Overview[edit | edit source]
On January 8, 2008, the President signed Presidential Directive NSPD-54/HSPD-23. It mandated the National Cyber Investigative Joint Task Force (NCIJTF or NCI-JTF) to be the focal point for all government agencies and to coordinate, integrate, and share information related to all domestic cyber threat investigations. The FBI is responsible for developing and supporting the joint task force, which includes 18 intelligence agencies and law enforcement, working side-by-side to identify key players and schemes. Its goal is to predict and prevent what will happen in the future and to pursue the enterprises behind cyber attacks.
The NCIJTF currently has signed memoranda of understanding (MOUs) with approximately 24 member agency representatives, which allow for sharing of cyber threat information — to include classified CTIs — with the NCIJTF.
The NCIJTF has several existing mechanisms for sharing classified CTIs to the appropriate federal entities, as members of the NCIJTF. CyWatch, the NCIJTF's 24/7 watch floor, serves as the primary mechanism for sharing classified CTIs with federal entities that are NCIJTF members. In addition, the NCIJTF's Office of Threat Pursuit analyzes collected cyber threat data and provides reports on exfiltrated data, which are shared with member agencies. Lastly, the Office of Campaign Coordination facilitates the sharing of classified CTIs and DMs related to campaign missions among participating agencies.
Instead of focusing on reducing cyber vulnerabilities, the NCIJTF focuses on making the Internet safer by pursuing the terrorists, spies, and criminals who seek to exploit it. Because they act globally across many jurisdictions, the collaboration at the NCIJTF is critical to ensure all legal means and resources available are used to track, attribute, and take action against these cyber threats and to ultimately place international cybercriminals behind bars and off our global networks.
The NCIJTF contributes heavily to tracking down cyber threats domestically — whether the perpetrators physically reside in the United States or attack computers inside our country from abroad. The NCIJTF maintains extensive partnerships with industry and the private sector to raise threat awareness and proactively identify emerging dangers. The NCIJTF establishes predication to work with cybercrime victims or to obtain court orders to access information needed to track threats. The unique functions of the NCIJTF allow the U.S. to leverage technology, tactics, and partnerships to best address the global cyber threat.