Cyber Integration for Fusion Centers: An Appendix to the Baseline Capabilities for State and Major Urban Area Fusion Centers
- 32 pages
- May 2015
This document identifies recommended actions and guidance for state and major urban area fusion centers (fusion centers) to integrate information technology, cybersecurity, and cybercrime1 prevention (cyber) intelligence and analytic capabilities. Development of these capabilities will inform local, state, and national detection, mitigation, response, recovery, investigation, and criminal prosecution activities that support and maintain the United States’ cybersecurity.
This document is an appendix to the Global Justice Information Sharing Initiative’s (Global) Baseline Capabilities for State and Major Urban Area Fusion Centers (Baseline Capabilities).
This document does not identify additional requirements for fusion centers. Rather, for fusion centers that choose to develop and support a cyber capability, it identifies how the fusion centers can effectively integrate the information, resources, personnel, and expertise of cyber partners, cyber stakeholders, and the cyber community, to enhance fusion center information/intelligence sharing processes. This document also illuminates the value achieved when federal, state, local, tribal, territorial (FSLTT), and private sector organizations work with fusion centers and the many opportunities for establishing relationships with the fusion center.
Recognition of the Value Added by Cyber Engagement With Fusion Centers
Cybersecurity is one of the most serious economic and national security challenges, and yet it is also one that FSLTT law enforcement, homeland security, and information technology entities continue to struggle to integrate into daily operations. The investigation of computer intrusion matters requires investigators and analysts to possess unique skill sets. However, a wide variety of crimes now incorporate cyber elements, including narcotics, human, and firearm trafficking; counterfeiting; child exploitation; the sale of contraband and illegal goods; fraud; burglary; and homicide, requiring all investigators and analysts to have some level of cyber knowledge.
Fusion centers are uniquely positioned to further cybersecurity objectives by promoting cyberthreat information sharing, analysis, and dissemination between the state, local, and private organizational level and the federal level. The National Response Framework (May 2013), the National Preparedness Guidelines, the National Institute of Standards and Technology (NIST) Cybersecurity Framework,7 and multiple Presidential executive orders have laid out specific capabilities and recommended cybersecurity best practices that include improving the U.S. cybersecurity posture, advocating the migration to more secure technologies, and strengthening information sharing among FSLTT and private sector cyber stakeholders. Supporting programs, such as the U.S. Department of Homeland Security (DHS) Critical Infrastructure Cyber Community C3 Voluntary Program, assist stakeholders in the adoption and use of best practices and relevant information sharing programs.
Improving the national cybersecurity posture requires understanding and sharing information related to malicious cyberactivity, building a network of trusted individuals, aligning operations to create a long-term and sustainable risk management strategy that provides for a changing threat environment, and maximizing the effective use of resources. Fusion centers are focal points for information sharing and are essential in understanding and disseminating information and intelligence. Fusion centers should collaborate with critical cyber partners and/or stakeholders in their region to help ensure that the following resources are in place:
• Access to and participation in a fusion center’s robust information sharing processes that allow the movement of relevant and timely open source, unclassified, and classified intelligence and information that support routine and event-specific threat analysis.
• Coordinated cyber policies, programs, and incident response plans that address known and potential threats.
• Exchange of subject-matter expertise.
• Processes that allow for cooperation with law enforcement and prosecutorial efforts.
• The potential for regular and ongoing cyber risk assessments, as well as a process to identify and address sector interdependencies to allow for efficient information sharing and allocation of resources and the response to threats.
• Tools and processes that are flexible and adaptable, allow for rapid adaptation to an evolving threat environment, and incorporate lessons learned and effective practices.