National Cyber Security Division

Last updated January 27, 2024

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.^[1] Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State,^[2]^[3] who assumed the position in January 2012.

Strategic objectives and priorities

^[4]Strategic Objectives

To protect the cyber infrastructure, NCSD has identified two overarching objectives:

To build and maintain an effective national cyberspace response system.
To implement a cyber-risk management program for protection of critical infrastructure.

Priorities

Continued development of the EINSTEIN system’s capabilities as a critical tool in protecting the Federal Executive Branch civilian departments and agencies.
Development of the National Cyber Incident Response Plan (NCIRP) in full collaboration with the private sector and other key stakeholders. NCIRP ensures that all national cybersecurity partners understand their roles in cyber incident response and are prepared to participate in a coordinated and managed process.
Increase the security of automated control systems that operate elements of the national critical infrastructure.

Organization

NCSD is funded through the following three Congressionally appropriated Programs, Projects and Activities (PPA): United States Computer Emergency Readiness Team (US-CERT), Strategic Initiatives, and Outreach and Programs:^[4]

US-CERT leverages technical competencies in federal network operations and threat analysis centers to develop knowledge and knowledge management practices. US-CERT provides a single, accountable focal point to support federal stakeholders as they make key operational and implementation decisions and secure the Federal Executive Branch civilian networks. It does so through a holistic approach that enables federal stakeholders to address cybersecurity challenges in a manner that maximizes value while minimizing risks associated with technology and security investments. Further, US-CERT analyzes threats and vulnerabilities, disseminates cyber threat warning information, and coordinates with partners and customers to achieve shared situational awareness related to the Nation’s cyber infrastructure. US-CERT funds also support the development, acquisition, deployment, and personnel required to implement the National Cybersecurity Protection System (NCPS), operationally known as EINSTEIN. The EINSTEIN Program is an automated intrusion detection system for collecting, correlating, analyzing, and sharing computer security information across the federal government to improve our Nation’s situational awareness. EINSTEIN is an early warning system that monitors the network gateways of Federal Executive Branch civilian departments and agencies for malicious cyber activity. DHS is deploying EINSTEIN 1 and 2 systems in conjunction with the federal TIC initiative, which optimizes network security capabilities into a common solution for the Federal Executive Branch and facilitates the reduction and consolidation of external connections, including Internet points of presence, through approved access points. As of March 2012, EINSTEIN 3 is currently being staged for roll-out to federal agencies for those that have reached a high TIC compliance.
The National Cybersecurity Center (NCSC) is a component of US-CERT’s budget. The NCSC fulfills its presidential mandate as outlined in National Security Presidential Directive 54/Homeland Security Presidential Directive 23^[5] in ensuring that federal agencies can access and receive information and intelligence needed to execute their respective 7 cybersecurity missions. The NCSC accomplishes this through the following six mission areas: Mission Integration, Collaboration and Coordination, Situational Awareness and Cyber Incident Response, Analysis and Reporting, Knowledge Management, and Technology Development and Management, each supported by developing NCSC programs and capabilities.
Strategic Initiatives enables NCSD to establish mechanisms for federal partners to deploy standardized tools and services at a reduced cost, paving the way for a collaborative environment that enables the sharing of best practices and common security challenges and shortfalls. In addition, Strategic Initiatives enables NPPD to develop and promulgate sound practices for software developers, IT security professionals, and other CIKR stakeholders; it also enables collaboration with the public and private sectors to assess and mitigate risk to the nation’s cyber CIKR.
Outreach and Programs promotes opportunities to leverage the cybersecurity investments of public and private industry partners. This PPA encourages cybersecurity awareness among the 8 general public and within key communities, maintains relationships with government cybersecurity professionals to share information about cybersecurity initiatives, and develops partnerships to promote collaboration on cybersecurity issues. Outreach and Programs enables governance and assistance in setting policy direction and establishes resource requirements for NCSD’s complex activities.

Early leadership turnover

NCSD has been plagued by leadership problems, having had multiple directors that resign after serving only short terms, or potential candidates for the position of director who refuse the position. As chair of the pre-existing Counter-terrorism Security Group, Richard Clarke was initially offered the position of director of the NCSD, but refused citing concerns that there would be too many bureaucratic layers between him and Homeland Security director Tom Ridge. Robert Liscouski ran the division initially while a permanent director was sought and continued on as Assistant Director until February 2005. Amit Yoran became director of NCSD in September 2003 and helped set up the division, but after only a year in the job, left abruptly in October 2004. One of the division's deputy directors, Andy Purdy, assumed the position of interim director within a week of Yoran's departure. In 2006 upon Andy Purdy's departure Jerry Dixon took on the role as acting director in December 2006 until officially appointed to the position as executive director in January 2007. Upon Dixon's departure in September 2007 Mcguire took on the role of acting director until March 2008 which the USSS assigned Cornelius Tate and Anita Calinoiu to be the current director of NCSD.

