Federal Internet Law & Policy
An Educational Project
Dept. Homeland Security

Dont be a FOOL; The Law is Not DIY
- Agencies
- - White House
- - DHS
- - NIST
- - NTIA
- - FCC
- Reference
- Cryptography

Crimes Against Network
- Worms, Viruses, Attacks
- Hackers
- WiFi Security
- Cyberwar
- Network Reliability
- Infrastructure Protection
- - Kill Switch

Crimes Over Network
- CyberStalking
- Fraud
- - Auctions
- - Phishing
- Gambling
- ID Theft
- Offensive Words

Info Gathering
- Wiretaps
- Forensics
- Carnivore
- Patriot Act
- Data Retention
- Safe Web Act

- Assessment
- Reliability
- Vulnerabilities

"Federal policies and plans assign DHS with the lead responsibility for facilitating a public/private response to and recovery from major Internet disruptions. Within DHS, responsibilities reside in two divisions within the Office of the Under Secretary for National Protection and Program, Office of Cybersecurity and Communications: the National Cyber Security Division (NCSD) and the National Communications System (NCS). NCSD operates the U.S. Computer Emergency Readiness Team (US-CERT), which coordinates defense against and response to cyber attacks. The other division, NCS, provides programs and services that assure the resilience of the telecommunications infrastructure in times of crisis. Additionally, the Federal Communications Commission can support Internet recovery by coordinating resources for restoring the basic communications infrastructures over which Internet services run. For example, after Hurricane Katrina, the commission granted temporary authority for private companies to set up wireless Internet communications supporting various relief groups; federal, state, and local government agencies; businesses; and victims in the disaster areas. " GAO Critical Infrastructure Protection: Challenges in Addressing Cybersecurity, Statement of Gregory C. Wilshusen, Director, Information Security Issues, GAO-08-212T, page 3 (Oct. 23, 2007). See also GAO Critical Infrastructure Protection: Challenges in Addressing Cybersecurity GAO-05-827T page 6 June 19, 2005

"The H. Security Act of 2002 (P.L. 107-296) mandated several infrastructure protection responsibilities that relate to the Department’s cybersecurity mission. The Act also transferred many of the existing federal cyber programs to DHS. Among those programs and functions transferred were the following:

- CyberSecurity for the H., Report of the Activities and Findings by the Chairman and Ranking Member Subcommittee on Cybersecurity, Science, and Research Development of the US House of Representatives Select Committee on H. Security p 16 (December 2004)

National Protection and Programs Directorate

" The goal of the National Protection and Programs Directorate is to advance the Department's risk-reduction mission. Reducing risk requires an integrated approach that encompasses both physical and virtual threats and their associated human elements. "

NPPD > Office of Cybersecurity and Communications (CS&C) :

"The Office of Cybersecurity and Communications (CS&C) is responsible for enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure.  CS&C actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets.

"CS&C works to prevent or minimize disruptions to our critical information infrastructure in order to protect the public, economy, government services, and the overall security of the United States.  It does this by supporting a series of continuous efforts designed to further safeguard federal government systems by reducing potential vulnerabilities, protecting against cyber intrusions, and anticipating future threats. 

"As the Sector-Specific Agency for the Communications and Information Technology (IT) sectors, CS&C coordinates national level reporting that is consistent with the National Response Framework (NRF) .

"Cyber Storm , the Department of Homeland Security's biennial exercise series, provides the framework for the nation's largest cybersecurity exercise and strengthens cyber preparedness in both the public and private sectors.

The Office of Emergency Communication developed the National Emergency Communications Plan (NECP) to ensure that emergency response personnel at all levels of government can communicate as needed, on demand, and as authorized. To achieve this objective, the NECP identifies the capabilities and initiatives necessary for communications operability, interoperability, and continuity for emergency responders nationwide.

