Strengthening cyber defenses through fusion center engagement
- By Jayne Friedland Holland
- Mar 08, 2017
After the Sept. 11, 2001, attacks, the 9/11 Commission highlighted shortcomings in information sharing as a key factor in the failure to protect the nation from terrorist activity. The Commission’s 2004 report prompted the Department of Homeland Security to issue grants that established fusion centers in states and larger metropolitan areas.
These intelligence-gathering entities fight domestic terrorism and criminal activity, including cyberattacks, by serving as conduits for information sharing between federal, state and local governments, private companies and law enforcement. The nation’s 78 fusion centers are owned and operated at the state and local levels.
With the explosion of hacktivism and other forms of cyber crimes in recent years, fusion centers have increased their intelligence gathering and their focus on cybersecurity. They receive and collect cyber or terrorist threat information from state and local law enforcement, first responders and participating private companies. They then analyze the data; compare it to known information from federal government security agencies and other fusion centers; and disperse actionable results back out to their participating partners, including private companies.
Fusion centers benefit government
Fusion centers can serve as the cement for a shared cybersecurity mission across government, law enforcement and private industry, and state and local governments have a distinct role to play in the fusion centers’ work.
However, the level at which those governments are involved with fusion centers varies from state to state. When there’s an overlap in what a state or municipal government needs and what a fusion center can provide -- dealing with a specific cyberattack, for example -- they tend to work closely together.
But, to measurably reduce cyber vulnerability, that interaction isn’t enough. State and local governments must interact regularly with fusion centers and encourage more private companies to share information.
Government benefits directly by working consistently with fusion centers. Their involvement improves state and local agencies’ understanding of suspicious activity and criminal/terrorist trends and heightens their ability to recognize activity that should be reported. Agencies that participate with fusion centers get access to a broad network of both private- and public-sector threat information that otherwise would be difficult to come by.
The information they receive may provide advance warning that gives agencies time to harden their technology infrastructure or physical facilities before an attack occurs. If an attack is already underway, agencies can take advantage of the timely, relevant information they receive to shorten or reduce the severity of those efforts.
Engaging with fusion centers
State and local governments can take four important steps to deepen engagement with fusion centers:
Establish an internal information-sharing structure. Coordinate information sharing by pulling together agencies that oversee cyber networks. If possible, designate primary responsibility to a team, such as the CIO’s staff or another group with relevant IT and security knowledge.
Introduce fusion center personnel to the team that has authority for information sharing. Task the team and the fusion center representatives with creating two-way channels for providing and receiving information.
Collaborate with other stakeholders. Relationships with regional government agencies, nongovernmental organizations and private companies will be vital to understanding the full range of cyber assets that could be affected by an incident. These relationships will also be necessary for information gathering and mitigation should an incident occur.
Initiate outreach to the private sector. Fusion centers play an important role in deterring or mitigating terroristic and criminal activity, but their ability to achieve their goals lies in the collaboration of private companies, state and local governments and law enforcement. The private sector, which owns and operates 85 percent of the nation’s critical infrastructure, has much to gain by sharing and receiving security-related data. Government should seek opportunities to make private companies aware of the availability of fusion center intelligence. These companies can leverage information from fusion centers not only to respond to threats but also to harden their IT systems or critical infrastructure facilities in advance of a security incident.
Recognizing their essential role in cybersecurity, government agencies should engage with fusion centers and encourage other stakeholders to do the same. Doing so ensures that fusion centers will receive the latest and most comprehensive information available as they work to help protect our nation against cyber threats.
Jayne Friedland Holland is chief security officer at NIC Inc.