On February 1, 2017, the United States Government Accountability Office (“GAO”) published a report assessing the performance and effectiveness of the National Cybersecurity and Communications Integration Center (“NCCIC”) of the Department of Homeland Security (“DHS”). 

The NCCIC is statutorily required to perform cybersecurity-related functions set forth in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, including, for example, the coordination of sharing cybersecurity-related information between the federal and state governments and across multiple sectors.  The GAO’s report generally finds that the NCCIC has taken steps to perform each of its statutorily required functions, while noting that the NCCIC has not yet established metrics and methods to evaluate its performance of those functions in accordance with required principles.  The report provides a series of recommendations for NCCIC to improve its effectiveness and efficiency.

One of the report’s findings relates to NCCIC’s required function of coordinating the sharing of information related to cyber threat indicators, defensive measures, cybersecurity risks and incidents across the federal government.  According to the report, cybersecurity incidents that are reported to the NCCIC may be reported to either the NCCIC Operations and Integration Service Desk or the Industrial Control Systems Cyber Emergency Response Team (“ICS-CERT”), with the NCCIC service desk not being able to access data from the ICS-CERT incident reporting system.  During its study of the NCCIC, the GAO found that NCCIC officials were not able to track the status of all cybersecurity incidents reported to the NCCIC because of the separate incident reporting systems.  Therefore, the GAO’s report notes that the lack of a centralized incident tracking system hinders the NCCIC’s ability to effectively coordinate sharing of information.

The GAO’s one-page summary that provides highlights of the report is available here.