Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementProfiles in ExcellenceCybersecurity NewsGovernment: Federal, State and Local

The NJCCIC: Building a One-Stop Cyber Intelligence Shop

New Jersey Office of Homeland Security and Preparedness Director Chris Rodriguez; cyber security news, cyberattack help

“We see cybersecurity as not only a technological issue and problem but also a homeland security issue, which requires a lot of that strategic planning and positioning of our limited resources to tackle a lot of these threats,” says New Jersey Office of Homeland Security and Preparedness Director Chris Rodriguez, pictured here at the NJOHSP headquarters in Hamilton when Governor Chris Christie signed executive order 178 to officially establish the NJCCIC on May 20, 2015.

Photo courtesy of NJOHSP

David Weinstein, Director of Cybersecurity for the NJOHSP and CISO for the State of New Jersey; cyber security news

David Weinstein, Director of Cybersecurity for the NJOHSP and CISO for the State of New Jersey, announced the new partnership on January 26, 2016, between the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) and the National Healthcare Information Sharing and Analysis Center (NH-ISAC) to enhance cybersecurity information-sharing on behalf of New Jersey’s healthcare providers.

Photo courtesy of NJOHSP

New Jersey Office of Homeland Security and Preparedness Director Chris Rodriguez; cyber security news, cyberattack help
David Weinstein, Director of Cybersecurity for the NJOHSP and CISO for the State of New Jersey; cyber security news
April 1, 2016

A new cybersecurity support system is being developed in the New Jersey Office of Homeland Security and Preparedness.

Finding information on cybersecurity threats that is actually useful to the enterprise, either in timeliness, relevance or coherence, can be a challenge, especially in a threat landscape where a new cyber threat or attack seems to emerge every day. This gap in intelligible information-sharing helped to create the basis for the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).

Housed within the New Jersey Office of Homeland Security and Preparedness (OHSP, ranked #2 in the 2015 Security 500 Rankings) and the state’s Division of Cybersecurity, the NJCCIC was called for in Governor Chris Christie’s May 20, 2015 executive order, and it serves as a one-stop shop for cyber information sharing.

The trick to success in this area, says David Weinstein, Director of Cybersecurity for the NJOHSP and CISO for New Jersey, is ensuring that the intelligence delivered to customers is actionable. “We have a pretty robust collection platform; in other words, the NJCCIC is monitoring adversarial traffic across all 15 departments of the state government, distilling that information, applying analytical tradecraft to it and then sharing it with trusted partners in a manner that is both timely and actionable,” he says. “And that latter piece is critical, as a lot of what’s taking place in the cyber intelligence space is prohibiting the actioning of intelligence because either the information is too complicated, there’s too much information, or there’s nobody on the receiving end who’s equipped to make sense of it or actually use it to support their risk mitigation efforts.

“There’s a lot of technology behind that, but there’s also a human component,” he continues. “We have four full-time cyber threat intelligence analysts who are constantly combing through reams of data to translate the ones and zeroes of cyber space into nouns, adjectives and verbs that our customers can make sense of.”

Phrasing cyber threats in a manner that’s comprehendible for the NJCCIC’s nearly 1,400 customers is imperative, as many of these customers are small or mid-sized businesses, which often do not have the in-house resources or personnel to accurately track and monitor cyber threats and jargon.

Weinstein adds that what is critical for a cybersecurity leader is “having the skills necessary to translate cyber risk management into the business requirements of each particular agency.” And in the absence of a CISO inside the enterprise, the NJCCIC is filling that intelligence gap.

This is also a challenge that the U.S. federal government is facing, as in February 2016 President Obama called for the creation of a national Chief Information Security Officer role to manage national cybersecurity policy and response for the government. According to Weinstein, having a centralized authority for cybersecurity can help to create a less federated cybersecurity governance program, leading  enterprises to realize better economies of scale through pooling cybersecurity resources and a more efficient, coordinated cybersecurity incident response.

According to Chris Rodriguez, Director of the New Jersey Office of Homeland Security and Preparedness, “One of the things that we’re doing that’s unique in New Jersey is centralizing cybersecurity policy and operations under a single entity, which is Dave Weinstein’s Cybersecurity Division. We see cybersecurity as not only a technological issue and problem but also a homeland security issue, which requires a lot of strategic planning and positioning of our limited resources to tackle a lot of these threats.”

Establishing MOUs with Information Sharing and Analysis Centers (ISACs) for specific industries critical to New Jersey (healthcare and financial services, currently) helped to multiply the data and resources available for the NJCCIC, says Rodriguez, and the team at the OHSP are utilizing these partnerships and their in-house expertise to fill gaps in cybersecurity services at the state and local level.

“We took a look at some of the best practices and lessons learned since the U.S. Department of Homeland Security set up the NCCIC (the National Cybersecurity and Communications Integration Cell) several years ago, and we looked for voids that existed at the state level,” Weinstein says. “And what we learned is that the federal government is really good at sharing information with major critical infrastructure owners and operators and with federal agencies, especially within the intelligence community, but there were major intelligence divides at the state and local level as well as among small and mid-sized businesses. So we’ve designed the NJCCIC to fill those information divides with a keen focus on local governments and SMBs.

