The federal enterprise depends on information technology (IT) systems and computer networks for essential operations. These systems face large and diverse cyber threats that range from unsophisticated hackers to technically competent intruders using state-of-the-art intrusion techniques. Many malicious attacks are designed to steal information and disrupt, deny access to, degrade, or destroy critical information systems.
The Department of Homeland Security (DHS) works with each federal civilian department and agency to promote the adoption of common policies and best practices that are risk-based and able to effectively respond to the pace of ever-changing threats. As systems are protected, alerts can be issued at machine speed when events are detected to help protect networks across the government information technology enterprise and the private sector. This enterprise approach will help transform the way federal civilian agencies manage cyber networks through strategically sourced tools and services that enhance the speed and cost effectiveness of federal cybersecurity procurements and allow consistent application of best practices.
National Cybersecurity Protection System (NCPS)
The mission of DHS’s Network Security Deployment (NSD) division is to improve cybersecurity to federal departments, agencies, and partners by developing the technologies and establishing the services needed to fulfill CS&C’s cybersecurity mission. To meet that mission need, NSD designs, develops, deploys, and sustains the National Cybersecurity Protection System (NCPS), which provides intrusion detection, advanced analytics, information sharing, and intrusion prevention capabilities that combat and mitigate cyber threats to the Federal Executive Branch information and networks.
NCPS is an integrated system-of-systems that delivers a range of capabilities, including intrusion detection, analytics, intrusion prevention, and information sharing. These capabilities provide a technological foundation that enables DHS to secure and defend the federal civilian government’s information technology infrastructure against advanced cyber threats. NCPS advances DHS’s responsibilities as delineated in the Comprehensive National Cybersecurity Initiative.
One of DHS’s key technologies within the NCPS is EINSTEIN. The goal of the NCPS EINSTEIN set of capabilities is to provide the federal government with an early warning system, improved situational awareness of intrusion threats to federal civilian Executive Branch networks, near real-time identification of malicious cyber activity, and prevention of that malicious cyber activity.
Continuous Diagnostics and Mitigation (CDM)
DHS’s Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources.
National Cybersecurity and Communications Integration Center (NCCIC)
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The NCCIC shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.
NCCIC’s United States Computer Emergency Readiness Team (US-CERT) brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nation’s networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, US-CERT operates the NCPS, which provides intrusion detection and prevention capabilities to covered federal departments and agencies.
Federal Information Security Management Act (FISMA) Reporting
DHS works collaboratively with federal agencies to build upon the metrics established in previous fiscal years and incorporates updates to ease Federal Information Security Management Act (FISMA) reporting. Current year FISMA documents can be found here.