US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Information Sharing

Information Sharing

Information sharing is essential to the protection of critical infrastructure and to furthering cybersecurity for the nation. As the lead federal department for the protection of critical infrastructure and the furthering of cybersecurity, the Department of Homeland Security (DHS) has developed and implemented numerous information sharing programs. Through these programs, DHS develops partnerships and shares substantive information with the private sector, which owns and operates the majority of the nation’s critical infrastructure. DHS also shares information with state, local, tribal, and territorial governments and with international partners, as cybersecurity threat actors are not constrained by geographic boundaries.

National Cybersecurity and Communications Integration Center (NCCIC)

DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The NCCIC shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations.

Critical Infrastructure Cyber Information Sharing and Collaboration Program (CISCP)

The Critical Infrastructure Cyber Information Sharing and Collaboration Program (CISCP) was established for information sharing and collaboration with our critical infrastructure partners. CISCP shares cyber threat, incident, and vulnerability information in near-real time and enhances collaboration in order to better understand the threat and improve network defense for the entire community. The key focus of this program is to establish a community of trust between the federal government and entities from across the different critical infrastructure sectors and leverage those relationships for enhanced information sharing and collaboration.

Enhanced Cybersecurity Services (ECS)

Enhanced Cybersecurity Services (ECS) is a voluntary information sharing program that helps U.S.-based public and private entities protect their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cybersecurity organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information. DHS develops indicators based on this information and shares them with qualified Commercial Service Providers (CSPs), thus enabling them to better protect their customers.

Information Sharing and Analysis Centers (ISACs)

Sector-specific Information Sharing and Analysis Centers (ISACs) are non-profit, member-driven organizations formed by critical infrastructure owners and operators to share information between government and industry. While the NCCIC works in close coordination with all of the ISACs, a few critical infrastructure sectors maintain a consistent presence within the NCCIC.

The Multi-State Information Sharing and Analysis Center (MS-ISAC) receives programmatic support from and has been designated by DHS as the cybersecurity ISAC for state, local, tribal, and territorial (SLTT) governments. The MS-ISAC provides services and information sharing that significantly enhances SLTT governments’ ability to prevent, protect against, respond to and recover from cyberattacks and compromises. DHS maintains operational-level coordination with the MS-ISAC through the presence of MS-ISAC analysts in the National Cybersecurity and Communications Integration Center (NCCIC) to coordinate directly with its own 24x7 operations center that connects with SLTT government stakeholders on cybersecurity threats and incidents.

In addition to the MS-ISAC, representatives of the Communications ISAC maintain a presence at DHS through the NCCIC’s National Coordinating Center for Communications (NCC), with resident members from the nation’s major communications carriers on site. The Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Aviation Information Sharing and Analysis Center (A-ISAC) also maintain a presence within the NCCIC.

Information Sharing and Analysis Organizations (ISAOs)

Like Information Sharing and Analysis Centers (ISACs), the purpose of Information Sharing and Analysis Organizations (ISAOs) is to gather, analyze, and disseminate cyber threat information, but unlike ISACs, ISAOs are not sector-affiliated. Executive Order 13691 – Promoting Private Sector Cybersecurity Information Sharing calls for the development of ISAOs in order to promote better cybersecurity information sharing between the private sector and government, and enhance collaboration and information sharing amongst the private sector.

DHS is responsible for the execution of Executive Order 13691. Its role is threefold: DHS will select, through an open and competitive process, a non-governmental organization to serve as the ISAO Standards Organization, which will identify a set of voluntary guidelines for the creation and functioning of ISAOs; DHS will engage in continuous, collaborative, and inclusive coordination with ISAOs via its NCCIC; and DHS will develop a more efficient means for granting clearances to private sector individuals who are members of an ISAO via a designated critical infrastructure protection program.

This new ISAO model complements DHS’s existing information sharing programs and creates an opportunity to expand the number of entities that can share threat information with the government and with each other, reaching those who haven’t necessarily had the opportunity to participate in such information sharing.

Automated Information Sharing

DHS is leading a community effort to accelerate information sharing between network defense and incident response organizations and communities around the world. These efforts have taken the form of two technical specifications to enable secure, real-time, and actionable sharing activities: The Trusted Automated eXchange of Indicator Information (TAXII) and the Structured Threat Information eXpression (STIX). By automating the sharing of anonymized actionable indicators in real (or near-real) time, TAXII/STIX enables improved situational awareness about emerging threats and facilitates detection, prevention, and mitigation of threats without compromising trust and confidentiality.

Protected Critical Infrastructure Information Program (PCII)

The Protected Critical Infrastructure Information (PCII) Program is an information-protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data.

Last Published Date: September 30, 2015

What's New

Written testimony of USCG for a House Homeland Security Subcommittee on Border and Maritime Security hearing titled “Protecting Maritime Facilities in the 21st Century: Are Our Nation’s Ports at Risk for a Cyber-Attack?”
October 8, 2015
Written testimony of DHS Secretary Jeh Johnson for a Senate Committee on Homeland Security and Governmental Affairs hearing titled “Threats to the Homeland”
October 8, 2015
Written testimony of NPPD Under Secretary for a House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies hearing titled “Examining the Mission, Structure, and Reorganization Effort of the NPPD”
October 7, 2015

More News

Resource Directory

Critical Infrastructure Resources
Statement by Press Secretary Peter Boogaard on Secretary Johnson’s Upcoming Visit to Georgia
Analytic Report: Executive Order 13636 Cybersecurity Incentives Study

More Resources

Was this page helpful?

Back to Top