The director of the Northern California Regional Intelligence Center discussed the growing role of fusion centers in addressing cyber threats. He stated that less than half of fusion centers currently have a dedicated cyber program, but that number is expected to grow as cyber threats increase. The director highlighted examples of fusion centers' cyber analysis and information sharing activities, such as the Louisiana fusion center issuing advisories about "telephone denial-of-service attacks" targeting various organizations nationwide. He argued that fusion centers need additional resources like more cyber analysts in order to strengthen capabilities for cyber threat analysis and information sharing.
HIMSS Response to DHS National Cyber Incident Response PlanDavid Sweigert
HIMSS Responds to National Cyber Incident Response Plan (NCIRP)
November 02, 2016
HIMSS strongly supports the basic principle in the NCIRP, that education and readiness are shared responsibilities to ensure greater public awareness against cyber-attacks.
With the goal of making sure the NCIRP remains relevant into the foreseeable future HIMSS offered comments in three categories:
•The dimensions of potential cyber threats
•Clarification on what a significant cyber incident is
•The rise of artificial intelligence as a means for cybersecurity defense
Uploaded as a courtesy by:
David Sweigert
Public Relations Campaign for SecureWorks for IMC 618: PR Concepts & Strategy. Campaign is focused on increasing brand awareness among both big and small businesses as well as potential investors.
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
● US Critical Infrastructure Sectors as Targets, presented by Charles Brooks, Vice President, Government Relations & Marketing, Sutherland Government Solutions and Chairman of the CompTIA New and Emerging Technologies Committee
Cybersecurity Context in African Continent - Way ForwardGokul Alex
The slides from the presentation session by Gokul Alex on the Enigmatic Economy of Cyber Crimes and Cyber Attacks across the globe with the specific focus on African Continent ravaging countries such as South Africa, Nigeria, Kenya, etc. Cybersecurity issues are looming large and assuming larger significance in the post pandemic political economies. This presentation was delivered to the TAFFD Virtual Conference on Cybersecurity in July 2020 together with Red Team Hacker Academy and BeyondIdentity.
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
HIMSS Response to DHS National Cyber Incident Response PlanDavid Sweigert
HIMSS Responds to National Cyber Incident Response Plan (NCIRP)
November 02, 2016
HIMSS strongly supports the basic principle in the NCIRP, that education and readiness are shared responsibilities to ensure greater public awareness against cyber-attacks.
With the goal of making sure the NCIRP remains relevant into the foreseeable future HIMSS offered comments in three categories:
•The dimensions of potential cyber threats
•Clarification on what a significant cyber incident is
•The rise of artificial intelligence as a means for cybersecurity defense
Uploaded as a courtesy by:
David Sweigert
Public Relations Campaign for SecureWorks for IMC 618: PR Concepts & Strategy. Campaign is focused on increasing brand awareness among both big and small businesses as well as potential investors.
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
● US Critical Infrastructure Sectors as Targets, presented by Charles Brooks, Vice President, Government Relations & Marketing, Sutherland Government Solutions and Chairman of the CompTIA New and Emerging Technologies Committee
Cybersecurity Context in African Continent - Way ForwardGokul Alex
The slides from the presentation session by Gokul Alex on the Enigmatic Economy of Cyber Crimes and Cyber Attacks across the globe with the specific focus on African Continent ravaging countries such as South Africa, Nigeria, Kenya, etc. Cybersecurity issues are looming large and assuming larger significance in the post pandemic political economies. This presentation was delivered to the TAFFD Virtual Conference on Cybersecurity in July 2020 together with Red Team Hacker Academy and BeyondIdentity.
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The mission of the IC3 is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity, and to develop effective alliances with industry partners. Information is analyzed and disseminated for investigative and intelligence purposes, for law enforcement, and for public awareness.
