need help 9
INTELLIGENCE
Strategy Collaboration Dissemination
National Cybersecurity Center Policy Capture DEFENSE
Collaboration: Collaborates with NIST, US-CERT, Training/Exercises: Supports cyber
Domains
Intelligence Defense Civil Law Enforcement/ Counterintelligence
Core Competencies
Situational Awareness Public-private Coordination National Security Foreign Intelligence
Main Functions
Incident Response
System Protection Disruption Investigation Attribution
Attribution: Provides foreign threat- based analysis to assist in gaining attribution regarding a cyber attack
Collaboration: Collaborates with and shares information among Intelligence and CND communities, DoD, US-CERT and other incident response organizations
Monitor: Manage and monitor IC networks
Collection: 24/7 operation facilitates collection and sharing of cyber event information among the Intelligence community
Training/Exercises: Plans and conducts IC TS network exercises
Dissemination: Provides vulnerability management notification and status reporting for IC as well as threat message
IC-IRC dissemination and status monitoring
Incident Response: Provides Intelligence incident reporting and response for IC continuity of operations; Serves as cyber alert and notification focal point
Analysis: Conducts network threat analysis and correlation
and JTF-GNO; facilitates cooperation, planning, and coordination between organizations (such as DISA) responsible for information systems security incidents
Monitor: Reviews information to determine cyber threats and vulnerabilities and to develop mitigation strategies
Analysis: Coordinates with DIA for all-source threat analysis
defense elements of major Combatant Commander and national-level exercises; provides network analyst training courses at the National Cryptologic School
Education/Awareness: Publishes
security configuration guides; NTOC partners with DHS to sponsor CAEIAE
Dissemination: Facilitates security incident reporting to the appropriate authority; provides worldwide dissemination of threat advisories
Monitor Collection Analysis
Center/Dept.
NCSC/DHS US-CERT/DHS JTF-GNO/DoD NCIJTF/FBI IC-IRC/DNI NTOC/NSA DC3/DoD
R&D Education/Awareness Training/Exercises
Description
National Cybersecurity Center United States Computer Emergency Readiness Team Joint Task Force—Global Network Operations National Cyber Investigative Joint Task Force Intelligence Community—Incident Response Center NSA/CSS Threat Operations Center Defense Cyber Crime Center
Incident Response: Facilitates and coordinates identification and development of countermeasures; provides support during security incidents when needed
The centers connect, communicate, and share information with each other through established relationships or through strategically placed liaison officers.
NCSC will draw insight from six existing federal cyber centers to create cross-domain situational awareness.
Strategy: Developing global view of information warfare activity; creating strategic framework for centralizing coordination of existing operational initiatives and developing new initiatives
Collaboration: Collaborates with Intelligence, Law Enforcement, USSS, other USG entities, foreign LE agencies, state and local government, and private sector; Developing synchronization and collaboration approach for investigations
Monitor: Reviews all-source data and identifies intelligence gaps
Attribution: Seeks to identify threats to computer networks affecting national security
Strategy: Will develop strategic reporting and view of the state of cyber; will develop mitigation strategies based on identified risks
Collaboration: Will work with private sector on IT analytic tools and methodologies; will coordinate with six centers and use their existing structures for further collaboration
Monitor: Will monitor and track events as highlighted by centers
Collection: Will collect information across centers to create fused picture of cyber activity across U.S. networks and systems
R&D: Will advocate for R&D efforts through various Federal Government working forums
Dissemination: Will receive, share and report on active incidents and their impacts; will provide cross- domain situational awareness
NCSC Incident Response: Will assist with development and coordination of courses of action in response to
unfolding cyber activities; will provide 24/7 operational support
Analysis: Will correlate, analyze and synthesize reporting across centers; will develop and implement process of publishing analysis results
Monitor: Monitors activity on .gov; monitors cybersecurity events from various sources
Collection: Collects and documents cyber incidents related to .gov or call from public
Analysis: Analyzes all EINSTEIN data; provides digital analysis, malware analysis and related vulnerability assessments; analyzes anomalies or intrusions into .gov systems
LAW ENFORCEMENT/ COUNTERINTELLIGENCE
CIVIL
Collaboration: Primarily collaborates with private sector on incident handling and analysis; collaborates with international and domestic CERTs; provides interface for the public, government at all levels, and private sector
System Protection: Established the TIC and EINSTEIN initiatives to improve the protection and integrity of U.S. federal networks
Training/Exercises: Encourages IT studies through the Scholarship for Service Program; participates in DHS/NCSD-sponsored Cyber Storm biannual, international cybersecurity exercises
Education/Awareness:
Provides quarterly trends report for public consumption; participates in DHS/NSA sponsored CAEIAE
Dissemination: Comprehends broad network activity and supports incident handling and analysis of cybersecurity trends for federal agencies
NCIJTF
Investigation: Conducts LE/CI/CT cyber-related investigations and response to counterintelligence threats
Disruption: Proactively disrupts the foreign exploitation of U.S. computer networks
Training/Exercises:
Planning to conduct training with FY09 budget request for training funds
Dissemination: Produces quarterly reports to allow targeted entities to take action
US-CERT
Incident Response:
Provides 24/7 support to federal, state, and local entities
Collection: Collects and synthesizes common operating picture of hostile-intrusion-related activity to aid investigations
Incident Response: Identifies new methods of attacks; intends to develop 24/7 operations center
Investigations: DC3 supports investigative missions for the DCIOs; DCFL supports those investigations by conducting digital forensic examinations on seized media; DCITA conducts cyber investigations training for DoD personnel and law enforcement/counterintelligence organizations
Training/Exercises: Operates the Defense Computer Investigations Training Academy; conducts computer investigation training courses for DoD organizations, military counterintelligence agencies, and law enforcement organizations
Education/Awareness: Provides DC3 Dispatch daily email on cybercrime, LE, technology and legal news; hosts the DoD Cyber Crime Conference on current and future cybercrime trends
Strategy: Develops strategic framework for GIG operations
Disruption: Uses deliberate, authorized defensive measures that protect and defend DoD information, computers, and networks
Dissemination: Provides all NetOps centers with incident reports and potential countermeasures
Incident Response: Provides investigative mitigation and support to DoD and other agencies if asked
Analysis: Analyzes anomalies or intrusions into DoD systems
Collaboration: Serves as focal point for the Defense Industrial Base (DIB); collaborates with DoD offices and other agencies on digital forensic intelligence efforts; partners with governmental, academic and private sector computer security officials
Analysis: DCFL conducts electronic forensic analysis, supports operations and provides counterintelligence analysis and diagnostics
DC3
Collaboration: Primarily collaborates with US-CERT, intelligence community, select foreign governments, and private sector
Monitor: Monitors the DoD network and determines vulnerabilities
Collection: Identifies emerging technologies and associated threats to integrate migrations and response actions into current CND posture
JTF-GNO
R&D: DCCI provides accepted standards, techniques, methodologies, research, tools, and technologies on computer forensics to meet current and future DoD needs