This is the fourth article in a series examining the importance of mid-market companies in U.S. critical infrastructure and resources available to help secure them. The first article explained the important role mid-market companies play in critical infrastructure. The second and third covered assistance from DHS/CISA Protective Security Advisors and Cyber Security Advisors. To learn more please take a few moments to check out the previous articles,
- “Does Your Mid-Market Company Qualify as Critical Infrastructure?”
- “Critical Infrastructure: DHS Assistance for Mid-Market Companies.”
- “Critical Infrastructure and Mid-Market Companies: Cybersecurity”
While the last two articles covered some of the support available from the Department of Homeland Security, this week we shift over to the Federal Bureau of Investigation which jointly manages InfraGard, a partnership between the FBI and the public sector, designed to facilitate information-sharing and enhance the protection of our nation’s vital assets. There is no cost for membership.
I reached out to Deb Andersen PSP, CISSP, who serves as the President of the Nebraska InfraGard Member Alliance — commonly referred to as a chapter. In her day job, Andersen is the Security Administrator for Physical and Cybersecurity at MWI Direct, which, according to their website “is a full-service direct mail marketing, data-driven solutions provider specializing in execution for Fortune 500 Companies and Non-Profit Organizations nationwide.” So in critical infrastructure parlance, they fall into the information technology, communications, and critical manufacturing sectors. Andersen has been a member of InfraGard since 2010 and has gotten a lot of value out of her participation.
InfraGard’s History of Protecting Critical Infrastructure
As Andersen explained, InfraGard was established initially through an executive order by President Clinton in 1996, following the first World Trade Center attack and the bombing of the Alfred Murrah Federal Building in Oklahoma City. The first chapter was founded in Cleveland, Ohio, and the concept rapidly garnered national attention, expanding to become a nationwide initiative by 1998. Today, 70 InfraGard alliances (chapters) are spread across six regions, each committed to protecting critical infrastructure through proactive information sharing and cooperation.
Why Andersen Joined InfraGard
Andersen became a member of InfraGard in 2010 as she was tasked to develop a global security program for the company she worked for at the time. As she began attending meetings, Andersen quickly recognized the immense value of the network and the opportunities it provided. The regular FBI briefings and seminars with other partners offered her invaluable insights into the latest threats to critical infrastructure and security measures. The information portals and webinars have provided her with essential insights and up-to-date knowledge.
Networking was another compelling reason for Andersen’s involvement. The Nebraska Chapter’s extensive network of more than 325 members includes operations managers, IT professionals, COOs, CSOs, physical security experts, military personnel, and representatives from diverse sectors such as agriculture, retail, energy, healthcare, and financial services. Nationwide, there are more than 30,000 InfraGard members.
Andersen also stressed the importance of building relationships with stakeholders before an emergency. As an example, she shared that the completeness and usability of her Cyber Response plan is largely attributed to the lessons and best practices she learned through InfraGard. Through the process, she was able to identify and get to know the key people she needs to reach out to in the case of a cyberattack. As she put it, “it’s great to know I have the right people at the FBI and other agencies on speed-dial when we see suspicious activity.”
Activities Undertaken by Andersen’s InfraGard Chapter
Andersen’s chapter is actively involved in various initiatives aimed at bolstering security and resilience. Members participate in FBI threat briefings, which equip them with critical information on emerging threats and best practices for mitigation. The chapter also organizes tours of local critical infrastructure facilities, with the most popular being the FBI facilities, providing a behind-the-scenes look at federal law enforcement operations and fostering closer collaboration.
One of the cornerstones of InfraGard’s success lies in the mutual assistance between the FBI and the private sector. This collaboration is particularly critical when it comes to counter-intelligence, corporate espionage, and cyber threats. A striking example of these efforts is illustrated by the movie “Made in Beijing,” which depicts a real-life case of Chinese operatives stealing and reverse-engineering U.S. corn seeds. Their objective was to replicate these seeds and cultivate them independently, ultimately aiming to usurp market share from American companies and disrupt the U.S. economy.
The Agricultural Threats Symposium, a major event organized by the FBI Omaha Field office and supported by Andersen’s chapter, has become a vital platform for addressing such threats. Drawing farm owners, distributors, and professionals from across the nation, the symposium underscores the importance of safeguarding the agricultural sector. It provides a forum where experts can discuss specific security challenges and share knowledge on protecting this essential industry.
Events like these highlight the chapter’s commitment to addressing the unique needs of different sectors and enhancing overall security through targeted initiatives. As Andersen has discovered, many concerns across various sectors overlap, differing mainly by the products involved. The proactive information sharing and cooperation facilitated by InfraGard enable mid-market companies to better understand and mitigate threats, regardless of their specific industry. Through these collaborative efforts, InfraGard continues to enhance security and resilience, ensuring that critical infrastructure remains protected against evolving threats.
How does the FBI Benefit from Participating in InfraGard
The FBI’s involvement in InfraGard is mutually advantageous, significantly augmenting its capabilities in safeguarding national security. By engaging with the diverse professional network within the 16 critical infrastructure sectors, the FBI gains invaluable insights into emerging threats and trends. These connections enable the FBI to gather real-time information crucial for preempting and mitigating threats.
For instance, the collaborations fostered within InfraGard have been instrumental in thwarting ransomware attacks and other malicious activities. The network serves as an early-warning system, where sector-specific intelligence is shared promptly, allowing the FBI to respond swiftly and effectively. Furthermore, the FBI’s access to key contacts across these sectors enhances its operational readiness and strategic planning.
Andersen gave an example in which the FBI was alerted to an ongoing ransomware attempt against a company that was not under that field office’s jurisdiction. The Agents were able to reach out to the Omaha Field Office’s Private Sector FBI Coordinator, and with help from the InfraGard network, was able to find the key contacts they needed to alert the company at risk. With the warning received, the company made changes to its network to interrupt the intrusion before it did lasting damage.
How to Join InfraGard
According to the InfraGard brochure[i], to join InfraGard you must:
- Be employed or formerly employed in a critical infrastructure sector.
- Be at least 18 years of age.
- Be a U.S. Citizen (U.S. Citizen by birth as defined by 8 USC 1401-1409 or a U.S. Citizen by Naturalization as defined by 8 USC 1421-1459).
- Complete the online InfraGard membership application form[ii].
- Agree to the following: InfraGard Information-Sharing Policy, Privacy Act Statement, Agreements to Hold Harmless, and Code of Ethics.
- Consent to an FBI-conducted security risk assessment, which includes local, state, and federal criminal history and other security-related database checks.
Maintaining Membership
To maintain your membership in InfraGard, you must attend at least one event per year. This could include FBI threat briefings, symposiums, or other organized activities.
Andersen explained that while membership is incredibly beneficial, non-member guests are allowed to join many of the events. While non-member guests will not have access to sensitive information from the FBI and government partners, attending events as a guest is a great way to get introduced to the community and get started building the networks you need.
Conclusion
InfraGard is a great resource to help protect your mid-market critical infrastructure-related business. Membership is free, the benefits are substantial, and the threats are real. Check it out on-line or by reaching out to your local FBI Field Office.
Do you need help securing your business? CrisisLead is here for you. Reach out for a consultation to discuss how we can help you navigate risk and prepare for what’s next.
[i] InfraGard (2024). InfraGard Brochure. Available from: https://www.infragard.org/Files/InfraGard_Brochure_2024_UPDATE2.pdf. Accessed on 2/14/2025
[ii] InfraGard (2024). Online Membership Application. Available from: https://www.infragard.org/Application/General/NewApplication. Accessed on 02/14/2025.