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
250 words agree or disagreeIntelligence and Information Sharin.docxvickeryr87
250 words agree or disagree
Intelligence and Information Sharing
A lack of information sharing is likely to be a stumbling block to implementing an effective homeland security strategy. There are currently two significant obstacles when it comes to intelligence, information sharing and fighting crime and terrorism. The fragmented nature of data collection and incident reporting among local, state and federal law enforcement agencies hinders their ability to connect information that may point to terrorist plots or other ongoing criminal activity (National Governors Association , 2007). Secondly, the private sector which owns a significant amount of data as well as majority of the country’s critical infrastructure is often not connected to the homeland security intelligence and information-sharing networks. This information-sharing problem can be resolved by:
creating intelligence fusion centers that bring together law enforcement, intelligence, emergency management, public health, and other agencies, and the variety of information they collect into one central location
joining national efforts that encourage intelligence and information sharing and include regional, multistate, and federal systems
Utilizing national standards for information sharing that foster the ability of systems to exchange data.
Intelligence Fusion Centers
Fusion center were created after the 9/11 terrorist attacks and they were intended to improve homeland security by solving the information-sharing gaps among the different components of the intelligence community. Though fusion centers vary from state to state, most contain similar elements, including members of state law enforcement, public health, social services, public safety, and public works organizations. Increasingly, federal agencies such as the Department of Homeland Security (DHS), Federal Bureau of Investigation, Drug Enforcement Administration, and Bureau of Alcohol Tobacco and Firearms station representatives at state-level fusion centers. State and federal representatives input into a fusion center’s database a broad spectrum of information, including the location and capabilities of area hospitals, details from calls to the state’s 911 emergency hotline, and names from federal terrorism watch lists. This data pool is then drawn on to form a clearer picture of threats facing each state. In addition, it helps inform police investigations, contingency planning, and emergency response. Experts say putting this information at the fingertips of local law enforcement transforms police officers from first responders into “first preventers.” The idea is that the next time a would-be terrorist on a government watch list is pulled over for speeding, the officer at the scene will have the information he needs. Placing federal representatives alongside local officials also helps to ensure more timely delivery of information. In the past, state and local authorities often received warnings only in times of.
19 on 2019: Expert predictions on the top police issues in 2019Nancy Perry
PoliceOne.com asked 19 law enforcement experts to share their predictions of the biggest issues police will face in 2019 and their top tips for how to navigate the path ahead.
The Future of Security in Australia: a Think Tank Report by BlackBerry. This white paper from BlackBerry, the mobile-native software and services company dedicated to securing the Enterprise of Things, features the analysis and thoughts from a 10-expert roundtable late last year looking at trends in cyber and mobile security.
Cyber Crime Multi-State Information Sharing and Analysis Center- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
4Intelligence-Led Policing The Integrationof Community .docxgilbertkpeters11344
4
Intelligence-Led Policing: The Integration
of Community Policing and Law
Enforcement Intelligence
C
H
A
P
T
E
R
F
O
U
R
39
A common concern expressed by police executives is that the
shift toward increased counterterrorism responsibilities may
require a shift of resources away from community policing.
Instead the question should be how community policing and
counterterrorism should be integrated. As will be seen, there are
more commonalities between the two than one may intuitively
expect. Indeed, new dimensions of law enforcement intelligence
and counterterrorism depend on strong community relationships.
Crime will continue to be a critical responsibility for the police as
will the need for community support. Moreover, with increased
social tension as a result of this terrorism environment, the need
is even greater to maintain a close, interactive dialogue between
law enforcement and the community.
