National Counterintelligence and Security Center

Features

National Counterintelligence and Security Center

Academic

 

 


The Association of American Universities is composed of America’s leading research universities. AAU’s 65 research universities transform lives through education, research, and innovation. Visit the AAU Science & Security website to learn about their role in protecting research and innovation.


The National Science Foundation is committed to maintaining the integrity of international scientific collaborations. They have developed resources to enhance research security practices that are reliable and adaptive to emerging and evolving threats. Visit the NSF Research Security site for more information.

Cybersecurity

 

eLearning Courses

  • Cyber Security Awareness, CS130.16
    This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.

Job Aids

  • Cyber Essentials Guide
    This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
  • Mobile Device Safety
    This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment.
  • Spearfishing and Common Cyber Attacks
    This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods.
  • Top 10 Routinely Exploited Vulnerabilities
    This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats.
  • Joint Cyber Intelligence Tool Suite (JCITS)
    In partnership with industry, JCITS uses mapping of cleared contractor public infrastructure and fuses those maps with known cyber-attack patterns of foreign adversaries.
  • CISA Regional Offices
    This job aid provides a map with CISA Regional Office contact information.

Posters

Reports

  • NIST Framework for Improving Critical Infrastructure Cybersecurity
    Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

Toolkits

  • Cyber Essentials Toolkit
    The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness.
  • NSA Cybersecurity Advisories and Technical Guidance
    This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements.
  • OnGuardOnline
    This Federal Trade Commission website contains general information and tips to protect information and devices online.
  • NCSC Awareness Materials
    The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.

Watch & Learn

  • Cybersecurity Attacks - The Insider Threat
    This 15-minute video teaches the viewer to recognize and mitigate the attacks performed by witting and unwitting entities that comprise the cybersecurity environment.
  • NCSC Cyber Training Series
    This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer'scomponent layers and associated functions, virtualization concepts, and security methods.
  • Protect Your Computer from Malware
    Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobiledevice without your consent. Learn more about how to avoid, detect, and get rid of malware.

Webinars

  • Creating a Workplace Culture of Cybersecurity
    This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in theworkplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.

Games

  • Cybersecurity: Tomorrow’s Internet
    InternetTest your knowledge of cybersecurity and earn badges as you go.
  • Cybersecurity Magic 8 Ball
    Can you correctly predict how the Magic 8 Ball will answer these cybersecurity questions?
  • Cybersecurity Trivia Twirl
    This game features a wheel with six segments, each representing a different Cybersecurity category. Spin the wheel andcorrectly answer the question to “collect” that category segment. Play continues until you successfully collect all sixcategory segments.

National Cybersecurity Policy for Industry & Academia

 

Policy

 

Social Media Considerations for Industry & Academia

 

Job Aids

Posters

 

Reports

  • Internet Social Networking Risks
    This ODNI report provides definitions of terms associated with internet and social networking risks and provides practicaltips and best practices for mitigating the risk.

 

Watch & Learn

  • Social Media Video Lesson
    This video lesson explores the risks associated with social media and why you should be concerned.

 

Image representing Safeguarding Science with showing hologram hovering over open hand 

Safeguarding Science

An Outreach Initiative for Protecting Research and Innovation

in Emerging Technologies

 

An informed, empowered scientific community is best positioned to assess emerging technologies and their applications and to design measures to guard against the potential misuse or theft of these technologies.  The National Counterintelligence and Security Center (NCSC) has partnered with multiple federal agencies to develop an outreach initiative, “Safeguarding Science,” designed to raise awareness of the spectrum of risk in emerging technologies and to help stakeholders in these fields to develop their own methods to protect research and innovation.  The initiative focuses on emerging technology sectors where the stakes are potentially greatest for U.S. economic and national security, including the following:

 

 

 

Icon representing ARTIFICIAL INTELLIGENCE
ARTIFICIAL INTELLIGENCE
Icon representing BIOECONOMY
BIOECONOMY
Icon representing Autonomous Systems
AUTONOMOUS SYSTEMS
Icon representing QUANTUM
QUANTUM
Icon representing SEMICONDUCTORS
 SEMICONDUCTORS

 

 

Please click the above images for additional information.

