recommended reading

DHS center could extend classified Pentagon cyber program to nondefense industries

Mark J. Terrill/AP file photo

If Congress fails to pass cyber information sharing reforms, the Homeland Security Department could offer all critical industries entry into a little-known facility that circulates classified warnings about threats, similar to the way an exclusive Pentagon initiative works, said a former DHS official who started the operation. The National Cybersecurity and Communications Integration Center, or NCCIC, is a 24-hour crisis center that has been investigating and responding to breaches since 2009.  

“On that watch floor right now you have representatives with full security clearances, up to the Top Secret level, from energy companies, financial services companies, water companies, telecommunications companies, sitting there next to intelligence analysts, sitting next to government cyber analysts, sitting next to Secret Service agents and FBI agents,” said former NCCIC director Seán McGurk, at a talk sponsored by Government Executive Media Group and National Journal.

McGurk became managing principal for industrial control systems cybersecurity at Verizon in May. The telecom firm is one of the critical sector companies stationed at the NCCIC (pronounced N-kick). “They are all sharing the information in near real-time, machine-to-machine speed, not necessarily just human to human, so they can get that overall operational picture to identify cyber risk,” he said.

There also has been discussion of allowing all vital sectors into a more high-profile program that today exchanges classified threat data only within the defense industrial base. The Pentagon recently announced plans for renewing a contract with Booz Allen Hamilton to beef up capacity of the initiative, which currently supports about 15,000 individuals from more than 2,650 defense suppliers.

McGurk acknowledged that NCCIC must ramp up if it is tasked with providing nondefense critical sectors the same services available from the defense industrial base program.

We started the capability -- and now we need to advance that capability and we need to extend it” beyond the currently six or seven active industries, he said. “We need to ensure that the public is aware that this is a resource.”

NCCIC is an outgrowth of a Bush administration presidential directive commonly known as the Comprehensive National Cybersecurity Initiative. Under the initiative, data sharing activities must comply with federal privacy policies for personal information and other protected information.

By “collaborating and sharing classified information, unclassified information, proprietary information, we have a better idea of what the activity is and how the activity propagates through these various sectors,” McGurk said. For example, an oil company executive may spot a danger that could disrupt energy industrial control systems, while a water plant employee may look at the same information and see separate ramifications for that utility.

“And then it becomes actionable because the energy sector person sits there and says that’s important to me in this way and I need that information to protect my sector, which may be different from what the water person sees,” he said. The center is “something that can be enhanced, it’s something that can be expanded but it’s something that currently exists.”

Mark Weatherford, the top cyber official at DHS, increasingly is promoting NCCIC during speeches. “The NCCIC is going to be the nexus of information,” he said this summer. Weatherford, who previously served as chief security officer at the North American Electric Reliability Corporation, which enforces reliability standards for the bulk power system, predicts that eventually businesses in all critical industries “will have NCCIC on speed dial.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.