Intelligence-Led Policing: The Integration
of Community Policing and Law
Enforcement Intelligence
40 Law Enforcement Intelligence: A Guide for State, Local, and Tribal Law Enforcement Agencies
Community policing has developed skills in many law enforcement officers
that directly support new counterterrorism responsibilities: The scientific
approach to problem solving, environmental scanning, effective
communications with the public, fear reduction, and community
mobilization to deal with problems are among the important attributes
community policing brings to this challenge. The National Criminal
Intelligence Sharing Plan (NCISP) observed these factors, noting the
following:
Over the past decade, simultaneous to federally led initiatives to
improve intelligence gathering, thousands of community-policing
officers have been building close and productive relationships
with the citizens they serve. The benefits of these relationships
are directly related to information and intelligence sharing: COP
officers have immediate and unfettered access to local,
neighborhood information as it develops. Citizens are aware of,
and seek out COP officers to provide them with new information
that may be useful to criminal interdiction or long-term problem
solving. The positive nature of COP/citizen relationships promotes
a continuous and reliable transfer of information from one to the
other. It is time to maximize the potential for community-policing
efforts to serve as a gateway of locally based information to
prevent terrorism, and all other crimes.55
Furthermore, the Office of Domestic Preparedness (ODP) Guidelines for
Homeland Security describes the roles community policing has in the
intelligence process. These include the following:
55 http://it.ojp.gov/topic.jsp?
topic_id=93
COMMUNITY POLICING has DEVELOPED SKILLS in many
LAW ENFORCEMENT OFFICERS that directly support new
COUNTERTERRORISM RESPONSIBILITIES.
41
• Provide examples and materials that may aid the recognition of terrorism
to community policing contacts in or.
On our 10th Anniversary, InfraGard of the National Capital Region (InfraGardNCR) issued it's first Annual Report sharing our numerous accomplishments and programming from 2015. Read our report to find our our efforts to protect our nation's 16 critical infrastructures through improved information sharing.
The Institute of Chartered Accountants of the Caribbean (ICAC) and IFAC held a joint workshop on June 21, 2017 in Guyana with representatives from 10 professional accountancy organizations in the region. Participants gathered together with the twin objectives of examining the role of the accountant in a changing world along with the trends (technological, economic, social, etc.) impacting the profession and tomorrow’s accountant as well as to discuss the challenging issues facing the accountancy profession and the future-readiness of today’s accountant and professional accountancy organizations.
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
Brian Wrote There is a wide range of cybersecurity initiatives .docxhartrobert670
Brian Wrote :
There is a wide range of cybersecurity initiatives that exist on the international level through collaborative efforts between the Department of Homeland Security (DHS) and numerous organizational units (UMUC, 2012). According to UMUC (2012), some examples of these initiatives are:
· Federal Law Enforcement Training Center
· National Cyber Security Division
· National Communications System
· Office of Infrastructure Protection
· Office of Operations Coordination
· Privacy Office
· U.S. Secret Service
· U.S. Immigration and Customs Enforcement
· Organization of American States Assistance
“The National Cyber Security Division works to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities” (UMUC, 2012). This is done using several strategic plans and directives, such as the Presidential Decision Directive 7, the Information Technology Sector Specific Plan, the National Strategy to Secure Cyber Space, National Infrastructure Preparedness Plan, and the National Response Plan (UMUC, 2012). A challenge that the National Cyber Security Division faces in providing an effective deterrent to cybersecurity threats are the constant evolving technologies. These include for both good and bad. Cyber attacks are constantly evolving and so are the technologies use to protect from them. In order for the National Cyber Security Division to effectively deter them not only do they have to stay up-to-date but also so do all of the strategic plans and directives that they use.
Another initiative is the Federal Law Enforcement Training Center (FLETC) that emerged in the 1980s. This initiative puts forth “efforts to counter international hijackings and financial crimes” (UMUC, 2012). It now also extends law enforcement abroad to help against terrorist activity, international crime, and drug-trafficking (UMUC, 2012). It does those with the partner of Department of State. A challenge that the FLETC faces in providing an effective deterrent to cybersecurity threats are their international limitations. All though they have partnered abroad with select foreign nations they still have restrictions and limitations as to what exactly they can do.
Justin Wrote:
Mutual Legal Assistance Treaties (MLATs) are established between two or more nations and provide a formal means of exchanging evidence and information pertaining to criminal acts or cases that occur outside of a nation’s legal jurisdiction. The primary issue associated with MLATs and cybercrime is the inconsistency of host nation laws. Many nations feel that the idea of a global anti-crime initiative may contradict a nation’s fundamental principles (Finklea & Theohary, 2012, p.24). There is no standardized definition for cybercrime which means that one nation may view a virtual act as a crime and the other, with which the MLAT exists, may not. If the two nations agree on the legality of the act then the requesting nation may sub ...