Enhanced Cybersecurity Services

"The Department of Homeland Security's (DHS) Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that helps U.S.-based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration. ECS works by sharing sensitive and classified cyber threat information with accredited Commercial Service Providers (CSPs). These CSPs in turn use that information to block certain types of malicious traffic from entering customer networks. ECS is meant to augment, but not replace, existing cybersecurity capabilities.

Service Offerings

The ECS program currently offers three service offerings:

  • Domain Name Service (DNS) Sinkholing, which blocks access to specified malicious domain names;
  • Email (SMTP) Filtering, which blocks email with specified malicious criteria from entering a network; and
  • Netflow Analysis, which uses passive detection to identify threats.

The ECS program continues to consider additional services that can use government-vetted cyber threat indicators to enhance the protection of U.S.-based organizations.


The ECS program embeds privacy protections into all of its operations. ECS does not monitor any private networks or collect any communications, directly or by proxy. DHS uses the Fair Information Practice Principles (FIPPs) to assess and mitigate impacts on an individual’s privacy. DHS has conducted and published a Privacy Impact Assessment (PIA) for the ECS program. To read more about the FIPPs, the ECS PIA, and related cyber programs, visit DHS's Cybersecurity and Privacy page.


All U.S.-based public and private entities are eligible to enroll in ECS. Program participation is voluntary and designed to protect government intelligence, corporate information security, and the privacy of participants. Four CSPs are accredited to provide ECS:

NPPD > CS&C > CyberStorm

"Cyber Storm, the Department of Homeland Security's biennial exercise series, provides the framework for the nation's largest cyber security exercise.

"Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is the National Cybersecurity Division 's top priority and one of the Department's four key priorities for 2008.

"Cyber Storm participants do the following:

  • Examine organizations' capability to prepare for, protect from, and respond to cyber attacks' potential effects;
  • Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;
  • Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and 
  • Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world disasters, ensuring that participants face more sophisticated and challenging exercises every two years.

NPPD > CS&C > National Cyber Security Division (NCSD)

"In June 2003, DHS created NCSD to serve as a national focal point for addressing cybersecurity issues and to coordinate the implementation of the National Strategy to Secure Cyberspace. Its mission is to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities.

"NCSD is the government lead on a public/private partnership supporting the US-CERT, an operational organization responsible for analyzing and addressing cyber threats and vulnerabilities and disseminating cyber-threat warning information. In the event of an Internet disruption, US-CERT facilitates coordination of recovery activities with the network and security operations centers of owners and operators of the Internet and with government incident response teams.

"NCSD also serves as the lead for the federal government’s cyber incident response through the National Cyber Response Coordination Group. This group is the principal federal interagency mechanism for coordinating the preparation for, and response to, significant cyber incidents—such as a major Internet disruption. In the event of a major disruption, the group convenes to facilitate intragovernmental and public/private preparedness and operations. The group brings together officials from national security, law enforcement, defense, intelligence, and other government agencies that maintain significant cybersecurity responsibilities and capabilities. Members use their established relationships with the private sector and with state and local governments to help coordinate and share situational awareness, manage a cyber crisis, develop courses of action, and devise response and recovery strategies.

"NCSD also recently formed the Internet Disruption Working Group, which is a partnership between NCSD, NCS, the Department of the Treasury, the Department of Defense, and private-sector companies, to plan for ways to improve DHS’s ability to respond to and recover from major Internet disruptions. The goals of the working group are to identify and prioritize the short-term protective measures necessary to prevent major disruptions to the Internet or reduce their consequences and to identify reconstitution measures in the event of a major disruption. - GAO 06-672 Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO Report (June 2006)

NCSD Leadership

  • July, 2006 - , Robert Zitz, Acting Director
  • Oct, 2004 - July, 2006, Andy Purdy, Acting Director
  • 2003, Sept - Oct, 2004 Amit Yoran, Director NCSD
  • George W Foresman claimed to be the head of NCSD during a cybersecurity hearing on the hill Sept 13, 2006
  • July 2005 Director position elevated to Assistant Secretary for Cyber Security and Telecommunications
  • 2003 - 2005 Robert Liscouski, Assistant Secretary for Infrastructure Protection
  • 2003 June DHS announces creation of NCSD
  • 2003 Feb. White House Releases National Strategy for Cyberspace
  • Lawrence Hale, Deputy Director NCSD
  • Richard Clarke refused the initial position
  • 2002 DHS Created
  • Sept. 11, 2001


The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of H. Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.

