need help 9

profileJrasue
intelligence.docx

INTELLIGENCE

Strategy Collaboration Dissemination

National Cybersecurity Center Policy Capture DEFENSE

Collaboration: Collaborates with NIST, US-CERT, Training/Exercises: Supports cyber

Domains

Intelligence Defense Civil Law Enforcement/ Counterintelligence

Core Competencies

Situational Awareness Public-private Coordination National Security Foreign Intelligence

Main Functions

Incident Response

System Protection Disruption Investigation Attribution

Attribution: Provides foreign threat- based analysis to assist in gaining attribution regarding a cyber attack

Collaboration: Collaborates with and shares information among Intelligence and CND communities, DoD, US-CERT and other incident response organizations

Monitor: Manage and monitor IC networks

Collection: 24/7 operation facilitates collection and sharing of cyber event information among the Intelligence community

Training/Exercises: Plans and conducts IC TS network exercises

Dissemination: Provides vulnerability management notification and status reporting for IC as well as threat message

IC-IRC dissemination and status monitoring

Incident Response: Provides Intelligence incident reporting and response for IC continuity of operations; Serves as cyber alert and notification focal point

Analysis: Conducts network threat analysis and correlation

and JTF-GNO; facilitates cooperation, planning, and coordination between organizations (such as DISA) responsible for information systems security incidents

Monitor: Reviews information to determine cyber threats and vulnerabilities and to develop mitigation strategies

Analysis: Coordinates with DIA for all-source threat analysis

defense elements of major Combatant Commander and national-level exercises; provides network analyst training courses at the National Cryptologic School

Education/Awareness: Publishes

security configuration guides; NTOC partners with DHS to sponsor CAEIAE

Dissemination: Facilitates security incident reporting to the appropriate authority; provides worldwide dissemination of threat advisories

Monitor Collection Analysis

Center/Dept.

NCSC/DHS US-CERT/DHS JTF-GNO/DoD NCIJTF/FBI IC-IRC/DNI NTOC/NSA DC3/DoD

R&D Education/Awareness Training/Exercises

Description

National Cybersecurity Center United States Computer Emergency Readiness Team Joint Task Force—Global Network Operations National Cyber Investigative Joint Task Force Intelligence Community—Incident Response Center NSA/CSS Threat Operations Center Defense Cyber Crime Center

Incident Response: Facilitates and coordinates identification and development of countermeasures; provides support during security incidents when needed

The centers connect, communicate, and share information with each other through established relationships or through strategically placed liaison officers.

NCSC will draw insight from six existing federal cyber centers to create cross-domain situational awareness.

Strategy: Developing global view of information warfare activity; creating strategic framework for centralizing coordination of existing operational initiatives and developing new initiatives

Collaboration: Collaborates with Intelligence, Law Enforcement, USSS, other USG entities, foreign LE agencies, state and local government, and private sector; Developing synchronization and collaboration approach for investigations

Monitor: Reviews all-source data and identifies intelligence gaps

Attribution: Seeks to identify threats to computer networks affecting national security

Strategy: Will develop strategic reporting and view of the state of cyber; will develop mitigation strategies based on identified risks

Collaboration: Will work with private sector on IT analytic tools and methodologies; will coordinate with six centers and use their existing structures for further collaboration

Monitor: Will monitor and track events as highlighted by centers

Collection: Will collect information across centers to create fused picture of cyber activity across U.S. networks and systems

R&D: Will advocate for R&D efforts through various Federal Government working forums

Dissemination: Will receive, share and report on active incidents and their impacts; will provide cross- domain situational awareness

NCSC Incident Response: Will assist with development and coordination of courses of action in response to

unfolding cyber activities; will provide 24/7 operational support

Analysis: Will correlate, analyze and synthesize reporting across centers; will develop and implement process of publishing analysis results

Monitor: Monitors activity on .gov; monitors cybersecurity events from various sources

Collection: Collects and documents cyber incidents related to .gov or call from public

Analysis: Analyzes all EINSTEIN data; provides digital analysis, malware analysis and related vulnerability assessments; analyzes anomalies or intrusions into .gov systems

LAW ENFORCEMENT/ COUNTERINTELLIGENCE

CIVIL

Collaboration: Primarily collaborates with private sector on incident handling and analysis; collaborates with international and domestic CERTs; provides interface for the public, government at all levels, and private sector

System Protection: Established the TIC and EINSTEIN initiatives to improve the protection and integrity of U.S. federal networks

Training/Exercises: Encourages IT studies through the Scholarship for Service Program; participates in DHS/NCSD-sponsored Cyber Storm biannual, international cybersecurity exercises

Education/Awareness:

Provides quarterly trends report for public consumption; participates in DHS/NSA sponsored CAEIAE

Dissemination: Comprehends broad network activity and supports incident handling and analysis of cybersecurity trends for federal agencies

NCIJTF

Investigation: Conducts LE/CI/CT cyber-related investigations and response to counterintelligence threats

Disruption: Proactively disrupts the foreign exploitation of U.S. computer networks

Training/Exercises:

Planning to conduct training with FY09 budget request for training funds

Dissemination: Produces quarterly reports to allow targeted entities to take action

US-CERT

Incident Response:

Provides 24/7 support to federal, state, and local entities

Collection: Collects and synthesizes common operating picture of hostile-intrusion-related activity to aid investigations

Incident Response: Identifies new methods of attacks; intends to develop 24/7 operations center

Investigations: DC3 supports investigative missions for the DCIOs; DCFL supports those investigations by conducting digital forensic examinations on seized media; DCITA conducts cyber investigations training for DoD personnel and law enforcement/counterintelligence organizations

Training/Exercises: Operates the Defense Computer Investigations Training Academy; conducts computer investigation training courses for DoD organizations, military counterintelligence agencies, and law enforcement organizations

Education/Awareness: Provides DC3 Dispatch daily email on cybercrime, LE, technology and legal news; hosts the DoD Cyber Crime Conference on current and future cybercrime trends

Strategy: Develops strategic framework for GIG operations

Disruption: Uses deliberate, authorized defensive measures that protect and defend DoD information, computers, and networks

Dissemination: Provides all NetOps centers with incident reports and potential countermeasures

Incident Response: Provides investigative mitigation and support to DoD and other agencies if asked

Analysis: Analyzes anomalies or intrusions into DoD systems

Collaboration: Serves as focal point for the Defense Industrial Base (DIB); collaborates with DoD offices and other agencies on digital forensic intelligence efforts; partners with governmental, academic and private sector computer security officials

Analysis: DCFL conducts electronic forensic analysis, supports operations and provides counterintelligence analysis and diagnostics

DC3

Collaboration: Primarily collaborates with US-CERT, intelligence community, select foreign governments, and private sector

Monitor: Monitors the DoD network and determines vulnerabilities

Collection: Identifies emerging technologies and associated threats to integrate migrations and response actions into current CND posture

JTF-GNO

R&D: DCCI provides accepted standards, techniques, methodologies, research, tools, and technologies on computer forensics to meet current and future DoD needs