4.2 Information-Sharing Mechanisms

In Chapter 1 we discussed various tip systems that the government has established to help facilitate the flow of information about potential terrorist activities. These include providing the FBI and other organizations with tips about the activities of individuals, organizations, or groups.

In addition there is the CWIN, which is a group of organizations, including the NIPC, the Critical Infrastructure Assurance Office (CIAO), and others, that have some responsibility for the security of federal systems. The private-sector Information-Sharing and Analysis Centers are also included in the network. (Specific cyberthreat analysis is presented in later chapters.)

The NIPC, with help from representatives of private industry, the academic community, and government agencies, developed the InfraGard initiative to share information about cyberintrusions, exploited vulnerabilities, and infrastructure threats. The field offices of the FBI have established InfraGard chapters, and there are now 72 chapters with over 1,500 organizations across the United States as members. The National InfraGard Program provides four basic services to members:

1. An alert network using encrypted e-mail

2. A secure Web site for communication about suspicious activity or intrusions

3. Local chapter activities and a help desk for questions

4. The ability of industry to provide information on intrusions to the local FBI field office using secure communications

General membership in InfraGard is open to all parties interested in supporting the purposes and objectives of InfraGard. On the local level InfraGard is organized into 72 chapters, each of which is associated with a field office of the FBI. InfraGard members are responsible for promoting the protection and advancement of the critical infrastructure, cooperating with others in the interchange of knowledge and ideas, supporting the education of members and the general public, and maintaining the confidentiality of information obtained through involvement. Table 4.1 shows the InfraGard chapter locations.

InfraGard Secure Access members can report incidents through the secure Web site using the online report in the incident reports area.

• Members may also report by:

• Contacting the Watch and Warning Unit at (202) 323-3205

• Contacting your InfraGard coordinator

• Faxing your incident report via unsecured fax to the Watch and Warning Unit (202) 323-2079 or (202) 323-2082

• E-mailing it using your secure e-mail to the Watch and Warning Unit at infragard-hq@fbi.gov

As discussed in Chapter 1, the FBI public Web site has an online incident reporting form. This form may be used by anyone who wishes to report an incident to the FBI. The information is then verified and sanitized so it can be passed to InfraGard secure members in the form of analytical products or threat assessments.

4.2.1 National bylaws of InfraGard

Preamble

InfraGard is dedicated to increasing the security of the critical infrastructures of the United States of America. All InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these infrastructures is an essential element to successful infrastructures protection efforts. The goal of InfraGard is to enable that information flow so that the owners and operators of infrastructures can better protect themselves and so that the U.S. government can better discharge its law-enforcement and national security responsibilities.

Article I

Nature of InfraGard: InfraGard is a cooperative undertaking between the Federal Bureau of Investigation (hereinafter, the 'FBI') and other non-FBI members (hereinafter, the 'Membership'). The Membership includes an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. All decisions made on behalf of InfraGard shall be by consensus between the FBI and the Membership. The FBI will be represented at the national level by the Director of the National Infrastructure Protection Center (or an FBI official designated by the NIPC Director) and at the local level by the Assistant Director in Charge (ADIC) or Special Agent in Charge (SAC) of the local FBI field office (or an FBI official designated by the ADIC or SAC). The Membership will be represented at the national level by the National Executive Committee, and at the local level by the Executive Committee of the local InfraGard chapter. These bylaws are intended to cover actions and decisions made on behalf of InfraGard, or identified in some way with InfraGard (such as through the use of the InfraGard name). Nothing in them is intended to limit the ability of the FBI or any member of InfraGard to act outside of InfraGard. As used in this document, 'InfraGard' is understood to mean the FBI and the Membership acting in consensus at the national or local level.

Article II

Purpose and Objectives: The purpose and primary objective of InfraGard is to increase the security of the U.S. national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts to increase awareness of infrastructure protection issues.

Article III

Membership: General membership shall be open to all parties interested in supporting the purposes and objectives of InfraGard as stated in this document and who meet such other qualifications, as the InfraGard Membership shall establish. Membership will be considered without regard to race, religion, color, national origin, age, sex, sexual orientation, or disability. All members shall execute the 'National Membership Application/Agreement' prior to admission. The InfraGard Membership may expel any member based on that member's violation of these bylaws, the National Membership Application/Agreement, or any other duly enacted requirements of InfraGard. Additionally, the InfraGard Membership may exclude or expel from membership any organization, individual, or other entity whose past behavior or public statements create substantial doubt that the organization, individual, or entity in question would actually abide by the requirements of InfraGard membership if admitted. Membership does not entitle an InfraGard participant to obtain information from the FBI.