Vision: By 2023, the Department of Homeland Security will have improved national
cybersecurity risk management by increasing security and resilience across government
networks and critical infrastructure; decreasing illicit cyber activity; improving responses to
cyber incidents; and fostering a more secure and reliable cyber ecosystem through a unified
departmental approach, strong leadership, and close partnership with other federal and
nonfederal entities.
UNCLASSIFIED//FOR OFFICIAL USE ONLY
May 15, 2018
U.S. DEPARTMENT OF HOMELAND SECURITY
CYBERSECURITY STRATEGY
i
TABLE OF CONTENTS
INTRODUCTION......................................................................................................................... 1
SCOPE .......................................................................................................................................... 1
THE CYBER THREAT .................................................................................................................... 2
MANAGING NATIONAL CYBERSECURITY RISK ............................................................................ 3
GUIDING PRINCIPLES ................................................................................................................... 5
DEVELOPMENT AND IMPLEMENTATION ....................................................................................... 6
PILLAR I – RISK IDENTIFICATION ...................................................................................... 7
GOAL 1: ASSESS EVOLVING CYBERSECURITY RISKS ................................................................... 7
PILLAR II – VULNERABILITY REDUCTION ...................................................................... 8
GOAL 2: PROTECT FEDERAL GOVERNMENT INFORMATION SYSTEMS .......................................... 8
GOAL 3: PROTECT CRITICAL INFRASTRUCTURE ......................................................................... 11
PILLAR III: THREAT REDUCTION ..................................................................................... 15
GOAL 4: PREVENT AND DISRUPT CRIMINAL USE OF CYBERSPACE ............................................ 15
PILLAR IV – CONSEQUENCE MITIGATION .................................................................... 19
GOAL 5: RESPOND EFFECTIVELY TO CYBER INCIDENTS ............................................................ 19
PILLAR V – ENABLE CYBERSECURITY OUTCOMES ................................................... 22
GOAL 6: STRENGTHEN THE SECURITY AND RELIABILITY OF THE CYBER ECOSYSTEM ............... 22
GOAL 7: IMPROVE MANAGEMENT OF DHS CYBERSECURITY ACTIVITIES ................................. 25
CONCLUSION ........................................................................................................................... 27
APPENDIX: DHS CYBERSECURITY AUTHORITIES .................................................... A-1
1
INTRODUCTION
...
Similar to NCRIC Analysis of Cyber Security Emergency Management (20)
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
What is the point of small housing associations.pptxPaul Smith
Given the small scale of housing associations and their relative high cost per home what is the point of them and how do we justify their continued existance
Russian anarchist and anti-war movement in the third year of full-scale warAntti Rautiainen
Anarchist group ANA Regensburg hosted my online-presentation on 16th of May 2024, in which I discussed tactics of anti-war activism in Russia, and reasons why the anti-war movement has not been able to make an impact to change the course of events yet. Cases of anarchists repressed for anti-war activities are presented, as well as strategies of support for political prisoners, and modest successes in supporting their struggles.
