InfraGard Session Focuses on Cyber and Security Gaps

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for InCyberDefense and Contributor, In Homeland Security

The InfraGard Southern Nevada Alliance Chapter met on November 16, 2017 at the National Atomic Testing Museum in Las Vegas. The presentation focused on security gaps, threat mitigation, resolution and new data governance requirements facing both IT and physical security organizations.

The discussions encompassed industrial control systems (ICS), the Internet of Things (IoT) and enterprise networks, as well as their impact on critical infrastructure, manufacturing and service industries as the targets of sophisticated cyberattacks.

InfraGard members have completed a risk assessment from the FBI, which includes each participant’s local, state and federal criminal history, driver’s license, citizenship status and other security-related database checks. While these are not security clearances per se, they create a higher level of trust among the attendees. To protect sensitive information, what follows is a broad summary of the meeting, rather than a detailed commentary.

InfraGard Members Come from Many Different Professions

As the FBI website explains, “InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.”

This meeting had three guest speakers:

• Aaron Rouse, FBI Special Agent in Charge, Las Vegas Division
• Adam Pranter, FBI Supervisory Special Agent, Las Vegas Cyber Task Force
• Dana Traversie, Offensive Security Certified Professional (OSCP) and Security Engineer, Global Managed Service Provider (MSP) Team, Check Point Software Technologies

Rouse Discusses the Dangers of the Insider Threat

Rouse has gleaned lots of information from his years as the Section Chief in the Counterintelligence Division at FBI headquarters. Some of the key cyber issues fall under counterintelligence or the theft of information.

Rouse discussed issues and threats to supervisory control and data acquisition (SCADA) and the need for their protection. Additionally, he spoke about the “insider threat,” the hazard of when employees sell government or corporation data to a competitor.

During his time in Washington, Rouse observed many threats to information. His best advice for executives is to decide what is the most important material within their company and what can destroy the company if that material were stolen or destroyed. Those are the items to protect. “Protect the most critical first,” Rouse advised.

Pranter Gives Talk on How Fileless Malware Uses OS Tools to Wreak Havoc on Computers

Special Agent Pranter of the FBI discussed fileless malware, which adds nothing to your computer for the antivirus software to find and isolate. Instead, fileless malware uses the operating system’s tools to wreak havoc on a computer.

For instance, fileless malware uses tools like Power Shell and other elements of installed software in a hostile manner. This type of malware is hard to detect and it’s difficult to guard your computer against this type of attack.

Pranter also reviewed how Russian cybercriminals use malware in Europe. There have been many attacks against banks and banking apps in Russia. For example, the Carbanak cybergang directly targeted Russian and other countries’ banks and netted over $300 million.

A Look into Future Cybersecurity Threats

To see future threats to the United States, Pranter noted, we can watch what hackers do in other countries. According to Fortune magazine, a gang of Russian cyber criminals planted malware on Android mobile devices to steal from domestic bank customers. The gang members also planned to target European lenders before their arrest.

“The gang members tricked the Russian banks’ customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programs, according to a report compiled by cybersecurity firm Group-IB, which investigated the attack with the Russian Interior Ministry,” Fortune reported.

Apparently, the criminals infected more than one million smartphones in Russia. Group-IB said that equated to infecting an average of 3,500 devices a day.

These Russian groups are looking for new attack vectors to target in our systems. Since we carry our phones everywhere, they make a good target. The diversity of the Russian focus from banking to pornography to e-commerce shows they are looking to target a wide swath of society.

Check Point’s Technology Prevents Information Technology Problems

Traversie of Check Point reviewed some of the technology that Check Point uses to prevent information technology problems. Traversie also spoke about the use of its analytic tools to understand what your defenses observe.

Check Point is not an antivirus program, but the company has systems that impose security policy compliance with analytics and forensics for improving end-to-end security. InfraGard provided this speaker, so industry could see that there are solutions and protections to prevent hacking events like Equifax and others.

Who Should Attend InfraGard Quarterly Meetings?

There are many reasons to attend InfraGard meetings. Two main reasons are the quality and expertise of the speakers.

Another reason is the opportunity to network and perhaps meet your next boss at InfraGard. It’s good to be known as participating in a quality organization like InfraGard, even before you become a job seeker.

Military security and intelligence personnel should think about joining InfraGard before they transition or retire. There are 46,000 members and 82 chapters, which is useful because military personnel transferring from one location to another can still maintain their membership by switching to the new local chapter. Also, there are numerous opportunities to use your leadership skills to chair InfraGard meetings and work with this nonprofit organization with ties to the FBI.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 49th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a new book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job.”