The National Cybersecurity and Communications Integration Center utilized “some innovative enhancements” to its information technology and operational technology assessment capabilities to expand the size of its teams and breadth of services, the DHS agency said in a report reviewing fiscal year 2017.
Teams found the most frequently identified enterprise system vulnerabilities to be susceptibility to email phishing, poor password practices, poor patch management, and improper configuration. The most frequently identified control system vulnerabilities were boundary protection — pegged as “the single most prevalent area of concern, continuing a four-year trend” — along with identification and authentication of legitimate system users and allocation of resources.
The report outlined the NCCIC response to the WannaCry ransomware attack beginning in May 2017. “Due in part to the coordinated and sustained counteraction by NCCIC and its domestic and foreign partners, WannaCry had limited impact on U.S. CI,” the agency said, noting coordination with more than 40 IT and cybersecurity companies to convey what NCCIC knew.
“As part of its mission to protect federal departments and agencies, NCCIC also led Cybersecurity Coordination, Assessment, and Response (C-CAR) meetings to share actionable information about the threats. C-CARs are a critical complement to NCCIC’s technical alerts and follow a standard protocol,” the report continues. “This protocol enables DHS to convey information to CISOs and request action from federal departments and agencies to gain awareness of potentially affected systems across the Federal Government. Recognizing that not all users would be able to install patches immediately, NCCIC also shared additional mitigation guidance to assist government and private sector network defenders.”
In FY17, NCCIC led DHS planning and coordination for Cyber Guard, an annual two-week exercise headed by the Department of Defense U.S. Cyber Command and co-sponsored by DHS and the Federal Bureau of Investigation (FBI). Cyber Guard 2017 included experts from over 100 organizations, including the Federal Government, state governments, industry, academia, and international allies.
“Misuse of, threats to, and malicious attacks on these systems pose some of the most serious and enduring strategic risks to the United States. The increasing frequency and scale of malicious cyber activity threatens us all,” said Assistant Secretary for Cybersecurity and Communications Jeanette Manfra. “As more devices connect to the Internet, the threat landscape broadens and compounds the challenge for security practitioners.”
Manfra added that in FY17 NCCIC “streamlined its product portfolio, further integrated core functions and capabilities, and improved services to customers in a number of important ways.”
“We continue to explore ways to enrich cyber threat indicator data and leverage analytics and automation to improve the information we deliver to customers. We are also helping customers improve readiness and technical expertise by enhancing our training and exercise capabilities,” she added. “These and other enhancements—together with the growing strength and breadth of our global partnerships—will help to ensure that the NCCIC continues to arm our customers with the critical information products, services, and capabilities they require.”
In FY18, NCCIC will lead all aspects of Cyber Storm, a national-level exercise occurring every two years that will focus on the Critical Manufacturing and Transportation Sectors with participation from the Information Technology and Communications Sectors; law enforcement, defense, and intelligence agencies; state and local governments; and
Goals for FY18 including building the NCCIC workforce, expanding exercises and training, supporting election infrastructure, realigning operations to better serve customers, expanding incident response capacity, and enriching data and automating cybersecurity.
“NCCIC is preparing for additional requirements stemming from the FY17 establishment of Election Infrastructure (EI) as a critical infrastructure subsector of the Government Facilities Sector,” the report states. “In response, DHS stood up an EI Task Force, of which NCCIC is a key member. NCCIC will expand the scale and number of vulnerability scans, cyber hunt activity, and risk assessments we already conduct on our EI.”