Thumbnail picture is by MediaZona, you may read their report on anti-war arson attacks in Russia here: https://en.zona.media/article/2022/10/13/burn-map
Links:
Autonomous Action
http://Avtonom.org
Anarchist Black Cross Moscow
http://Avtonom.org/abc
Solidarity Zone
https://t.me/solidarity_zone
Memorial
https://memopzk.org/, https://t.me/pzk_memorial
OVD-Info
https://en.ovdinfo.org/antiwar-ovd-info-guide
RosUznik
https://rosuznik.org/
Uznik Online
http://uznikonline.tilda.ws/
Russian Reader
https://therussianreader.com/
ABC Irkutsk
https://abc38.noblogs.org/
Send mail to prisoners from abroad:
http://Prisonmail.online
YouTube: https://youtu.be/c5nSOdU48O8
Spotify: https://podcasters.spotify.com/pod/show/libertarianlifecoach/episodes/Russian-anarchist-and-anti-war-movement-in-the-third-year-of-full-scale-war-e2k8ai4
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
2024: The FAR - Federal Acquisition Regulations, Part 37
NCRIC Analysis of Cyber Security Emergency Management
1. 1
Statement of
Mike Sena
President, National Fusion Center Association
Director, Northern California Regional Intelligence Center (NCRIC)
Joint Hearing of the Subcommittee on Emergency Preparedness, Response,
and Communications; and the Subcommittee on Cybersecurity,
Infrastructure Protection and Security Technologies
Committee on Homeland Security
United States House of Representatives
“Cyber Incident Response: Bridging the Gap Between Cybersecurity and
Emergency Management”
October 30, 2013
2. 2
Chairman Brooks, Chairman Meehan, Members of the Subcommittees,
My name is Mike Sena and I am the Director of the Northern California Regional Intelligence Center
(NCRIC), which is the fusion center for the San Francisco Bay and Silicon Valley region. I currently serve
as president of the National Fusion Center Association (NFCA). On behalf of the NFCA and our
executive board, thank you for the opportunity to share our perspective on the analysis and sharing of
information on threats from the cyber domain that we are seeing at a rapidly increasing pace.
The National Network of Fusion Centers (National Network) includes 78 designated state and major
urban area fusion centers. Every center is owned and operated by a state or local government entity.
The majority of operational funding for fusion centers comes from state or local sources, while federal
grants – primarily through the Homeland Security Grant Program at FEMA – are a major source of
additional support. Our centers are focal points in the state, local, tribal, and territorial (SLTT)
environment for the receipt, analysis, gathering, and dissemination of threat-related information
between the federal government, SLTT, and private sector partners.
As the report on fusion centers that was released in July of this year by the majority staff of the full
House Homeland Security Committee noted, nearly 200 FBI Joint Terrorism Task Force investigations
have been created as a result of information provided to the FBI through fusion centers in recent years,
and nearly 300 Terrorist Watchlist encounters reported through fusion centers enhanced existing FBI
terrorism cases. Most fusion centers are “all-crimes” centers, meaning that they do not focus on just
terrorism-related threats. Most centers are supporting law enforcement and homeland security
agencies in their states and regions through analysis and sharing of criminal intelligence to address
organized criminal threats and to support intelligence-led policing.
Because the National Network of Fusion Centers has developed into a mechanism for regular exchange
of criminal intelligence and threat information across jurisdictions, we are increasingly involved in
addressing cyber threats. My center – the NCRIC – is actively involved in cyber threat analysis and
information sharing with our federal partners, other fusion centers, state and local governments in our
region, and private sector partners. As with any other successful law enforcement or intelligence
effort, good relationships are at the heart of the matter. We must develop strong and trusting
relationships with our customer agencies as well as with the private sector to ensure timely
information flow. As an example of partnership development, the NCRIC is working with a major
utilities service provider - that faces significant persistent cyber attacks - to assign personnel inside the
fusion center. Once in place, this partnership will result in the development of capabilities to improve
internal security for the company, but also new threat analysis and prevention capabilities for other
critical infrastructure partners across the sector. The NCRIC hosts a working group including private
sector CIKR owners that meets regularly to discuss threats and share information.
But my center is not the norm across the National Network. Today, less than half of the fusion centers
have a dedicated cyber program. We expect that number to grow as the threats grow, but we must
have additional resources to support the specialized training and personnel to further that mission.
We cannot take away from our established missions to tackle new ones. We also must coordinate
3. 3
closely with other entities that play roles in cyber threat awareness, analysis, and information sharing –
including the organizations my fellow panelists here today represent.
The reality is that we are dealing with a growing category of criminal activity featuring different
impacts as compared to traditional crime. Because the impacts are “quieter” and – to date – most
often bloodless, it is more difficult to make a clear case for investments in systematic improvements in
law enforcement and criminal intelligence capacity to deal with these threats.