An audit of the division, conducted by DHS's inspector general Clark Kent Ervin, cast a negative view on the division's first year. Although the report praised the formation of the U.S. Computer Emergency Readiness Team (US-CERT) and the National Cyber Alert System, the division received criticism for failing to set priorities, develop strategic plans and provide effective leadership in cyber security issues.^[6]^[7]^[8]^[9]^[10]

Related Research Articles

The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

<span class="mw-page-title-main">National Strategy to Secure Cyberspace</span>

In the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 terrorist attacks. Released on February 14, 2003, it offers suggestions, not mandates, to business, academic, and individual users of cyberspace to secure computer systems and networks. It was prepared after a year of research by businesses, universities, and government, and after five months of public comment. The plan advises a number of security practices as well as promotion of cyber security education.

The Homeland Security Act (HSA) of 2002, was introduced in the aftermath of the September 11 attacks and subsequent mailings of anthrax spores. The HSA was cosponsored by 118 members of Congress. The act passed the U.S. Senate by a vote of 90–9, with one Senator not voting. It was signed into law by President George W. Bush in November 2002.

An information assurance vulnerability alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by US-CERT, https://www.us-cert.gov/ US-CERT is managed by National Cybersecurity and Communications Integration Center (NCCIC), which is part of Cybersecurity and Infrastructure Security Agency (CISA), within the U.S. Department of Homeland Security (DHS). CISA, which includes the National Cybersecurity and Communications Integration Center (NCCIC) realigned its organizational structure in 2017, integrating like functions previously performed independently by the U.S. Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). These selected vulnerabilities are the mandated baseline, or minimum configuration of all hosts residing on the GIG. US-CERT analyzes each vulnerability and determines if it is necessary or beneficial to the Department of Defense to release it as an IAVA. Implementation of IAVA policy will help ensure that DoD Components take appropriate mitigating actions against vulnerabilities to avoid serious compromises to DoD computer system assets that would potentially degrade mission performance.

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

The EINSTEIN System is an network intrusion detection and prevention system that monitors the networks of US federal government departments and agencies. The system is developed and managed by the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security (DHS).

Phil Reitinger was the Deputy Under Secretary of the National Protection and Programs Directorate (NPPD) and Director of the National Cybersecurity Center (NCSC) at the United States Department of Homeland Security from 2009 to 2011. During that time, Reitinger led the department's integrated efforts to reduce risks across physical and cyber infrastructures and helping secure federal networks and systems by collecting, analyzing, integrating and sharing information among interagency partners.

The Director of the Cybersecurity and Infrastructure Security Agency is a high level civilian official in the United States Department of Homeland Security. The Director, as head of Cybersecurity and Infrastructure Security Agency at DHS, is the principal staff assistant and adviser to both the Secretary of Homeland Security and the Deputy Secretary of Homeland Security for all DHS programs designed to reduce the nation's risk to terrorism and natural disasters. The Director is appointed from civilian life by the President with the consent of the Senate to serve at the pleasure of the President.

The Command, Control and Interoperability Division is a bureau of the United States Department of Homeland Security's Science and Technology Directorate, run by Dr. David Boyd. This division is responsible for creating informative resources(including standards, frameworks, tools, and technologies) that strengthen communications interoperability, improve Internet security, and integrity and accelerate the development of automated capabilities to help identify potential threats to the U.S.

The Critical Foreign Dependencies Initiative (CFDI) is a strategy and list, maintained by the United States Department of Homeland Security, of foreign infrastructure which "if attacked or destroyed would critically impact the U.S." A copy of the 2008 list was redacted and leaked by WikiLeaks on 5 December 2010 as part of the website's leak of US diplomatic cables; no details on the exact location of the assets was included in the list. In September 2011, WikiLeaks published the unredacted copy of the list. The list's release was met with strong criticism from the US and British governments, while media and other countries have reacted less strongly saying that the entries are not secret and easily identified.

The Stephenson Disaster Management Institute at Louisiana State University is located in the Stephenson National Center for Security Research and Training at LSU.

The National Cybersecurity Alliance (NCA), is an American nonprofit 501(c)(3) organization which promotes cyber security awareness and education. The NCA works with various stakeholders across government, industry, and civil society, promoting partnerships between the federal government and technology corporations. NCA's primary federal partner is the Cybersecurity and Infrastructure Security Agency within the U.S. Department of Homeland Security.

The Cyber Security Division (CSD) is a division of the Science and Technology Directorate (S&T Directorate) of the United States Department of Homeland Security (DHS). Within the Homeland Security Advanced Research Projects Agency, CSD develops technologies to enhance the security and resilience of the United States' critical information infrastructure from acts of terrorism. S&T supports DHS component operational and critical infrastructure protections, including the finance, energy, and public utility sectors, as well as the first responder community.

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.

Jacob H. Braun is an American politician, cyber and national security expert. He was appointed by President Joseph Biden as the U.S. Department of Homeland Security (DHS) Secretary's Senior Advisor to the Management Directorate. Braun is also a lecturer at the University of Chicago’s Harris School of Public Policy Studies where he teaches courses on cyber policy and election security. He previously served as the Executive Director for the University of Chicago Harris Cyber Policy Initiative (CPI).

