Enhancing The Role of Fusion Centers in Cybersecurity
- 6 pages
- July 2015
Fusion centers were created after the 9/11 terrorist attacks to facilitate the type of multijurisdictional information sharing needed to prevent another strike on the homeland. The centers provided a mechanism for state and local governments and the federal government to analyze, share, and disseminate information and intelligence.
In recent years, the growing number and sophistication of threats to the nation’s cyber infrastructure have motivated governors to consider adding or expanding cybersecurity capabilities within state fusion centers.
Through fusion centers, states receive classified and unclassified information and intelligence from multiple sources across the nation and combine or “fuse” that information into “products” (for example, law enforcement notices and warnings) that help improve state and national readiness to respond to an attack or threat. Since their inception, fusion centers have become more sophisticated, uniform, and nationally networked. As they have matured and evolved, so have their missions. Originally designed to focus on terrorism, they now address a wider array of threats and hazards, including “accidents; technological events; natural disasters; warfare; and chemical, biological (including pandemic influenza), radiological, nuclear, or explosive events.”
Given states’ leading role in promoting cybersecurity, using fusion centers as a way to enhance cybersecurity capabilities may be a practical solution to an emerging problem. Actions a governor can take to enhance the role of his or her state fusion center in cybersecurity include:
• Create a shared cybersecurity mission among homeland security, emergency management, IT, and law enforcement.
• Conduct an assessment of the state fusion center’s capability to manage a cybersecurity mission.
• Develop a business and operations plan for the state’s fusion center.
• Implement an outreach strategy to the private sector to identify existing information-sharing processes.
• Establish clear performance measurements for fusion center activities.Fusion Centers and Their Role in Cybersecurity
Fusion centers are owned and operated by state and local governments and serve as focal points for state, local, federal, tribal, and territorial partners to receive, analyze, and share threat-related information. Currently, 78 centers exist—53 are owned and operated by states and territories and 25 by major urban areas. Although specifics vary by state, fusion centers are generally staffed by professionals from law enforcement, homeland security, fire services, emergency response, public health, and the private sector.
Fusion centers were created in the wake of 9/11 to facilitate information sharing among public safety agencies to prevent terror incidents, protect citizens, and respond to crises. Fusion centers have focused on areas such as counterterrorism, disaster management, emergency response, protection of critical infrastructure, and drug trafficking. Although organizationally distinct, efforts are underway to better align and encourage mutual support across all of the nation’s fusion centers. Those efforts aim to develop strategies to bridge jurisdictional boundaries as well as provide more effective communications about and effective response to the threat environment.
Fusion centers serve as a critical junction for state, federal, and private-sector intelligence collection, analysis, and dissemination. Similar to counterterrorism or disaster response, those centers play a critical role in mitigating and responding to cyber threats, sharing actionable intelligence about the latest attack and threat trends and strategies and enabling preventative action by state information security professionals. In addition, fusion centers can act as a center for coordinating the response to and investigation of cyber crimes and cyber intrusions against state assets and critical infrastructure.
Many fusion centers have begun to develop their cybersecurity capabilities. Washington established the Public Regional Information Security Event Management system and established a cyber intelligence analyst position in the state fusion center “to ensure that information on (cyber) threats and reconnaissance activity is shared in real time and across organizational boundaries.” In 2013, New Jersey’s fusion center, the Regional Operations and Intelligence Center, launched a “cyber fusion cell” to focus on emerging cyber threats to public and private networks.
To better integrate cybersecurity into its state fusion center, New York physically relocated the New York St-ate Intelligence Center (NYSIC) to the Center for Internet Security’s (CIS) campus near Albany, New York. CIS is a 501(c)(3) nonprofit organization focused on enhancing the cybersecurity readiness and response of public- and private-sector entities. CIS has been designated by the U.S. Department of Homeland Security (DHS) to serve as the national hub for sharing cybersecurity information across states. According to New York Governor Andrew Cuomo, relocating his state’s fusion center “will ensure new coordination between government, law enforcement, and public safety resources.”
…
Create a Shared Cybersecurity Mission Across Homeland Security, Emergency Management, IT, and the State Police
Fusion centers were ostensibly designed to share sensitive information and intelligence among law enforcement and intelligence agencies. In many states, individuals responsible for cybersecurity, such as chief information officers (CIOs), chief information security officers (CISOs), emergency managers (EMs), and homeland security advisors (HSAs), might not have access to the fusion centers, either because they lack the security clearance or are not viewed as having a role. That lack of access bars critical personnel from receiving necessary information and intelligence and impedes a state’s ability to combat new and emerging cyber threats.
To remedy that, governors can direct their CIO, CISO, EM, HSAs, and heads of state police to create a shared mission that defines roles and responsibilities for using the state’s fusion center to support cybersecurity. Vermont, for example, integrated its fusion center into a statewide cybersecurity committee, bringing together the fusion center director, the state’s EM, HSA, attorney general, and CISO to manage a shared cybersecurity mission. The committee meets regularly to discuss challenges and ensure that members are aware of each other’s missions. That design allows state authorities to evaluate system security, effectively implement new policies, and maintain awareness of the evolving cybersecurity threat environment.