But as we all know, the threats and their consequences are very real. And the threats are growing –
from small, targeted operations that impact a family’s finances to large operations that threaten an
electric grid. Large critical infrastructure owners know who to call when something happens – they are
likely to have existing partnerships with federal law enforcement and investigative bodies. But who
does a family call when they notice they have been violated? What about a small business or, even
more concerning, a smaller vendor that may be part of an important supply chain? State and local law
enforcement across the country are reporting increased calls related to cybercrime. Questions related
to jurisdiction and investigative capacity are difficult to answer in many of these cases. But the analysis
and sharing of threat information is essential to prevent more victimization.
As the NFCA has worked with our partners in state and local law enforcement on this issue over the
past year, it has become clear that we have significant needs for capability and capacity
enhancements. As I wrote in a blog post for the Program Manager for the Information Sharing
Environment (PM-ISE) last week, the NFCA is working with the International Association of Chiefs of
Police (IACP), the PM-ISE, private sector partners, and other professional associations to assess needs
across the country. I want to specifically acknowledge the office of the Program Manager for the
Information Sharing Environment, DHS Intelligence & Analysis, and FEMA for their recognition of the
importance of this effort, and for moving the ball downfield. These are outstanding partners in our
efforts and we rely on them daily.
In August 2012, the NCRIC hosted a roundtable for cybersecurity stakeholders that included
representatives from the financial and IT sectors, as well as federal, state, and local officials. These
participants identified two types of information sharing: 1) fusion centers engaged in sharing tactical
information on company or sector-specific situational awareness; and 2) fusion centers sharing
strategic information on threats, risks, and trends through strategic forums that involve both the public
and private sectors. IACP partnered with the Department of Homeland Security to facilitate a
December 2012 roundtable to further clarify requirements for cybersecurity information sharing.
Building on the momentum of the August and December events, the NCRIC and the IACP held the
Cybersecurity Evaluation Environment Pilot Kick-off Event in February 2013. The first day of this two-
day event focused on soliciting cybersecurity information sharing requirements from industry partners
and developing potential federal, state, and local government processes for cybersecurity information
sharing with the private sector. Participants also discussed government requirements for cybersecurity
information sharing. On the second day, the government participants worked to design a
“cybersecurity pilot” that would advance fusion center cybersecurity information sharing capabilities.
4. 4
The pilot will be funded by DHS through the Multi-State Information Sharing and Analysis Center (MS-
ISAC) and executed in coordination with all appropriate stakeholders. It will focus on addressing needs
identified by stakeholders including:
• the need for increasing the timeliness, volume and the quality of the information the federal
government shares with state/local/tribal government and private sector partners;
• the need for standardization of information sharing processes between the federal and
state/local/tribal governments and the development of cyber response best practices;
• leveraging current counterterrorism-developed tools and processes for cyber incident handling
and intelligence sharing;
• enhancing the protection of state/local/tribal networks
• supporting cyber crime investigations; and
• promoting private sector cooperation and information sharing.
We expect the pilot to get underway soon and we look forward to keeping the committee apprised of
our actions.
We believe it is important to recognize a couple of realities. First, a streamlined system for reporting,
analyzing, and sharing threats and incidents requires leadership at the state level in each of our states
and a clear acceptance of what roles fusion centers can and should play. Roles, responsibilities, and
capabilities should be clearly understood – including by private sector partners – and we have to
acknowledge that we are not where we need to be. That is why efforts like the pilot project we are
about to engage in with the leadership of PM-ISE and IACP are so important. While the systems of
interaction may vary from state to state, we need structured relationships so that our personnel know
where information should be flowing from and disseminated to.
Second, our human resource base in investigative and intelligence settings at the state and local levels
has not adapted quickly enough to address the increased cyber threat. Again, citizens report crimes to
law enforcement no matter the type. Federal agencies cannot possibly investigate all of those crimes,
even as they have a need to be aware of them in case they relate to other incidents in other locations.