National Initiative for Cybersecurity Careers and Studies (NICCS) is an online training initiative and portal built as per the National Initiative for Cybersecurity Education framework. This is a federal cybersecurity training subcomponent, operated and maintained by Cybersecurity and Infrastructure Security Agency.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

References

↑ "DHS | National Cyber Security Division". Dhs.gov. 2010-10-03. Retrieved 2012-05-12.
↑ "Exclusive: State's Streufert moving to DHS". FederalNewsRadio.com. 2012-01-13. Retrieved 2012-05-12.
↑ Noland, Katelyn (2012-01-13). "Report: DHS Names Cybersecurity Director". Executivegov.com. Retrieved 2012-05-12.
1 2 "DHS: Testimony of Deputy Under Secretary Philip Reitinger and Deputy Assistant Secretary RADM Michael Brown, National Protection and Programs Directorate, before the House Appropriations Committee, on the Department of Homeland Security Fiscal Year 2011 Cybersecurity Budget Request". Dhs.gov. 16 April 2010. Retrieved 2012-05-12.
↑ "The Comprehensive National Cybersecurity Initiative | The White House". whitehouse.gov . Retrieved 2012-05-12– via National Archives.
↑ "DHS puts Zitz in charge of cybersecurity division". Searchsecurity.techtarget.com. 2006-07-27. Archived from the original on 2007-11-30. Retrieved 2012-05-12.
↑ Hulme, George V. (2004-10-01). "Homeland Security Cybersecurity Chief Abruptly Resigns". Informationweek. Retrieved 2012-05-12.
↑ Archived September 9, 2006, at the Wayback Machine
↑ O'Harrow Jr, Robert; McCarthy, Ellen (2004-10-02). "Top U.S. Cyber-Security Official Resigns". washingtonpost.com. Retrieved 2012-05-12.
↑ Archived March 11, 2007, at the Wayback Machine

External links

National Cybersecurity Division webpage

This article incorporates public domain material from websites or documents of the United States Department of Homeland Security .

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "DHS | National Cyber Security Division". Dhs.gov. 2010-10-03. Retrieved 2012-05-12.

[2] "Exclusive: State's Streufert moving to DHS". FederalNewsRadio.com. 2012-01-13. Retrieved 2012-05-12.

[3] Noland, Katelyn (2012-01-13). "Report: DHS Names Cybersecurity Director". Executivegov.com. Retrieved 2012-05-12.

[autogenerated1-4] 1 2 "DHS: Testimony of Deputy Under Secretary Philip Reitinger and Deputy Assistant Secretary RADM Michael Brown, National Protection and Programs Directorate, before the House Appropriations Committee, on the Department of Homeland Security Fiscal Year 2011 Cybersecurity Budget Request". Dhs.gov. 16 April 2010. Retrieved 2012-05-12.

[5] "The Comprehensive National Cybersecurity Initiative | The White House". whitehouse.gov . Retrieved 2012-05-12– via National Archives.

[6] "DHS puts Zitz in charge of cybersecurity division". Searchsecurity.techtarget.com. 2006-07-27. Archived from the original on 2007-11-30. Retrieved 2012-05-12.

[7] Hulme, George V. (2004-10-01). "Homeland Security Cybersecurity Chief Abruptly Resigns". Informationweek. Retrieved 2012-05-12.

[8] Archived September 9, 2006, at the Wayback Machine

[9] O'Harrow Jr, Robert; McCarthy, Ellen (2004-10-02). "Top U.S. Cyber-Security Official Resigns". washingtonpost.com. Retrieved 2012-05-12.

[10] Archived March 11, 2007, at the Wayback Machine

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

v t e United States Department of Homeland Security
Headquarters: St. Elizabeths West Campus Alejandro Mayorkas, Secretary of Homeland Security Kristie Canegallo, Acting Deputy Secretary of Homeland Security
Deputy Secretary	United States Coast Guard (Commandant) Immigration and Customs Enforcement (Director) U.S. Citizenship and Immigration Services Customs and Border Protection Federal Emergency Management Agency Center for Domestic Preparedness National Flood Insurance Program United States Fire Administration Federal Law Enforcement Training Center United States Secret Service Office of Operations Coordination Transportation Security Administration Cybersecurity and Infrastructure Security Agency (Director) Countering Weapons of Mass Destruction Office Office of Strategy, Policy, and Plans Office of Immigration Statistics Homeland Security Advisory Council
Science and Technology	Science and Technology Directorate Homeland Security Advanced Research Projects Agency Explosives Division Chemical and Biological Defense Division Border and Maritime Security Division Human Factors and Behavioral Sciences Division Infrastructure Protection and Disaster Management Division Cyber Security Division (National Cybersecurity and Communications Integration Center)
Intelligence and Analysis	Office of Intelligence and Analysis
Management	Management Directorate Federal Protective Service Office of Biometric Identity Management
Law enforcement in the United States Terrorism in the United States