The Department of Homeland Security’s (DHS) around-the-clock watch center is “generally” performing on all of its congressionally directed functions, although it isn’t clear how well it is carrying out a number of principles called for in legislation, the Government Accountability Office (GAO) says in a new report.
GAO says the National Cybersecurity Communications and Integration Center (NCCIC), which shares cyber security-related information with the federal civilian government and private sector, has developed product and services to support its 11 functions, “including those related to analyzing and sharing cyber information, facilitating coordination among federal and non-federal partners, and conducting technical assistance and exercises.”
Some of the 11 mandated functions include a federal civilian interface for sharing cyber threat indicators and warnings with federal and nonfederal entities; providing shared situational awareness to enable real-time operations across these entities; coordinating the sharing of cyber threat information, risks and countermeasures across the federal government and engaging with international partners to collaborate on cyber threat indicators, defensive measures, and other information related to cyber risks.
Congress also called for the NCCIC to carry out nine functions, some of which are ensuring that timely, actionable and relevant information related to risks, incidents and analysis is shared, that information related to risks, incidents and analysis is integrated with other information and tailored to a sector and ensuring that industry sector-specific, academic and national laboratory expertise is sought and considered.
The report says as far as implementing the principles go, it “is unclear because the center has not consistently evaluated its performance against the principles.”
GAO says that its survey of NCCIC’s customers “expressed generally favorable views of its activities.”