National Counterintelligence and Security Center

Features

National Counterintelligence and Security Center

Counterintelligence Program for Industry & Academia

Counterintelligence

Job Aids

Although oriented for Department of Defense (DOD) personnel, these address universal principles applicable anywhere:

Posters

Reports

Toolkits

  • Computer Security Resource Center
    The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) toolkit for computer security resources has a wealth of information for incorporating both CI and cyber into a security program. This toolkit is more applicable for network administrators and information technology and security personnel.

Watch & Learn

  • CDSE Counterintelligence Awareness Video Lesson
    This four minute YouTube video is a basic primer on Counterintelligence and Security. This job aid is suited for all facility personnel.
  • CI and Insider Threat Support to Security
    This seven minute YouTube video gives the basic “why” on Insider threat and Counterintelligence. The first four and a half minutes are more universal, and after this mark, the video becomes more Department of Defense (DOD) centric. This resource is best suited for facility security personnel and senior leaders.

Games

Test your knowledge and encourage CI Awareness at your organization with these two engaging games.

 

Operations Security for Industry & Academia

OPSEC

 

National OPSEC Program Office - Operations Security (dni.gov)

Toolkits

Posters

Academic Resources

Academic

 

The Association of American Universities is composed of America’s leading research universities. AAU’s 65 research universities transform lives through education, research, and innovation. Visit the AAU Science & Security website to learn about their role in protecting research and innovation.

The National Science Foundation is committed to maintaining the integrity of international scientific collaborations. They have developed resources to enhance research security practices that are reliable and adaptive to emerging and evolving threats. Visit the NSF Research Security site for more information.

Cybersecurity Awareness for Industry & Academia

Cybersecurity

eLearning Courses

  • Cyber Security Awareness, CS130.16
    This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.

Job Aids

  • Cyber Essentials Guide
    This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
  • Mobile Device Safety
    This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment.
  • Spearfishing and Common Cyber Attacks
    This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods.
  • Top 10 Routinely Exploited Vulnerabilities
    This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats.
  • Joint Cyber Intelligence Tool Suite (JCITS)
    In partnership with industry, JCITS uses mapping of cleared contractor public infrastructure and fuses those maps with known cyber-attack patterns of foreign adversaries.
  • CISA Regional Offices
    This job aid provides a map with CISA Regional Office contact information.

Posters

Reports

  • NIST Framework for Improving Critical Infrastructure Cybersecurity
    Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

Toolkits

  • Cyber Essentials Toolkit
    The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness.
  • NSA Cybersecurity Advisories and Technical Guidance
    This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements.
  • OnGuardOnline
    This Federal Trade Commission website contains general information and tips to protect information and devices online.
  • NCSC Awareness Materials
    The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.

Watch & Learn

  • Cybersecurity Attacks - The Insider Threat
    This 15-minute video teaches the viewer to recognize and mitigate the attacks performed by witting and unwitting entities that comprise the cybersecurity environment.
  • NCSC Cyber Training Series
    This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer'scomponent layers and associated functions, virtualization concepts, and security methods.
  • Protect Your Computer from Malware
    Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobiledevice without your consent. Learn more about how to avoid, detect, and get rid of malware.

Webinars

  • Creating a Workplace Culture of Cybersecurity
    This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in theworkplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.

Games

  • Cybersecurity: Tomorrow’s Internet
    InternetTest your knowledge of cybersecurity and earn badges as you go.
  • Cybersecurity Magic 8 Ball
    Can you correctly predict how the Magic 8 Ball will answer these cybersecurity questions?
  • Cybersecurity Trivia Twirl
    This game features a wheel with six segments, each representing a different Cybersecurity category. Spin the wheel andcorrectly answer the question to “collect” that category segment. Play continues until you successfully collect all sixcategory segments.

National Cybersecurity Policy for Industry & Academia

Policy

Social Media Considerations for Industry & Academia

Job Aids

Posters

Reports

  • Internet Social Networking Risks
    This ODNI report provides definitions of terms associated with internet and social networking risks and provides practicaltips and best practices for mitigating the risk.

Watch & Learn

  • Social Media Video Lesson
    This video lesson explores the risks associated with social media and why you should be concerned.