 

 

SAFEGUARDING SCIENCE GOALS

 

  • Promote a U.S. research ecosystem that emphasizes collaboration, openness, equity, integrity, and security, all of which facilitate innovation
  • Provide curated resources for our stakeholders to support best practices in protecting research and innovation
    • Supplement existing ethics training with security education to provide case studies relating to misuse and exploitation of research
    • Provide inclusive educational opportunities for domestic / international students and faculty that are germane to the fields of research and development
  • Assist academia and industry in developing their own methods to protect research from theft, misuse, abuse, or exploitation.
    • Highlight shared responsibility of scientific community and U.S. government to protect research and innovation in emerging technologies
    • Develop a culture of security awareness to supplement existing compliance measures, fostering scientific citizenship
    • Evolve from a “do no harm” mentality to an explicit “not on my watch” mentality
  • Foster information exchanges to better identify emerging technology security challenges
    • Establish liaison contacts between scientific community and the U.S. government
    • Facilitate tripwire/suspicious activity reporting

 

SAFEGUARDING SCIENCE TOOLKIT

 

The resources categorized on the upper left side of the page have been developed with partners at the National Science Foundation (NSF), National Institute for Standards and Technology (NIST), the Department of Health and Human Services (HHS), the Federal Aviation Administration (FAA), the Department of Defense (DOD), and other federal agencies.

 

 Images of NSF-NIST-HHS-FAA-Logos

 

The toolkit provides partners with a range of resources to choose from to help them better protect their research and innovation.  The resources include training, best practices, videos, awareness materials, policy references, and other materials from across the U.S. government, as well as from academia (including training for research institutions made by research institutions).  The toolkit will remain a dynamic resource that is maintained and updated. Select a category to start accessing resources.  Links to any non-Governmental information are provided for reference and awareness, and not as directions or NCSC recommendations.

 

 

As mandated by Congress, a core NCSC mission is to conduct counterintelligence (CI) outreach to the U.S. private sector, academic and research communities, as well as other external stakeholders to arm them with information about foreign intelligence threats to their organizations and ways to mitigate risk.

 

Operations Security

 

NCSC executes the roles and responsibilities of the National Operations Security (OPSEC) Program Office, as described in National Security Presidential Memorandum (NSPM)-28 and will support department and agency implementation of OPSEC programs. NCSC/ETD will provide additional guidance, work with all Executive Branch departments and agencies to develop their programs, and will provide program development, training, and awareness materials.

 

As set forth in NSPM-28, the National Operations Security Program (NOP) supports the establishment, implementation, and standardization of stakeholder OPSEC programs across the Executive Branch of the U.S. Government (USG) and, as appropriate, beyond to trusted partners.

 

NSPM-28 requires all Executive Branch departments and agencies to implement OPSEC capabilities that identify and protect their most critical assets, identify and mitigate vulnerabilities, consider foreign adversarial threats in their organization’s risk management activities, and apply sufficient threat mitigation practices to counter the threat. NOP requirements are set forth in NSPM-28.

 

National OPSEC Awareness Month

January 2023

 

 

NOP Authorities & Policies

Please Note: National Security Presidential Memorandum (NSPM) 28 is Unclassified but not approved for public release and therefore cannot be posted on this website. Stakeholders within the US government may reach out to This email address is being protected from spambots. You need JavaScript enabled to view it. to obtain a copy.


OPSEC Training

  • Registrar: This email address is being protected from spambots. You need JavaScript enabled to view it.
  • OPSEC Course Schedule
  • OPSEC for All

OPSEC Resources & Templates

OPSEC Posters

Tweet 4 Supply Chain

 

Matthew Halvorsen, Strategic Program Director for NCSC’s Supply Chain and Cyber Directorate, recently sat down with Andrew Coffey, a Deputy Director with the High Intensity Drug Trafficking Areas (HIDTA) Program at the Office of National Drug Control Policy (ONDCP), for an audio interview on how the HIDTA program worked quickly to implement supply chain security measures to stem risks from certain Chinese companies, as mandated by Section 889 of the National Defense Authorization Act (NDAA) of 2019.  The discussion is instructive for other federal agencies working to comply with supply chain security provisions of the NDAA.

 

This episode is the second in a series of interviews with experts and practitioners from government, industry, research and academia to spotlight threats to key U.S. supply chains and highlight mitigation.

 

 

Guest Speaker

 

Andrew Coffey, Ph.D. is a Deputy Director with the High Intensity Drug Trafficking Areas (HIDTA) Program at the Office of National Drug Control Policy (ONDCP). He oversees a number of portfolios to include policy development, intelligence and information sharing, and performance management. Prior to joining ONDCP he held various positions in the private sector advising clients around the globe on security and risk management. He holds a doctorate in public administration and policy from Virginia Tech, and a bachelor’s degree from Radford University. From 2016-2017, he was a Senior Fellow with the George Washington University Center for Cyber and Homeland Security.

 

 

 

 

National Counterintelligence and Security Center