks on their networks. Consequently, now is an opportune time to review the evolving nature of cyber risks and the implications for businesses as they seek to manage these risks.

We must talk about how we are weak. We must confront our problms publicly to fix them. We must stop pretending that we can handle them ourselves. We must ask for help. We must accept help when it is offered.

And we must not deny that which is obvious.