National Cyber Security Division - Organization

Organization

NCSD is funded through the following three Congressionally appropriated Programs, Projects and Activities (PPA): United States Computer Emergency Readiness Team (US-CERT), Strategic Initiatives, and Outreach and Programs:

• US-CERT leverages technical competencies in federal network operations and threat analysis centers to develop knowledge and knowledge management practices. US-CERT provides a single, accountable focal point to support federal stakeholders as they make key operational and implementation decisions and secure the Federal Executive Branch civilian networks. It does so through a holistic approach that enables federal stakeholders to address cybersecurity challenges in a manner that maximizes value while minimizing risks associated with technology and security investments. Further, US-CERT analyzes threats and vulnerabilities, disseminates cyber threat warning information, and coordinates with partners and customers to achieve shared situational awareness related to the Nation’s cyber infrastructure. US-CERT funds also support the development, acquisition, deployment, and personnel required to implement the National Cybersecurity Protection System (NCPS), operationally known as EINSTEIN. The EINSTEIN Program is an automated intrusion detection system for collecting, correlating, analyzing, and sharing computer security information across the federal government to improve our Nation’s situational awareness. EINSTEIN is an early warning system that monitors the network gateways of Federal Executive Branch civilian departments and agencies for malicious cyber activity. DHS is deploying EINSTEIN 1 and 2 systems in conjunction with the federal TIC initiative, which optimizes network security capabilities into a common solution for the Federal Executive Branch and facilitates the reduction and consolidation of external connections, including Internet points of presence, through approved access points. As of March 2012, EINSTEIN 3 is currently being staged for roll-out to federal agencies for those that have reached a high TIC compliance.

• The National Cyber Security Center (NCSC) is a component of US-CERT’s budget. The NCSC fulfills its presidential mandate as outlined in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 in ensuring that federal agencies can access and receive information and intelligence needed to execute their respective 7 cybersecurity missions. The NCSC accomplishes this through the following six mission areas: Mission Integration, Collaboration and Coordination, Situational Awareness and Cyber Incident Response, Analysis and Reporting, Knowledge Management, and Technology Development and Management, each supported by developing NCSC programs and capabilities.

• Strategic Initiatives enables NCSD to establish mechanisms for federal partners to deploy standardized tools and services at a reduced cost, paving the way for a collaborative environment that enables the sharing of best practices and common security challenges and shortfalls. In addition, Strategic Initiatives enables NPPD to develop and promulgate sound practices for software developers, IT security professionals, and other CIKR stakeholders; it also enables collaboration with the public and private sectors to assess and mitigate risk to the nation’s cyber CIKR.

• Outreach and Programs promotes opportunities to leverage the cybersecurity investments of public and private industry partners. This PPA encourages cybersecurity awareness among the 8 general public and within key communities, maintains relationships with government cybersecurity professionals to share information about cybersecurity initiatives, and develops partnerships to promote collaboration on cybersecurity issues. Outreach and Programs enables governance and assistance in setting policy direction and establishes resource requirements for NCSD’s complex activities.