Safeguarding Science

Image representing Safeguarding Science with showing hologram hovering over open hand

Safeguarding Science

An Outreach Initiative for Protecting Research and Innovation
in Emerging Technologies

An informed, empowered scientific community is best positioned to assess emerging technologies and their applications and to design measures to guard against the potential misuse or theft of these technologies. The National Counterintelligence and Security Center (NCSC) has partnered with multiple federal agencies to develop an outreach initiative, “Safeguarding Science,” designed to raise awareness of the spectrum of risk in emerging technologies and to help stakeholders in these fields to develop their own methods to protect research and innovation. The initiative focuses on emerging technology sectors where the stakes are potentially greatest for U.S. economic and national security, including the following:

Please click the above images for additional information.

SAFEGUARDING SCIENCE GOALS

  • Promote a U.S. research ecosystem that emphasizes collaboration, openness, equity, integrity, and security, all of which facilitate innovation
  • Provide curated resources for our stakeholders to support best practices in protecting research and innovation
    • Supplement existing ethics training with security education to provide case studies relating to misuse and exploitation of research
    • Provide inclusive educational opportunities for domestic / international students and faculty that are germane to the fields of research and development
  • Assist academia and industry in developing their own methods to protect research from theft, misuse, abuse, or exploitation.
    • Highlight shared responsibility of scientific community and U.S. government to protect research and innovation in emerging technologies
    • Develop a culture of security awareness to supplement existing compliance measures, fostering scientific citizenship
    • Evolve from a “do no harm” mentality to an explicit “not on my watch” mentality
  • Foster information exchanges to better identify emerging technology security challenges
    • Establish liaison contacts between scientific community and the U.S. government
    • Facilitate tripwire/suspicious activity reporting

SAFEGUARDING SCIENCE TOOLKIT

The resources categorized on the upper left side of the page have been developed with partners at the National Science Foundation (NSF), National Institute for Standards and Technology (NIST), the Department of Health and Human Services (HHS), the Federal Aviation Administration (FAA), the Department of Defense (DOD), and other federal agencies.

 Images of NSF-NIST-HHS-FAA-Logos

The toolkit provides partners with a range of resources to choose from to help them better protect their research and innovation. The resources include training, best practices, videos, awareness materials, policy references, and other materials from across the U.S. government, as well as from academia (including training for research institutions made by research institutions). The toolkit will remain a dynamic resource that is maintained and updated. Select a category to start accessing resources. Links to any non-Governmental information are provided for reference and awareness, and not as directions or NCSC recommendations.

As mandated by Congress, a core NCSC mission is to conduct counterintelligence (CI) outreach to the U.S. private sector, academic and research communities, as well as other external stakeholders to arm them with information about foreign intelligence threats to their organizations and ways to mitigate risk.

Operations Security

Operations Security

NCSC executes the roles and responsibilities of the National Operations Security (OPSEC) Program Office, as described in National Security Presidential Memorandum 28 (NSPM-28) and will support department and agency implementation of OPSEC programs. NCSC/ETD will provide additional guidance, work with all Executive Branch departments and agencies to develop their programs, and will provide program development, training, and awareness materials.

As set forth in NSPM-28, the National Operations Security Program (NOP) supports the establishment, implementation, and standardization of stakeholder OPSEC programs across the Executive Branch of the U.S. Government (USG) and, as appropriate, beyond to trusted partners.

NSPM-28 requires all Executive Branch departments and agencies to implement OPSEC capabilities that identify and protect their most critical assets, identify and mitigate vulnerabilities, consider foreign adversarial threats in their organization’s risk management activities, and apply sufficient threat mitigation practices to counter the threat. NOP requirements are set forth in NSPM-28.

National OPSEC Awareness Month

January 2024 —

Enterprise Risk Mitigation

October 2023 —

OPSEC Bulletins

April 2024 —

March 2023 —

NOP Authorities & Policies

  • NSPM – 28 Requirements

    Please Note: National Security Presidential Memorandum (NSPM) 28 is Unclassified but not approved for public release and therefore cannot be posted on this website. Stakeholders within the US government may reach out to This email address is being protected from spambots. You need JavaScript enabled to view it. to obtain a copy.

  • NCSC Memo – National Security Operations Security

OPSEC Training

  • Registrar: This email address is being protected from spambots. You need JavaScript enabled to view it.
  • 2024 OPSEC Training Schedule
  • OPSEC for All

OPSEC Resources & Templates

OPSEC Posters

National Counterintelligence and Security Center