Article IV

Local Chapters: On the local level, InfraGard initially will be organized into 56 chapters (hereinafter 'Local Chapters'), each associated with a field office of the FBI. The Membership of each Local Chapter will elect an Executive Committee, consisting of at least three members, with each member having one vote. The Executive Committee will be responsible for administration of the Local Chapter and for liaison with the FBI representative (who will attend all Executive Committee meetings). The Executive Committee may organize itself in whatever manner seems appropriate to the local circumstances, and may establish officers and subordinate committees as appropriate. In addition to electing the Executive Committee, the Local Chapter may choose to enact its own Bylaws addressing matters of membership, administration, organization, or other matters, so long as such Bylaws are enacted by a two-thirds vote of the Local Chapter and are fully consistent with the National ByLaws, National Membership Agreement, and other duly enacted national requirements of InfraGard.

Article V

National Organization: InfraGard will hold an annual National Convention at which each Local Chapter will be represented. A majority of the total number of Local Chapters, each having one vote, shall constitute a quorum for the transaction of business of InfraGard at the national level. At the first National Convention, the Local Chapters will elect by simple majority a National Executive Committee consisting of seven members. The membership term on the National Executive Committee shall be two years and shall be staggered. To implement a staggered election cycle, three of the initial members of the National Executive Committee shall be elected to one-year terms. The National Executive Committee will be responsible for administration of the Local Chapters and for liaison with the FBI national representative (who will attend all National Executive Committee meetings). The National Executive Committee shall, as needed, develop proposed national policy for InfraGard in response to proposals by Local Chapters or the FBI. The National Executive Committee will circulate any such proposed policy to the Local Chapters and shall enact such policy with the concurrence of the FBI and a majority of the Local Chapters. A majority of the National Executive Committee members shall constitute its quorum, and each member shall have one vote. Prior to the first National Convention, a Provisional National Executive Committee will serve, elected by the Indiana, Northern Ohio and Southern Ohio Local Chapters, acting pursuant to such Bylaws as these Local Chapters adopt. At least two months prior to the annual National Convention, the [ Provisional] National Executive Committee shall make nominations for election to it, with the slate of nominees being equal in number to the number of seats vacant or to be vacated at the end of the year. Members of the [ Provisional] National Executive Committee may be nominated for reelection. The list of nominees shall be sent to each Local Chapter, together with at least one month's notice of the annual National Convention. Further nominations in writing, signed by at least 20 InfraGard members or selected by any Local Chapter, shall be presented for election if received by the [ Provisional] National Executive Committee ten days prior to the National Convention.

Article VI

New Local Chapters: Any grouping of the InfraGard Membership may request provisional recognition as a new Local Chapter through the National Executive Committee, which may approve such request with the concurrence of the FBI. A grouping of the InfraGard Membership obtaining provisional recognition as a Local Chapter shall be known as a ' Provisional Chapter.' At the National Convention, as its first order of business, the Membership will recognize and approve Provisional Chapters through a simple majority vote, with each existing Local Chapter casting one vote. Provisional Chapters that are approved will be recognized as Local Chapters following the approval or denial of all Provisional Chapters existing at the time of the National Convention.

Article VII

Funding: Absent other arrangements, all participants in InfraGard will bear their own expenses. Local Chapters may, if they choose, enact membership dues or otherwise collect funds from the local Membership. Any funds so collected will be administered by the local Executive Committee in compliance with rules enacted by the Local Chapter for the proper handling of InfraGard funds. The National Executive Committee may also collect and administer funds if so authorized by a two-thirds vote of Local Chapters. All funds collected from the Membership will remain in the possession of the Membership and shall not be held, administered, or distributed by the FBI. No funds collected from the Membership shall be used to fund official FBI activities or otherwise augment the authorized budget of the FBI.

Article VIII

Statement of Ethics: All InfraGard participants will conduct themselves in compliance with all applicable federal, state, and local laws. InfraGard is committed to establishing an atmosphere of trust among its members. InfraGard participants will not betray that trust by engaging in illegal activity, by knowingly submitting false or misleading information to InfraGard, or by seeking some commercial or other advantage at the expense of other members through actions taken within InfraGard.

Article IX

Amendments: The National Executive Committee, the FBI, or any Local Chapter, can propose amendments to these National ByLaws. Such amendments will be considered at the National Convention and will be adopted with the concurrence of the FBI and a simple majority of the Local Chapters. The FBI will give the strongest consideration in favor of adopting any amendment proposed by the majority of Local Chapters.

4.2.2 Code of ethics of InfraGard

As an InfraGard member it is my responsibility to:

• Promote the protection and advancement of the critical infrastructure of the United States of America.

• Cooperate with others in the interchange of knowledge and ideas for mutual protection.

• Support the education of members and the general public in a diligent, loyal, honest manner, and not knowingly be a part of any illegal or improper activities.

• Serve in the interests of InfraGard and the general public in a diligent, loyal, and honest manner, and will not knowingly be a party to any illegal or improper activities.

• Maintain confidentiality, and prevent the use for competitive advantage at the expense of other members, of information obtained in the course of my involvement with InfraGard, which includes but is not limited to the following:

• Information concerning the business of a fellow member or company Information identified as proprietary, confidential, or sensitive

• Abide by the National and Local Chapter InfraGard Bylaws.

• Protect and respect the privacy rights, civil rights, and physical and intellectual property rights of others.