From June 16th – June 19th of this year, the Northeast Regional Intelligence Group (NRIG), sponsored by the National Fusion Center Association, convened in Jersey City to share best practices on information sharing. Dubbed “Cyber Thursday,” the second day of the three day conference included a variety of presentations on integrating cybersecurity into states’ Fusion Centers. We were on hand to share our early experiences of this integration in the State of New Jersey at our Regional Operations Intelligence Center (ROIC).

On May 20, 2015, Governor Chris Christie signed into law Executive Order 178, which established the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), our State’s one-stop-shop for all cyber incident reporting, threat analysis, and information sharing. Located at our Fusion Center in West Trenton, the NJCCIC’s mission is simple: to expand access to cyber threat information for New Jersey’s citizens, businesses, and governments. From the moment a vulnerability is disclosed, we aim to promote shared awareness of the threat and facilitate swift mitigation across both the public and private sectors. 

The NJCCIC combines a rare flavor of all-source intelligence analysts with network analysts and security engineers. This “fusion” of technical and non-technical security disciplines is perhaps the NJCCIC’s most valuable asset early on. As we enhance our platform for automated indicator sharing (AIS) to correlate threats across the public and private sectors, we seek to share actionable cyber threat data without the burdens and constraints of manual methods.

But as we’ve discovered early on, cybersecurity at the state level goes beyond just exchanging threat indicators. Just like intelligence and law enforcement operations in the physical realm, cyber operations demand a high degree of de-confliction across institutions (public, private, local, and federal) and domains (physical and virtual). Take social media, for example, where law enforcement officers at all levels of government routinely assume undercover aliases to investigate cyber-attacks. In the absence of formal de-confliction measures, such investigations run a high risk of compromise. By no means did we solve the cyber de-confliction problem last week; far from it. Nevertheless, a conversation was started that should transcend both state lines and levels of governments. States like Missouri, through the Kansas City Terrorism Early Warning Fusion Center, are already making great strides in their jurisdiction, and it is an opportune time to increase collaboration among all Fusion Centers and federal agencies.

In many respects, the day-long discussion of cybersecurity at this year’s NRIG is representative of the evolving threat landscape and how state and local governments simply cannot ignore its importance. As demonstrated by the NJCCIC, each state’s Fusion Center can serve as an effective vehicle for exchanging cyber threat information within a regional jurisdiction, and the same is true for sharing cyber operational information.

To learn more about the NJCCIC, visit cyber.nj.gov or follow @NJCybersecurity on Twitter.