U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home

What DHS does during a Cyber Attack

The United States depends on Critical Infrastructure to support national defense, public health and safety, economic vitality, and overarching society well-being. Disruptions or significant damage to Critical Infrastructure could result in potentially catastrophic and cascading consequences to the Nation. Here’s what DHS does during an incident against critical information technology systems.

Visualization of the DHS Organizational Chart During a Cyber Intrusion / Incident

Download "Incident Type: Cyber Intrusions / Incidents" (845KB JPG)



  • The Secretary of Homeland Security is the principal Federal official for domestic incident management.
  • Coordinates the Federal Government’s resources to be utilized in response to, or recover from terrorist attacks, major disasters, or other emergencies.

National Protection and Programs Directorate

  • The National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center that is the national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement.
  • NCCIC’s watch floor operations are the primary point of threat, vulnerability, and incident detection.
  • NCCIC’s watch floor operations provide all aspects of incident response services, including digital media analysis and onsite response; recover and mitigation support; vulnerability coordination and disclosure.
  • NCCIC maintains situational awareness alerts and advisories to warn of cyber threats affecting the nation’s critical infrastructure.
  • The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)—part of the NCCIC—works closely with government at all levels and the private sector to coordinate, share capabilities, and tools that help control systems owners and operators prevent, protect against, mitigate and respond to cyber threats and incidents.

United States Immigration and Customs Enforcement (ICE)

  • ICE’s Cyber Crimes Center (C3) supports federal, state, local and international law enforcement agencies.
  • C3’s computer forensics laboratory recovers digital evidence from computers and other devices that may have been used in intrusions.

United States Secret Service (USSS)

  • Secret Service’s Electronic Crimes Task Forces focus on identifying and locating international cyber criminals connected to cyber intrusions, bank fraud, data breaches, and other computer related crimes.
  • Secret Service’s Cyber Intelligence Section develops intelligence that directly contributes to the arrest of transnational cyber criminals.
Last Updated: 01/11/2022
Was this page helpful?
This page was not helpful because the content