US-CERT is charged with protecting our nation's Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for

  • analyzing and reducing cyber threats and vulnerabilities
  • disseminating cyber threat warning information
  • coordinating incident response activities
  • US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public.

    Statement for the Record Dr. Peter Fonash Acting Director, National Cybersecurity Division Chief Technology Officer, Office of Cybersecurity and Communications National Protection and Programs Directorate U.S. Department of Homeland Security Before the United States House of Representatives Committee on Science and Technology Subcommittee on Technology and Innovation Subcommittee on Research and Science Education June 16, 2009

    US-CERT has been identified by the Office of Management and Budget (OMB) as the central Federal information security incident center required by the Federal Information Security Management Act of 2002 (FISMA) and serves as the operational center for the security of cyberspace of Federal Executive Branch civilian networks and CIKR networks. Agencies report incidents to US-CERT, including the identification of malicious code, denial of service, improper usage, as well as incidents that involve Personally Identifiable Information (PII). Operating a 24/7/365 operations center, the US-CERT is the lead entity in the national effort to provide timely technical assistance to operators of agency information systems regarding cyber security incidents. In this capacity the US-CERT guides agencies on detecting and handling information security incidents, compiles and analyzes information about incidents that threaten information security, and informs operators of agency information systems about current and potential information security threats, and vulnerabilities.

    US-CERT, working with OMB, is building additional capacity to fulfill its responsibilities under FISMA, as well as to better protect the Federal Executive Branch civilian systems and networks or ".gov." As a means of securing these networks, DHS is focused on implementing the Trusted Internet Connection (TIC) Initiative, which is led by the Office of Management and Budget. In addition, DHS is enhancing its EINSTEIN system, an intrusion detection capability, and deploying it at TICs across the Federal Government and at Networx Managed Trusted Internet Protocol Service (MTIPS) locations. Both of these programs support the efforts of the US-CERT-our 24/7/365 operations center that provides early watch, warning, and detection capabilities that enable us to more swiftly to identify and respond to malicious activity and to coordinate with our public and private sector partners.

    The TIC initiative is a multi-faceted program which seeks to improve the U.S. Government's cybersecurity posture and build capacity to respond to incidents by reducing and consolidating the number of external connections which Federal Executive agencies have to the Internet. The multitude of external access points gives our adversaries too many avenues to seek out vulnerabilities and exploit potential security gaps in our networks. By limiting the number of entranceways into our networks to a smaller number, we can better monitor traffic entering and exiting the network and more rapidly identify when it is penetrated by an attacker.

    Consolidating external connections and configuration management are the first step to creating a front line of defense. As we reduce external connections, we will deploy the EINSTEIN system at those TIC locations. This will allow us to more effectively analyze activity across Federal Executive Branch civilian networks. The EINSTEIN system helps to identify unusual network traffic patterns and trends that signal unauthorized network activity, allowing US-CERT to identify and respond to potential threats. DHS installed the first TIC on its own network and deployed the upgraded EINSTEIN 2 system. We will be using the lessons learned from our implementation process to assist other departments and agencies as we continue to build more TIC locations and install more EINSTEIN 2 systems.

    In addition to installing the EINSTEIN 2 system on DHS's network, we created the National Cybersecurity Protection System (NCPS) to create the framework under which EINSTEN 2 and future upgrades will be developed and deployed. NCPS is part of the overall formal acquisition program developed to enable the acquisition of technology that supports the NCSD mission including US-CERT and CNCI-related tasking.