State and local law enforcement, homeland security, and emergency management functions –
including fusion centers – must be resourced to respond to those crimes quickly and share information
rapidly so that additional crimes can be prevented.
As the July, 2013 committee staff report on fusion centers noted, “Ultimately, it is the FBI’s
responsibility to conduct counterterrorism investigations. However, no single government entity has
the mission and capacity to coordinate, gather, and look comprehensively across the massive volume
of State and locally owned crime data and SARs and connect those ‘dots’, particularly those related to
local crime and, potentially, the nexus between those criminal activities and terrorist activity. This is
the principal value proposition for the National Network.” This reality extends to the cyber threat
domain.
Next week the National Fusion Center Association will host a major event across the river in
Alexandria, Virginia. The NFCA Annual Training Event will bring together fusion center directors and
5. 5
analysts from nearly all 78 centers, as well as federal partners including DHS, partner associations from
state and local law enforcement and emergency response, fire service representatives, and industry to
receive training and share best practices. Among the training sessions are two separate sessions on
cyber threat analysis and information sharing. Representatives from the Kanas City Terrorism Early
Warning Group, the Orange County (CA) Intelligence Assessment Center, the Louisiana State Analytical
and Fusion Exchange (LA-SAFE), the San Diego Law Enforcement Coordination Center, and my center –
the NCRIC – will present to other fusion centers on effective practices and partnerships they are
implementing in their centers. This indicates the level of interest across the National Network in
advancing our capabilities to address cyber threats.
The state of Louisiana’s fusion center – LA-SAFE – has taken an active role in cyber threat analysis and
information sharing. State, local, and private entities reach out to LA-SAFE when a cyber event occurs
in their AOR. The fusion center’s lead cyber analyst disseminates block-list information to those
partners to quickly help strengthen their protections. LA-SAFEconducts analysis of cyber threats and
develops intelligence reports for dissemination to relevant partners. To date, the LA-SAFE Cyber Unit
has developed more than 40 reports that have been shared with federal, state, and local partners.
Feedback to LA-SAFE – including from our federal partners – clearly indicates that the information
coming out of the fusion center is of high value.
In one example from earlier this year, the Louisiana state legislature was receiving numerous phone
calls from a foreign individual asking for the payment of a supposed debt. The numerous malicious
calls clogged the phone-lines, preventing legitimate calls from going in or out. The “telephone denial-
of-service attack” disrupted the legislature’s communications. LA-SAFE determined that this TDOS
attack was similar to others that had occurred across the United States and produced and
disseminated an advisory to its partners. Immediately afterwards LA-SAFE received numerous phone
calls and emails from public safety answering points (PSAPs) across the country that had suffered
similar attacks. LA-SAFE was contacted by the Deputy Manager of the National Coordinating Center for
Communications (NCC). The NCC had received the LA-SAFE advisory from the NCCIC and expressed
serious concern. The NCC then initiated a conference call with LA-SAFE, the NCRIC, NCC, NCCIC,
Association of Public-Safety Communications Officials (APCO), National Emergency Number Association
(NENA), FBI and other industry representatives to coordinate a response.
As a result of the coordination, multiple advisories were distributed from participating organizations to
their customer bases. It has since been determined that over 200 of these attacks have been identified
nationwide. These attacks have targeted various businesses and public entities, including the financial
sector and other public emergency operations interests, such as air ambulance, ambulance and
hospital communications.
This example of cyber threat analysis and information sharing is occurring on a more frequent basis
across the National Network of Fusion Centers. Some fusion centers are collecting and analyzing
instances of cyber attacks in their AOR, and developing products that are sent to other fusion centers,
which enables a much larger set of stakeholders to prevent damaging attacks.
