The National Cybersecurity and Communications Integration Center represents more than just another federal office trying to work with the private sector.
The NCCIC, which launched in October 2009, is the culmination in the Homeland Security Department’s efforts to transform its approach to working with the private sector.
“It really is the nexus of information sharing between the government and the private sector,” said Mark Weatherford, the DHS deputy undersecretary for cybersecurity, in an exclusive interview with Federal News Radio as part of our multimedia special report, Cybersecurity Rising. “We have a variety of different government organizations that sit on the floor along with law enforcement, the Information Sharing and Analysis Center folks, the telecommunications companies and the intelligence community. So it’s a place where the synergy of everything happens operationally cyberwise. My vision for it would be a cyber 911. If anyone has a cyber-related issue, they call the NCCIC. The NCCIC may not be able to answer all the questions, but we know where to point people within the government.”
Weatherford, who came to DHS a year ago after serving as the vice president and chief security officer for the North American Electric Reliability Corporation (NERC), said one of the main reasons DHS created his new position was to strengthen the public-private relationships.
NCCIC grows up
And the maturation of the NCCIC has been one of the most important pieces of that effort.
“Over the last few months, six to nine months, we have been developing these relationships within the government and with the key players in the private sector that deal with this stuff on a daily basis,” he said. “One of the things I tell people all the time, there are certain things you have to do as an organization to prepare for a cyber event. And if you don’t do those before the event happens, it’s like trying to figure who to call in the middle of an emergency. (It) is the wrong time to be looking for the phone numbers. The NCCIC is that place.”
The NCCIC is the hub for responding to specific cyber events as well as developing better analytical tools, he said.
“We’re bringing more private-sector partners in, and we work through the Cooperative Research and Development Agreement (CRADA) program to bring organizations in to understand each other’s responsibilities,” Weatherford said. “The goal going forward is to get more people involved with the NCCIC from a tactical geographic perspective and from a strategic, how-do-we-work-with-you perspective.”
A recent example of the NCCIC’s value came during the recent cyber attacks against some financial-sector companies.
Weatherford said the response to those attacks came through the NCCIC.
“We’ve working with different financial institutions, telecommunications providers and working within government to find the expertise to think about how these incidents are impacting and how we can respond appropriately,” he said.
One way DHS is trying to expand both the reach of the NCCIC and to bring more people into the conversation is through better coordination of the physical security and the cybersecurity offices.
Physical, cyber integration
Weatherford said he led a meeting earlier in October where both camps came together to discuss how they could work more closely together.
“I think this is one of the areas where we will be able to influence a lot,” he said. “In the private sector, many organizations are still struggling with how they integrate the more traditional physical organization and roles with some of the cybersecurity stuff. It’s a big deal for us at DHS to closer integrate and closer coordinate between our physical security and cybersecurity organizations.”
He said, individually, each of the organizations is fairly mature, but with all the changes over the past few years, there is an opportunity to coordinate more closely.
One long-term goal is to expand the use of the protective security adviser (PSA) program to include cyber. The program now sends physical-security experts to help critical infrastructure providers find weaknesses in their defenses, Weatherford said.
Weatherford said there’s a growing desire for cyber expertise and the PSA teams already are trusted sources, he said.
“We are going to beef up this PSA program with cyber expertise, so when folks go work with companies or local governments they have both physical and cyber security expertise with them,” he said. “It could be a team of people depending on the issue, or if they are doing training or doing assessments or responding to an event. These guys have such as great relationship with the companies and people they work with. This is one of the real success stories of our IT organization. I spoke at a National Cybersecurity Awareness event on Oct. 1 in Nebraska and the lieutenant governor even told me what a success the PSA program was there.”
Emergency team set to respond
Along with DHS, the Energy Department is working with electricity critical infrastructure sector to implement the Electricity Subsector Cybersecurity Capability Maturity Model. It’s a way to manage the cyber risk these companies face.
The NCCIC also houses the Industrial Control Systems cyber emergency-response team. Weatherford said the team is on the ground addressing threats, vulnerabilities and attacks. DHS reported in July the number of critical infrastructure companies reporting cyber incidents increased by 383 percent in 2011 compared to 2010.
“There is a growing awareness that in the critical-infrastructure sector — and that’s across all 18 sectors — in the industrial control systems space, the technical vulnerabilities have become more visible then they have been in the past,” he said. “We’ve always known there were technical vulnerabilities in our industrial controls systems just like there were in our IT systems, but there has been a little bit of a sea change over the last couple of years. People are beginning to look at them and exploit them, just like there was a change in the IT industry 15 years ago. What our role really is, is working with the owners and operators of industrial control systems and helping them with variety of things.”