    NCPS supports the acquisition and deployment of EINSTEIN 2. We have created a plan for EINSTEIN 2 deployment that includes four phases each with the following status:

  • Phase 1 - DHS Deployment: Deployment is complete and operating at initial operating capability.
  • Phase 2 - Deployment at five selected Departments or Agencies: Deployment has been completed and DHS expects initial operating capability at these locations in June 2009. Technical discussions for deployment and installation of the EINSTEIN 2 system at the final Phase 2 location are ongoing.
  • Phase 3 - Deployment at Networx/MTIPS Vendor Sites: Conducted technical discussions with each of the Networx/MTIPS contract awarded vendors. As the vendors complete their technical architectures, DHS is providing the EINSTEIN 2 capability and working with departments and agencies on implementation. DHS has commenced installation activities with one MTIPS awarded vendor.
  • Phase 4 - Deploy to remaining Single Service TIC Access Provider Departments or Agencies: Technical discussions have begun with some of the remaining agencies. Deployments will occur as these agencies become more technically stable in their TIC implementations.
  • In the future, NCPS will provide US-CERT analysts with an automated capability to better aggregate, correlate, and visualize information. In addition, DHS envisions developing an Intrusion Prevention System, EINSTEIN 3, for Federal Executive Branch networks and systems. The system once fully deployed will provide the Government with an early warning system and situational awareness, near real-time identification of malicious activity, and a more comprehensive network defense.

    NPPD > CS&C > NCSD > Cybersecurity Preparedness and the National Cyber Alert System

    Cyber threats are constantly changing.  Both technical and non-technical computer users can stay prepared for these threats by receiving current information by signing up for the National Cyber Alert System .

  • Government Creates Its Own Private Cyber Network, Fox News March 2003
  • Cyber Warning Net Launched, Public Sector Institute, Aug 2003
  • DHS Network Broadcasts Cyberthreat Warnings, GCN June 2003
  • NPPD > CS&C > NCSD > Cyber Cop Portal

    Coordination with law enforcement helps capture and convict those responsible for cyber attacks.  The Cyber Cop Portal is an information sharing and collaboration tool accessed by over 5,300 investigators worldwide who are involved in electronic crimes cases. "

    NPPD > CS&S > NCSD > National Cyber Response Coordination Group (NCRCG)

    Made up of 13 federal agencies, this is the principal federal agency mechanism for cyber incident response. In the event of a nationally significant cyber-related incident, the NCRCG will help to coordinate the federal response, including US-CERT, law enforcement and the intelligence community.  

    NPPD > CS&S > NCSD > National Vulnerability Database

    NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

    NPPD > CS&C > National Communications System

    NCS dissolved in 2012 Executive Order 13618

    Mission: "Assist the President, the National Security Council, the Director of the Office of Science and Technology Policy and the Director of the Office of Management and Budget in (1) the exercise of the telecommunications functions and responsibilities, and (2) the coordination of the planning for and provision of national security and emergency preparedness communications for the Federal government under all circumstances, including crisis or emergency, attack & recovery and reconstitution."

    "NCS is responsible for ensuring that communications infrastructure used by the federal government is available under all conditions-ranging from normal situations to national emergencies and international crises. The system does this through several activities, including a program that gives calling priority to federal executives, first responders, and other key officials in times of emergency. NCS was established by presidential direction in August 1963 in response to voice communication failures associated with the Cuban Missile Crisis. Its role was further clarified through an executive order issued in April 1984 that established the Secretary of Defense as the executive agent for NCS. In 2003, it was transferred to the responsibility of the Secretary of DHS.

    "NCS is composed of members from 24 federal departments and agencies. Although it originally focused on "traditional" voice services via common carriers, NCS has now taken a larger role in Internet-related issues due to the convergence of voice and data networks. For example, it now helps manage issues related to disruptions of the Internet backbone (e.g., high-capacity data routes). NCC, which serves as the coordination component of NCS, is the point of contact with the private sector on issues that could affect the availability of the communications infrastructure. According to DHS, the center includes 47 members from major telecommunications organizations, such as Verizon and AT&T. These members represent 95 percent of the wireless and wire line telecommunications service providers and 90 percent of the Internet service provider backbone networks. 

