“Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.” One of my favorite movie quotes is true about life, and true about threats. One could tweak that legendary Ferris Bueller quote to read, “Threats develop pretty fast. If you don’t stop and look around once in a while, you could miss it.”
As InfraGardNCR members are surely very well aware, 2020 started with increased security concerns regarding Iran and the United States, leading to escalated tensions and the potential for Iranian retaliation to U.S. interests. As tensions increased, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) coordinated an initial call on the evening of 03 Jan with industry contacts. The conference call also addressed planning and preparedness efforts related to cyber and physical security.
The following Monday, CISA released an alert on “Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad.” A large part of the focus was the potential for asymmetrical threats – such as cyberattacks. But concerns weren’t limited to cybersecurity.
Also on 06 Jan, The New York Post reported that on Sunday, a senior adviser to Iran's president tweeted a link to a Forbes article listing all of The Trump Organization's significant properties, along with a quote from the late Ayatollah Khomeini threatening revenge against any enemies of Islam. Other reports picked up on the tweet and on the 7th, The Daily Beast reported that an anonymous senior member of the U.S. intelligence community said Trump Tower in Midtown Manhattan could be a more effective a target than even the White House.
From cyber to physical, escalating geopolitical events and international tensions played out as real homeland security concerns, prompting government outreach and coordination, and industry leaders across multiple disciplines to assess threats, risks, and responsible operational security measures. In isolation, this would be a challenging process. Fortunately, as an InfraGardNCR member, there are several resources available to you. For example, as events have unfolded, InfraGardNCR members crowdsourced security and leveraged a number of means to gain, share and discuss the threat and response actions.
To CISA’s credit, the Agency took a “lean-forward” approach to coordination and communication, sharing information and guidance via coordination calls, public postings, and email distributions. The FBI developed and distributed Private Industry Notification and FLASH reports, addressing threats and providing mitigation guidance, and worked in collaboration with government partners to develop and share For Official Use Only products such as the Joint Information Bulletin on potential threats to the U.S. relating to tensions with Iran.
These reports, as well as open source reporting – which included Iranian tactics, techniques and procedures, previous targeting, indicators of compromise and other information developed and shared by industry professionals, was made available by a number of means, including:
The InfraGard portal, where members could go and retrieve products.
InfraGardNCR cyber working group distributions. In recent years, InfraGardNCR, recognizing the need to develop trusted communications within the Chapter to share cyber threat information and discuss issues with peers, has developed cyber working groups for health and financial services. These lists are open to all InfraGardNCR members who meet some basic criteria. Further, recognizing that threats aren’t limited solely to the NCR, the Chapter has made these groups available to eligible InfraGard members around the country, helping to facilitate member collaboration in the NCR and beyond.
Information Sharing and Analysis Centers (ISACs) and Organizations (ISAOs). Many members are also part of a critical infrastructure sector-specific or other ISACs or ISAOs. These trusted entities work within their communities, with one another via the National Council of ISACs, and closely with government partners at the national, state and local level. “Information Sharing and Analysis Centers help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.”
Fusion Centers. Many members work closely with fusion centers in the NCR and across the country. As tensions increased and with concerns over continued escalation, many members were able to receive national and local reporting and analysis via fusion center partners – via email, portals, and in some cases in person as vetted liaisons.
The Commercial Facilities Cyber Working Group. Recently, seeing the success of existing Chapter cyber work groups, InfraGardNCR and the Real Estate ISAC, based out of Washington, D.C., began discussions on developing a similar group to support the commercial facilities sector and those in other sectors who have responsibilities at the nexus of their facilities and information security. Together, InfraGardNCR and RE-ISAC created a representative Steering Committee to develop the CCWG concept. Formally launched on 06 Jan, the CCWG list was leveraged to expedite information sharing among members, some of which was able to be cross-shared to other Chapter groups, enhancing the collective awareness and security of a broad and diverse part of the Chapter’s membership, and other InfraGard members as well.
In addition to these more formal information sharing means, many members collaborate locally with neighboring and hometown security partners, and virtually via trusted security communities and relationships. While we are all grateful tensions between Iran and United States have slightly cooled, recent events – and incidents like the very rapidly developing WannaCry outbreak, and recent health threats and natural hazards – serve as reminders of how fast threats, risks, and challenges can develop and the importance of being able to access information, analysis and colleagues to help understand and respond however may be appropriate.
“Threats develop pretty fast. If you don’t stop and look around once in a while, you could miss it.”
Our Chapter is grateful for the many members and partners that have come together to collaborate and respond during recent events. By collectively executing our Chapter’s goals and objectives, InfraGardNCR members were better able to respond to threats, share information, and collaborate and enable the protection of critical infrastructure within the Chapter’s area of responsibility, and assist those even outside our Chapter. In security, there is no room for isolation, and no room for competition. InfraGardNCR continues to do what we can to enhance the preparedness, security and resilience of our members, and those we can assist, in support of our Chapter goals and members’ needs.