Building a One-Stop Cyber Intelligence Shop
Cybersecurity is a collective responsibility and New Jersey's digital density demands close and constant collaboration across sectors and industries.
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) is the State’s one-stop shop for cybersecurity information sharing, threat analysis and incident reporting. Located at the Regional Operations Intelligence Center (ROIC), the NJCCIC brings together analysts and engineers to promote statewide awareness of local cyber threats and widespread adoption of best practices.
The goal is to promote shared and real-time awareness of cyber threat for New Jersey's citizens, local governments, businesses, and critical infrastructure owners and operators. The NJCCIC bridges the information divide between local, state, federal, public, and private sector institutions to reduce New Jersey's cyber risk and respond to emergent incidents.
In a webinar, Building a One-Stop Cyber Intelligence Shop, the New Jersey State CISO, Dave Weinstein, and the Director of Intelligence, Rosemary Martorana, discussed aspects of the NJCCIC and how organizations can apply lessons learned to enhance their own cybersecurity policies and practices.
According to Weinstein, one way the NJCCIC achieves success is ensuring that the intelligence delivered to customers is actionable. He uses analytics, cyber intelligence and data, in addition to what he calls the human component, with four, full-time cyber analysts.
Martorana discussed how the NJCCIC truly shares information to mitigate cyber crime. The NJCCIC provided assistance to Rutgers University, which has fallen victim to a number of cyber attacks in the past year, by monitoring the threat landscape for follow-on attacks, providing analysis to support potential motives behind the attacks to better inform Rutgers leadership, and bridging the information gap between the university and federal assets, which helped the university immunize itself against the same types of attacks to prevent sustained network disruptions.
The NJCCIC also reports on its findings to its members, sharing “indicators of compromise” (attributes of the attackers, their methodology, threat indicators, and more) so they could take steps to protect their enterprises from similar attacks.
The NJCCIC also has an advanced training capability, says Martorana. Analysts can be sent out to small businesses or other arms of local government to train employees.
The information-sharing benefits of the NJCCIC are not solely limited to enterprises in New Jersey, however. The program provides intelligence to members in 19 different states, and includes 34 federal agencies. If you are interested in becoming a member, please visit cyber.nj.gov for more information.