    "During a major disruption in telecommunications services, NCC Watch is to coordinate with NCC members in an effort to restore service as soon as possible. In the event of a major Internet disruption, it is to assist recovery efforts through its partnerships and collaboration with telecommunications and Internet-related companies. Using these partnerships, NCC has also created several programs that, in times of emergency, provide calling priority in to enable first responders and key officials at all levels to communicate using both landline phones and cellular devices.

    - GAO Report to the Subcommittee on Emerging Threats, Cybersecurity , and Science and Technology, Committee on H. Security, House of Representatives (June 2008)

    NPPD > CS&S > NCS > National Coordinating Center (NCC)

    "In January 2000, the NCC was designated an Information Sharing and Analysis Center (ISAC) for communications in accordance with PDD-6. The Comm ISAC wil facilitate the exchange among government and industry participants regarding vulnerability, threat, intrusion, and anomaly information affecting the telecommunications infrastructure. Since its creation, the NCC has coordinated the restoration and provisioning of NS/EP telecommunication services and facilities during natural disasters and armed conflicts

    " In 1982, telecommunications industry and Federal government officials identified the need for a joint mechanism to coordinate initiation and restoration of national security and emergency preparedness (NS/EP) telecommunication services. In 1983, the group recommended to the National Security Telecommunications Advisory Committee (NSTAC) and to President Reagan that a joint industry and government-staffed NCC be created as a central organization to handle emergency telecommunication requests. On January 3, 1984, the NCC opened for business.

    NPPD > CS&C > NCS > National Security Telecommunications Advisory Committee (NSTAC)


    "The NSTAC Mission and Key Themes

    "Meeting our Nation's critical national security and emergency preparedness (NS/EP) challenges demands attention to many issues. Among these, none could be more important than the availability and reliability of telecommunication services. The President's National Security Telecommunications Advisory Committee (NSTAC) mission is to provide the U.S. Government the best possible industry advice in these areas.

    25 Years of Partnership

    "For over 25 years, the NSTAC has brought together up to 30 industry chief executives from major telecommunications companies, network service providers, information technology, finance, and aerospace companies. These industry leaders provide the President with collaborative advice and expertise, as well as robust reviews and recommendations. The NSTAC's goal is to develop recommendations to the President to assure vital telecommunications links through any event or crisis, and to help the U.S. Government maintain a reliable, secure, and resilient national communications posture.

    "Beyond the industry collaboration alone, the NSTAC serves as a prominent model for trusted public/private partnerships, resulting in mutually beneficial information sharing mechanisms and the implementation of several programs to reinforce that partnership. One of the NSTAC's first efforts recommended the creation of the National Coordinating Center as an operational arm of the NSTAC, and later, as the Information Sharing and Analysis Center for the communications sector, where information relevant to the protection and operation of the communications infrastructure is shared between industry and Government. Subsequently, the NSTAC also helped to establish the industry and Government Network Security Information Exchanges, allowing representatives from the public and private sectors to share sensitive information on threats to operations, administration, maintenance, and provisioning systems supporting the telecommunications infrastructure. The NSTAC recognized that information sharing is a key component to the industry and Government relationship, tying together all facets of the NSTAC agenda to provide resilient national telecommunications services.

    "Since its inception, the NSTAC has addressed a wide range of policy and technical issues regarding communications, information systems, information assurance, critical infrastructure protection, and other NS/EP communications concerns. In recent years, the Government, with the support of the NSTAC, addressed new NS/EP challenges caused by several primary factors: the convergence of traditional and broadband networks; the changing global threat environment; and the continuing global expansion of both provider and user communities. In the face of this ever-increasing complexity of the domestic and global network environment, the NSTAC's work, more so than ever, is of vital national importance, and the committee remains vigilant in aggressively addressing our Nation's highest priority NS/EP communications needs.

    "Throughout the NSTAC's history, five key themes continue to emerge as their major areas of focus:

  • Strengthening national security
  • Enhancing cybersecurity
  • Maintaining the global communications infrastructure
  • Assuring communications for disaster response
  • Addressing critical infrastructure interdependencies and dependencies
  • "The NSTAC remains committed to providing the best possible technical information and policy advice to assist the President and other stakeholders responsible for the critical NS/EP services for our Nation." [NSTAC Website]

    NPPD > CS&C > Office of Emergency Communications

    The Office of Emergency Communications (OEC) supports the Secretary of Homeland Security in developing, implementing, and coordinating interoperable and operable communications for the emergency response community at all levels of government.

    NPPD > Office of Infrastructure Protection (IP)

    Protecting the nation's critical infrastructure and key resources (CIKR) is a key Department of Homeland Security mission established in 2002 by the National Strategy for Homeland Security and the Homeland Security Act .  

    The Department's Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD) leads the coordinated national program to reduce risks to the nation's CIKR posed by acts of terrorism, and to strengthen national preparedness, timely response, and rapid recovery in the event of an attack, natural disaster, or other emergency.

    This is a complex mission. CIKR range from the nation's electric power, food and drinking water to its national monuments, telecommunications and transportation systems, chemical facilities and much more.  The vast majority of national CIKR is privately owned and operated, making public-private partnerships essential to protect CIKR and respond to events.

    Protected Critical Infrastructure Information Program

    "The PCII Program is designed to encourage private industry to voluntarily share their sensitive and proprietary business information with the Federal Government.  The Department of H. Security will use PCII in pursuit of a more secure H., focusing primarily on:

  • Analyzing and securing critical infrastructure and protected systems,
  • Identifying vulnerabilities and developing risk assessments, and
  • Enhancing recovery preparedness measures.
  • "Information submitted, if it satisfies the requirements of the Critical Infrastructure Information Act of 2002, is protected from public disclosure under:

  • The Freedom of Information Act,
  • State and local sunshine laws, and
  • Use in civil litigation. "
  • - DHS | PCII

    Science and Technology Directorate

    The Science and Technology Directorate (S&T) manages science and technology research to protect the h., from development through transition for Department components and first responders.

    > Homeland Security Advanced Research Projects Agency > Cyber Security Division > Cyber Security Research and Development Center

    "The U.S. Department of Homeland Security Science and Technology Directorate established the Cyber Security Division (CSD), within the Directorate's Homeland Security Advanced Research Projects Agency (HSARPA), in fiscal year 2011 in response to the increasing importance of the cybersecurity mission. CSD’s mission is to contribute to enhancing the security and resilience of the Nation’s critical information infrastructure and the Internet by (1) driving security improvements to address critical weaknesses, (2) discovering new solutions for emerging cyber security threats, and (3) delivering new, tested technologies to defend against cyber security threats."

    Secret Service

    "The definition of an insider for this study includes current, former, or contract employees of an organization. The cases analyzed in the Insider Threat Study involve incidents in which an insider intentionally exceeded or misused an authorized level of system access in a manner that affected the organization's data, daily business operations, or system security, or involved other harm perpetrated via a computer.

    "For the Insider Threat Study, researchers from the Secret Service CERT/CC have focused on identifying the physical and online behaviors and communications that insiders engaged in before the incidents, as well as how the incidents were eventually executed, detected, and the insider identified. This approach addresses a broader phenomenon than previous studies on the topic of insider activity.

    Cyber Security R&D Center

    "The Cyber Security R&D Center was established by the Department of H. Security in 2004 to develop security technology for protection of the U.S. cyber infrastructure. The Center conducts its work through partnerships between government and private industry, the venture capital community, and the research community."

    Immigration and Customs Enforcement (ICE)

    Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing CyberthreatsPDF p 33 (June 2007)

    "Investigates and seeks prosecution of domestic and transborder criminal activities occurring on or facilitated by the Internet, primarily within its authority to investigate immigration and customs violations.

    "Cyber Crimes Center: Headquarters center that provides cyber-related technical and investigative services, training, and guidance to ICE headquarters and field office investigators and foreign attachés, as well as other foreign and domestic law enforcement entities.
    • Develops and coordinates national-level Internet investigations, including online undercover operations, related to crimes investigated by ICE such as: transborder child exploitation, identity and benefit fraud, intellectual property rights, commercial fraud, strategic and national security, financial crimes, and general smuggling investigations.
    • Performs forensics examination of electronic devices such as personal computers, personal digital assistants, cellular telephones, and other communication devices and operates the ICE National Digital Forensics Laboratory.
    • Conducts research and development on new and emerging technologies.
    ICE Field Offices: Digital Forensics Agents located in field offices throughout the United States perform forensic examinations of detained and/or seized digital storage devices in field laboratories, assist online field investigators in preparing search warrants targeting digital evidence, and provide expert testimony and support to state and local law enforcement agencies.
    ICE Foreign Attachés Offices: Attachés located in ICE foreign offices coordinate investigative efforts with foreign law enforcement entities."


    One of Tom Ridge's first recommendations was that the federal government should get out of cyberspace; in other words, that critical government communications be conducted over a secure private network and not over the Internet.  The proposed network is referred to as Govnet.

    Federal Advisory Councils


    Other DHS Stuff




    Federal Computer Incident Response Center

    The Federal Computer Incident Response Center (FedCIRC) was created, pursuant to Presidential Decision Directive 63, as the central effort coordinating internal federal civilian preparation, analysis, and response to computer security issues.  FedCIRC is sponsored by the Federal CIO Council; it is administered by the Federal Technology Services Office of the General Services Administration.   FedCIRC provides a means for the multitude of federal agencies and organizations to coordinate and collaborate in their work, bringing together members of the Department of Defense, law enforcement, intelligence community, academia and computer security specialists.  FedCIRC's focus seems to be to take the work of groups such as CERT/CC and NIPC and disseminate that information internally to federal agencies, facilitating readiness of federal networks. FedCIRC


  • GAO, Critical Infrastructure Protection: Department of H. Security Faces Challenges in Fulfilling Cybersecurity Responsibilities, GAO-05-434 (Washington, D.C.: May 26, 2005).
  • The role of NIPC has been assumed by DHS and NIPC no longer exists. See US CERT. The other vital federal effort is the National Infrastructure Protection Center (NIPC).  NIPC is charged with the monumental task of playing watchdog to the nationals critical infrastructure, including telecommunications, energy, money, water, the government, and emergency services.  The NIPC conducts threat assessment, producing analysis, warnings, and response information.  Housed in the DHS, NIPC is a collaborative effort between US agencies, intelligence community, and law enforcement - which creates a logistical challenge ensuring that the disparate participates remained confined within their congressionally mandated missions (for example, that military personnel cannot be used for domestic law enforcement).  Established in 1998, the NIPC was created pursuant to the recommendations of President Clinton's President's Council on Critical Infrastructure Protection.  NIPC is the central federal effort pulling together information on threats to critical infrastructure, enabling NIPC to disseminate information to facilitate readiness and also to have information with which to advise the President and the US Congress.  NIPC conducts an outreach program known as InfraGuard to critical infrastructure owners which, more than anything, facilitates the establishment of information sharing mechanisms.

  • Papers
  • GAO, Critical Infrastructure Protection: Department of H. Security Faces Challenges in Fulfilling Cybersecurity Responsibilities, GAO-05-434 (Washington, D.C.: May 26, 2005)
  • H. Security Reorganization Enhances Cyber Security, Americas Network 7/19/2005
  • Computer Security Lacking at H. Security, Slashdot 6/10/2005
  • FBI ponders changes to cybersecurity unit NIPC, CNN 3/21/02