“In order to do that, we needed to design our capabilities differently than the federal government has, because many of our constituents, whether they be a local government with an IT shop of two folks or a small business with no IT shop whatsoever, are not as sophisticated technically or resourced as well as the federal government’s customers in this space. So we’ve had to adapt in the way that we share information with these customers, and make sure that we understand their requirements and their capabilities so that we’re actually able to establish two-way information-sharing channels with these parties,” he says.

One of Weinstein’s goals for the NJCCIC is to help build a “fire department for cybersecurity.” Currently, he says, the federal government has limited capacity to provide incident response assistance at the state and local level, so New Jersey is working to develop a response program to assist its constituents.

“This is a model that exists in the private sector and in the federal government, but it requires having trained and equipped incident responders either on a volunteer basis or a permanent basis at the state level,” Weinstein says. “And it also requires an EMS-like dispatch apparatus to obviously report the incident and deploy assets to mitigate it and help the victim recover.”

However, despite this formal capacity still being in development, the NJCCIC is still of service to enterprises and its members during an incident. Take for example Rutgers University, which has fallen victim to a number of cyber attacks in the past year. The NJCCIC provided assistance by monitoring the threat landscape for follow-on attacks, providing analysis to support potential motives behind the attacks to better inform Rutgers leadership, and bridging the information gap between the university and federal assets, which helped the university immunize itself against the same types of attacks to prevent sustained network disruptions.

The NJCCIC also reports on its findings to its members, sharing “indicators of compromise” (attributes of the attackers, their methodology, threat indicators, etc) so they could take steps to protect their enterprises from similar attacks.

“At the end of the day, that is our most valuable source of intelligence, that being these types of incidents, because it’s real time, it’s very actionable for other parties, and it reflects the latest and greatest picture of New Jersey’s threat landscape in cyberspace,” says Weinstein.

“What we’ve built at the NJCCIC will help us bolster our operations and make sure that our policies are informed not just by static standards or regulatory frameworks, but by actual threats that are impacting the state of New Jersey,” he adds.

A large component of that threat landscape is terrorism, and as part of the OHSP, the NJCCIC is in a unique position to help address that threat, Rodriguez says. Cybersecurity analysts in both the NJCCIC and the OHSP can coordinate to monitor social media feeds and activity on the Dark Web to gather intelligence about potential attacks in New Jersey.

“There are two issues here that we think about: One is terrorists’ use of the Internet – we think about ISIS’s use of the Internet and particularly taking advantage of ubiquitous encryption technology to advance their operational plans and proliferate their message – but then there’s also the notion of cyber terrorism, and terrorists actually weaponizing code to advance a political agenda,” says Weinstein. “These are two issues that, because of how the OHSP is organized and the expertise that we have on the intelligence side and the technical side, we’re pretty well postured to tackle and confront.”

He adds that: “I think going forward as we look at the evolution of the threat, I’m increasingly concerned about the degree to which terrorist actors will develop higher levels of sophisticated capabilities and begin to threaten critical infrastructure assets across the state of New Jersey. Right now, and this is true in New Jersey, nationally and globally, most terrorist organizations possess the intent to conduct destructive cyber attacks, but they lack the capability. I think over the next five years, given the fairly low barriers for entry in this space, that paradigm will begin to shift. So we’re taking proactive steps to make sure that we’re aware when that paradigm starts to shift, and that we’re postured from a technical standpoint and a policy standpoint to address any threats that come down the line.”

The NJCCIC also has an advanced training capability, says Rodriguez. Analysts can be sent out to small businesses or other arms of local government to train employees.

“What we’re finding is the vast majority of cyber attacks and breaches could have been prevented simply by updating anti-virus software on computers, and that a lot of the breaches are able to enter systems by people opening up suspicious links in their emails,” Rodriguez says. “Increasing public awareness, and state government awareness as well, in terms of what’s to be opened and what shouldn’t be, is a critical part of this. What we’re finding is that it’s not just having the proper technical capacities in place; sometimes people are the weakest link in the cybersecurity chain, and we do have and we are developing robust training capabilities for employees at all levels of government and in the private sector as well.”

The information-sharing benefits of the NJCCIC are not solely limited to enterprises in New Jersey, however. The program provides intelligence to members in 19 different states, and includes 34 federal agencies. If you are interested in becoming a member, please visit cyber.nj.gov for more information.

For Rodriguez notes: “As we share more information and intelligence, we become more cyber resilient across the board.”

KEYWORDS: cyber attack information sharing New Jersey CCIC threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • surveillance  data

    Building a resilient enterprise with threat intelligence

    See More
  • financial- enews

    The Building of a Cyber Resilient Financial Services Sector

    See More
  • SEC1018-career-Feat-slide1_900px

    Building a Relationship with a Search Firm – The Candidate Viewpoint

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing