The National Cybersecurity and Communications Integration Center’s (NCCIC) mission is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation’s flagship cyber defense, incident response, and operational integration center.
Since 2009, the NCCIC has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating our 24/7 situational awareness, analysis, and incident response center.
Our Vision and Guiding Principles
NCCIC’s vision is a secure and robust cyber and communications infrastructure, resilient against attacks and disruption.
In pursuing our vision, we adhere to a number of Guiding Principles:
- Put Customers First. Understand and meet our customer and constituent needs quickly and completely.
- Lead the Global Mission. In service to our national interests, serve as a global ambassador for cyber and communications security expertise, excellence, and information.
- Be an Active Force for Good. Defend the homeland by being the first and best option to identify, understand, prevent, protect, and respond to significant threats and exploitations of our cyber and communications infrastructure.
- Drive Innovation. Stay on the cutting edge of innovation to bring down risk, learning from past experiences and anticipating change. Inspire others to better understand and apply cyber and communications knowledge and tools.
- Be Right, Be Fast. Connect people-to-people and people-to-content to build community knowledge. Share threat and vulnerability information quickly and broadly, while maintaining the confidence and trust of our stakeholders and the constitutional rights of the American people.
- Earn Trust. Relentlessly build our reputation as the authoritative source of information and a dependable partner through technical excellence and accurate, timely analysis. We are the experts other professionals turn to for help.
What We Do
NCCIC provides a year in review to the public for the opportunity to better understand our accomplishments and how we have progressed during the past fiscal year.
NCCIC is a hub for information and expertise. We are a global exchange for cyber and communications information, sharing what we receive back to the cyber security community.
- We build risk awareness and help people understand how to mitigate threats and vulnerabilities.
- We help customers take action to improve their risk posture and support a common operational picture of the national cyber and communications risk landscape.
- We defend federal networks and respond to significant incidents.
- We are here for our partners and customers when they need help. We vigilantly defend the Federal Government’s critical networks and stand ready to respond to attacks on both government and private sector networks
NCCIC is a key component of the DHS Strategy for Securing Control Systems. The primary goal of the Strategy is to build a long-term common vision where effective risk management of control systems security can be realized through successful coordination efforts. To this end, we have committed $17M in new funding for functions related to securing control systems. NCCIC leads this effort by
- Responding to and analyzing control systems-related incidents;
- Conducting vulnerability, malware, and digital media analysis;
- Providing onsite incident response services;
- Providing situational awareness in the form of actionable intelligence;
- Coordinating the responsible disclosure of vulnerabilities and associated mitigations; and
- Sharing and coordinating vulnerability information and threat analysis through information products and alerts.
NCCIC coordinates control systems-related security incidents and information exchange with Federal, State, and local agencies and organizations, the intelligence community, and private sector constituents, including vendors, owners and operators, and international and private sector CERTs. The focus on cybersecurity for control systems provides a direct path for coordination of activities among all members of the critical infrastructure stakeholder community.
Our Critical Mission Activities
- Information exchange,
- Training and exercises,
- Risk and vulnerability assessments,
- Data synthesis and analysis,
- Operational planning and coordination,
- Watch operations, and
- Incident response and recovery.
Advanced Analytic Lab. NCCIC operates an advanced analytic lab (AAL) that performs digital media and malware analysis on samples from infected systems. The lab also hosts a representative sample of vendor equipment onsite to give analysts testing capabilities of malware in control system environments. The availability of onsite equipment and software allows NCCIC to assess the possible effects of malicious software and consequences a vulnerability may have on critical infrastructure.
Partnerships. NCCIC works to reduce risk within and across all critical infrastructure sectors by coordinating efforts among federal, state, local and tribal governments, as well as control systems owners, operators, and vendors. In addition, NCCIC collaborates with international and private sector CERTs to share control systems related security incidents and mitigation measures.
NCCIC participates with many working groups including the Industrial Control Systems Joint Working Group and the Federal Control Systems Security Working Group. These trusted relationships are leveraged to increase and improve information exchange with the U.S. critical infrastructure asset owner/operators and vendor community.
Timeline of NCCIC History
Throughout 2017, the NCCIC realigned its organizational structure and integrated like functions previously performed independently by the United States Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). This structure combines intersecting roles from the below legacy organizations to enhance the effectiveness of NCCIC’s cybersecurity and communications mission.
The below graphic depicts the rich history of NCCIC’s organizational structure, which comprised of the following legacy organizations.
- NCS – National Communications System
- NCC – National Coordinating Center (NCC) for communications
- US-CERT – United States Cyber Emergency Readiness Team
- ICS-CERT – Industrial Control Systems Cyber Emergency Readiness Team