The National Cybersecurity and Communications Integration Center (NCCIC), a division of the Office of Cybersecurity and Communications within the National Protection and Programs Directorate (NPPD), is the operational arm of NPPD and is responsible for providing full-time monitoring, information sharing, analysis, and incident response capabilities to protect Federal agencies' networks and critical infrastructure and key resources, such as industrial control systems.
The NCCIC was established in October 2009 to coordinate national response efforts and work directly with federal, state, local, tribal, and territorial governments and private-sector partners. It is the national 24-hours-a-day, 7-days-a-week operations center that is to provide situational awareness, multiagency incident response, and strategic analysis for issues related to cybersecurity and NS/EP communications.
It provides an integrated incident response facility to mitigate risks that could disrupt or degrade critical information technology functions and services, while allowing for flexibility in handling traditional voice and more modern data networks.
The unified operations center combines two of DHS's operational organizations: the U.S. Computer Emergency Readiness Team (US-CERT), which leads a public-private partnership to protect and defend the nation's cyber infrastructure, the National Coordinating Center for Telecommunications (NCC), the operational arm of the National Communications System, and the Industrial Control Systems CERT.
- Oversees the NCSD-Cyber Exercise Program, which is an initiative aimed at improving the nation's cybersecurity readiness, protection, and incident response capabilities by conducting various exercises, including Cyber Storm.
- Leads efforts related to the National Response Framework's Emergency Support Function 2, which support the restoration of the communications infrastructure, facilitate the recovery of systems and applications from cyber attacks, and coordinate federal communications support to response efforts during incidents that require a coordinated federal response.
During the ordinary course of operations, the NCCIC may receive classified CTIs, DMs and information relating to cybersecurity threats from other federal entities. Through its own analysis, or in consultation with federal or non-federal entities with appropriate security clearances, the NCCIC may identify a requirement to share the information more broadly than classification restrictions permit. In such cases, the NCCIC works with the originating federal entity to downgrade, sanitize, or otherwise declassify information for sharing with its stakeholders through indicator bulletins and other channels.
The NCCIC establishes standing critical information requirements so that its federal entity partners have a sense of the CTIs, DMs, and information relating to cybersecurity threats that are of the greatest interest to the NCCIC and its federal and non-federal entity stakeholders.
- Communications Networks: Outcome-Based Measures Would Assist DHS in Assessing Effectiveness of Cybersecurity Efforts, at 20.
- Encryption and Evolving Technology: Implications for U.S. Law Enforcement Investigations, at 9-10.
- Department of Homeland Security, Office of Inspector General, "Secretary Napolitano Opens New National Cybersecurity and Communications Integration Center" (Press Release) (Oct. 30, 2009) (full-text).
- Department of Homeland Security, "About the National Cybersecurity and Communications Integration Center" (full-text).