What is the NCCIC ICS mission?
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) includes a mission to promote a cohesive effort between government and industry to improve the cyber security posture of industrial control systems (ICS) within the nation's critical infrastructure. NCCIC assists control systems vendors and asset owners/operators to identify security vulnerabilities and develop sound mitigation strategies that strengthen their ICS cyber security posture and reduce risk.
What are the US critical infrastructure sectors?
Presidential Policy Directive 21 (PPD-21), National Infrastructure Protection Plan (NIPP), and federal policies identified and categorized U.S. critical infrastructure into the following 16 critical infrastructure sectors:
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Services
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials, and Waste
- Transportation Systems
- Water and Wastewater Systems
How does the NCCIC ICS team coordinate work with other government stakeholders?
NCCIC established the Control Systems Security Working Group (CSSWG), which provides a forum for federal stakeholders through which the federal government can communicate and coordinate its efforts to improve control systems cyber security in critical infrastructure. These efforts foster interaction and collaboration between and among federal departments and agencies regarding control systems cyber security initiatives.
The CSSWG teams individuals from various federal departments and agencies who have roles and responsibilities involved with securing industrial control systems within US critical infrastructure. Because many cyber security challenges are similar from sector to sector, this collaborative effort benefits the nation by promoting and leveraging existing work and maximizing efficient resource use.
How is the NCCIC ICS team working with industry?
NCCIC partners with members of the control systems community to help develop and vet recommended practices, provide guidance in support of incident response capability, and participate in leadership working groups to ensure the community's cyber security concerns are considered in our products and deliverables.
NCCIC facilitates discussions between the federal government and the control systems vendor community, establishing relationships that foster an collaborative environment in which to address common control systems cyber security issues. The NCCIC also offers a suite of tools that provide asset owners and operators the ability to measure the security posture of their control systems environments and to identify the appropriate cyber security mitigation measures they should implement.
How does the program protect submitted information?
The DHS Protected Critical Infrastructure Information Program (PCII Program) was established in response to the Critical Infrastructure Information Act of 2002 (CII Act). The PCII Program creates a new framework for protecting certain types of information. The PCII program enables members of the private sector to, for the first time, voluntarily submit confidential information regarding the nation's critical infrastructure to DHS with the assurance that the information will be protected from public disclosure.
All work performed by associated national laboratories is protected through contractual agreements. These agreements protect proprietary information, allowing it to be viewed securely and only by individuals performing work related to each project.
How can I participate?
NCCIC's success depends on the active involvement of the control systems community to provide insight for the program. Many opportunities exist to participate in this important work, including helping with standards bodies, industry work groups, and various forums.
Control systems community submissions of cyber incidents and vulnerabilities to NCCIC is essential to its ability to provide national level situational awareness for the the nation's critical control systems cyber security status. Submissions can be made through the ICS-CERT web site Home page.
How do I contact the NCCIC?
If you would like to contact NCCIC please send inquiries to:
National Cybersecurity and Communications Integration Center (NCCIC)
Phone (US): 1-888-282-0870 (NCCIC Customer Service)