National Cybersecurity and Communications Integration Center

Unofficial website of the Department of Homeland Security

Alerts Bulletins Current Activities Tips

Need a cleared Drupal firm? You need Xandermar!

What is NCCIC?

The NCCIC serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts. NCCIC's partners include other government agencies, the private sector, and international entities. Working closely with its partners, NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts.

Vision

To operate at the intersection of government, private sector, and international network defense communities, applying unique analytic perspectives, ensuring shared situational awareness, and orchestrating synchronized response, mitigation, and recovery efforts while protecting the Constitutional and privacy rights of Americans in both the cybersecurity and communications domains.

Mission

To operate at the intersection of the private sector, civilian, law enforcement, intelligence, and defense communities, applying unique analytic perspectives, ensuring shared situational awareness, and orchestrating synchronized response efforts while protecting the Constitutional and privacy rights of Americans in both the Cybersecurity and communications domains.

The NCCIC's missions include:

  • Leading the protection of federal civilian agencies in cyberspace;
  • Working closely together with critical infrastructure owners and operators to reduce risk;
  • Collaborating with state and local governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC);
  • Cooperating with international partners to share information and respond to incidents;
  • Coordinating national response to significant cyber incidents in accordance with the National Cyber Incident Response Plan (NCIRP);
  • Analyzing data to develop and share actionable mitigation recommendations
  • Creating and maintaining shared situational awareness among its partners and constituents;
  • Orchestrating national protection, prevention, mitigation, and recovery activities associated with significant cyber and communication incidents;
  • Disseminating cyber threat and vulnerability analysis information;
  • Assisting in the initiation, coordination, restoration, and reconstitution of National Security or Emergency Preparedness (NS/EP) telecommunications services and facilities under all conditions, crises, or emergencies; and
  • Executing Emergency Support Function 2- Communications (ESF-2) responsibilities under the National Response Framework (NRF).

NCCIC Branches

NCCIC is comprised of four branches:

As mutually supporting, fully integrated elements of the NCCIC, these branches provide the authorities, capabilities, and partnerships necessary to lead a whole-of-nation approach to addressing cybersecurity and communications issues at the operational level.

NO&I plans, coordinates, and integrates capabilities to synchronize analysis, information sharing, and incident management efforts across the NCCIC's branches and activities.

US-CERT brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nation's networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, US-CERT operates the National Cybersecurity Protection System (NCPS), which provides intrusion detection and prevention capabilities to covered federal departments and agencies.

ICS-CERT reduces risk to the nation's critical infrastructure by strengthening control systems security through public-private partnerships. ICS-CERT has four focus areas: situational awareness for CIKR stakeholders; control systems incident response and technical analysis; control systems vulnerability coordination; and strengthening cybersecurity partnerships with government departments and agencies.

NCC leads and coordinates the initiation, restoration, and reconstitution of NS/EP telecommunications services or facilities under all conditions. NCC leverages partnerships with government, industry and international partners to obtain situational awareness and determine priorities for protection and response.

The NCCIC relies heavily on voluntary collaboration with its partners. The NCCIC works closely with federal departments and agencies and actively engages with private sector companies and institutions, along with state, local, tribal, and territorial governments, and international counterparts. Each group of stakeholders represents a community of practice, working together to protect the portions of critical information technology that they own, operate, manage, or interact with.

All media inquiries about the NCCIC and its missions, roles, and responsibilities should be directed to CS&C External Affairs at cscexternalaffairs@hq.dhs.gov

Report an Incident

To report an incident, goto https://www.us-cert.gov/forms/report and complete the form.

The US-CERT Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to US-CERT. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis. If you would like to report a computer security incident, please complete the following form. Please provide as much information as you can to answer the following questions to allow US-CERT to understand your incident.

What is an incident?

A good but fairly general definition of an incident is the act of violating an explicit or implied security policy. Unfortunately, this definition relies on the existence of a security policy that, while generally understood, varies among organizations.

For the federal government, an incident, defined by NIST Special Publication 800-61, is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. Federal incident notification guidelines, including definitions and reporting timeframes can be found at https://www.us-cert.gov/incident-notification-guidelines.

In general, types of activity that are commonly recognized as being in violation of a typical security policy include but are not limited to:

  • attempts (either failed or successful) to gain unauthorized access to a system or its data, including Personally Identifiable Information (PII) related incidents. For more information on the privacy guidelines for incident handling, refer to the DHS Privacy Incident Handling Guidance (PIHG).i
  • unwanted disruption or denial of service
  • the unauthorized use of a system for processing or storing data
  • changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent

We encourage you to report any activities that you feel meet the criteria for an incident. Note that our policy is to keep any information specific to your site confidential unless we receive your permission to release that information.

Using the US-CERT Incident Reporting System

In order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are marked with a red asterisk. This website uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) to provide secure communications. This method of communication is much more secure than unencrypted email.

Do not copy and paste malicious code directly into this form. Fill out this incident report in detail. Then, provide the resulting US-CERT Incident ID number in the Open Incident ID field of the Malware Analysis Submission Form where you can submit a file containing the malicious code.

Please do not submit Personally Identifiable Information (PII) data or other sensitive information using this form. If you need to communicate this information to us, please send encrypted email to the US-CERT Security Operations Center (soc@us-cert.gov). PGP/GPG key available at https://www.us-cert.gov/contact-us.

Report Phishing

Some content in menu 2.

Report Malware

Some content in menu 2.

Report Software Vulnerabilities

Some content in menu 2.

Shared Indicators

Some content in menu 2.

Contact NCCIC

Some content in menu 2.

Additional Resources

Some content in menu 2.