6. 6
LA-SAFE’s recent experiences demonstrate both the opportunity and the need for additional focus and
capacity within the network. Like other fusion centers that provide cyber threat analysis and sharing
services, LA-SAFE needs more cyber analyst positions. The increasing threat level has already
translated into increased demand for investigative and analytical services from fusion centers, and
there is no sign of any slowing-down in that demand. A significant challenge for LA-SAFE and other
centers is that cyber analysts are typically more expensive than traditional analysts. While physical
terror threats and criminal activity are the primary focus of most fusion centers, the growing category
of cyber crime means that cyber threat analysis resources must be strengthened at all levels of
government.
In addition, LA-SAFE and other centers believe that the system for interacting with federal partners on
cyber threats needs to be improved. Enhanced cooperation by federal partners through more
information sharing at the unclassified or sensitive-but-unclassified levels would help connect dots and
lead to faster information sharing to prevent attacks. Our federal partners tend to operate on the
“high side,” but since threat information is coming to fusion centers from state, local, and private
sector customers who expect timely responses, operating in a classified environment can slow down
information flow. Speed is important in all investigations and prevention activities – especially in the
cyber domain. We must work with our partners to identify the right path forward on classification so
that we can be appropriately responsive to our communities while safeguarding CIKR and information
assets from inappropriate exploitation.
Building, training, and maintaining a strong cyber analyst cadre within fusion centers and law
enforcement entities should be a priority. We have great partners like the United States Secret Service
whose Hoover, Alabama training facility provides beginning and intermediate training for fusion center
and other analysts. That program should be prioritized for new investment in the immediate future so
that its training can reach a greatly expanded audience. The Multi-State Information Sharing and
Analysis Center (MS-ISAC) provides training to state and local law enforcement to enhance cyber
awareness and analytical capabilities. We need more of this type of training to ensure our analysts
have the skills required to act quickly so that accurate, timely information can be shared broadly.
The Terrorism Liaison Officer (TLO) program is a successful partnership between fusion centers and the
state and local law enforcement, first responder, public health, and private sector communities within
their AORs. TLO programs train thousands of individuals on indicators of possible terrorist activity and
reinforce a system of reporting of suspicious activity through the fusion centers and the Nationwide
Suspicious Activity Reporting (SAR) Initiative. This system maximizes situational awareness and
provides a clear mechanism for ground-level suspicious activity to quickly funnel up to lead
investigative agencies.
The success of the TLO program in the physical terrorism domain should be extended to the cyber
domain in the form of a “cyber TLO” program. Trained TLOs know what to do in the world of physical
threats. The same should happen with cyber threats. City governments, county governments, state
governments, and CIKR owners and operators should be part of this network. Again, maximizing
situational and threat awareness through a systematized reporting mechanism will ensure that
7. 7
investigative leads filter up to lead investigative agencies, while regular reporting on the latest cyber
threats by fusion centers and other partners can be pushed down through that network.
Every fusion center should have the ability to triage threat reports and develop products to help state,
local, and private sector entities to mitigate the threats. Ideally, we need a constantly updated
automated system that provides partners information – machine and human-readable – in real-time as
events are happening. Investigation into the source of cyber attacks will occur after the fact, but
action to identify the attack, identify the associated indicators of compromise, and disseminate those
indicators of compromise to partners in a timely manner is essential.
It will take time and money for that vision to be realized – and we have too little of both in the near
term. In the meantime, the partners at this table and around the country must work together through
the pilot project and other settings to develop policies, protocols, and requirements that will result in
the kind of information sharing and threat analysis our citizens expect. In addition, a concept called
analytical centers of excellence is being built out across the National Network. If a particular fusion
center does not have dedicated cyber capabilities, then that center’s personnel should know exactly
where to go for support. Relationships should be developed and formalized so that centers with cyber
capacity can be tapped when needed by other members of the National Network. This same concept
is being applied to traditional criminal intelligence information by fusion centers today.
On behalf of the National Fusion Center Association, thank you again for the opportunity to testify
today. The members of the NFCA executive board and I are happy to provide you with ongoing input
and answer any questions you have. I also encourage you to reach out to the fusion center in your
state or region and find out about their particular challenges and best practices related to cyber and
other threats. We look forward to working with you on this issue.