National Cyber Security Division



The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

Strategic objectives and priorities
Strategic Objectives

To protect the cyber infrastructure, NCSD has identified two overarching objectives:
 * To build and maintain an effective national cyberspace response system.
 * To implement a cyber-risk management program for protection of critical infrastructure.

Priorities
 * Continued development of the EINSTEIN system’s capabilities as a critical tool in protecting the Federal Executive Branch civilian departments and agencies.
 * Development of the National Cyber Incident Response Plan (NCIRP) in full collaboration with the private sector and other key stakeholders. NCIRP ensures that all national cybersecurity partners understand their roles in cyber incident response and are prepared to participate in a coordinated and managed process.
 * Increase the security of automated control systems that operate elements of the national critical infrastructure.

Organization
NCSD is funded through the following three Congressionally appropriated Programs, Projects and Activities (PPA): United States Computer Emergency Readiness Team (US-CERT), Strategic Initiatives, and Outreach and Programs:


 * US-CERT leverages technical competencies in federal network operations and threat analysis centers to develop knowledge and knowledge management practices. US-CERT provides a single, accountable focal point to support federal stakeholders as they make key operational and implementation decisions and secure the Federal Executive Branch civilian networks. It does so through a holistic approach that enables federal stakeholders to address cybersecurity challenges in a manner that maximizes value while minimizing risks associated with technology and security investments. Further, US-CERT analyzes threats and vulnerabilities, disseminates cyber threat warning information, and coordinates with partners and customers to achieve shared situational awareness related to the Nation’s cyber infrastructure. US-CERT funds also support the development, acquisition, deployment, and personnel required to implement the National Cybersecurity Protection System (NCPS), operationally known as EINSTEIN. The EINSTEIN Program is an automated intrusion detection system for collecting, correlating, analyzing, and sharing computer security information across the federal government to improve our Nation’s situational awareness. EINSTEIN is an early warning system that monitors the network gateways of Federal Executive Branch civilian departments and agencies for malicious cyber activity. DHS is deploying EINSTEIN 1 and 2 systems in conjunction with the federal TIC initiative, which optimizes network security capabilities into a common solution for the Federal Executive Branch and facilitates the reduction and consolidation of external connections, including Internet points of presence, through approved access points. As of March 2012, EINSTEIN 3 is currently being staged for roll-out to federal agencies for those that have reached a high TIC compliance.
 * The National Cybersecurity Center (NCSC) is a component of US-CERT’s budget. The NCSC fulfills its presidential mandate as outlined in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 in ensuring that federal agencies can access and receive information and intelligence needed to execute their respective 7 cybersecurity missions. The NCSC accomplishes this through the following six mission areas: Mission Integration, Collaboration and Coordination, Situational Awareness and Cyber Incident Response, Analysis and Reporting, Knowledge Management, and Technology Development and Management, each supported by developing NCSC programs and capabilities.
 * Strategic Initiatives enables NCSD to establish mechanisms for federal partners to deploy standardized tools and services at a reduced cost, paving the way for a collaborative environment that enables the sharing of best practices and common security challenges and shortfalls. In addition, Strategic Initiatives enables NPPD to develop and promulgate sound practices for software developers, IT security professionals, and other CIKR stakeholders; it also enables collaboration with the public and private sectors to assess and mitigate risk to the nation’s cyber CIKR.
 * Outreach and Programs promotes opportunities to leverage the cybersecurity investments of public and private industry partners. This PPA encourages cybersecurity awareness among the 8 general public and within key communities, maintains relationships with government cybersecurity professionals to share information about cybersecurity initiatives, and develops partnerships to promote collaboration on cybersecurity issues. Outreach and Programs enables governance and assistance in setting policy direction and establishes resource requirements for NCSD’s complex activities.

Early leadership turnover
NCSD has been plagued by leadership problems, having had multiple directors that resign after serving only short terms, or potential candidates for the position of director who refuse the position. As chair of the pre-existing Counter-terrorism Security Group, Richard Clarke was initially offered the position of director of the NCSD, but refused citing concerns that there would be too many bureaucratic layers between him and Homeland Security director Tom Ridge. Robert Liscouski ran the division initially while a permanent director was sought and continued on as Assistant Director until February 2005. Amit Yoran became director of NCSD in September 2003 and helped set up the division, but after only a year in the job, left abruptly in October 2004. One of the division's deputy directors, Andy Purdy, assumed the position of interim director within a week of Yoran's departure. In 2006 upon Andy Purdy's departure Jerry Dixon took on the role as acting director in December 2006 until officially appointed to the position as executive director in January 2007. Upon Dixon's departure in September 2007 Mcguire took on the role of acting director until March 2008 which the USSS assigned Cornelius Tate and Anita Calinoiu to be the current director of NCSD.

An audit of the division, conducted by DHS's inspector general Clark Kent Ervin, cast a negative view on the division's first year. Although the report praised the formation of the U.S. Computer Emergency Readiness Team (US-CERT) and the National Cyber Alert System, the division received criticism for failing to set priorities, develop strategic plans and provide effective leadership in cyber security issues.