Thursday, April 25, 2019

What is the NCIJTF?


The acronym NCIJTF stands for National Cyber Investigative Joint Task Force.

It is a so-called fusion center, one of many inside the US Intelligence Community, so it's not a three letter agency unto itself, but rather a hub where many agencies collaborate and participate. Fusion centers came into vogue after stovepiping of intelligence was identified as a cause of the 9/11 attacks. It's a simply a way to combat stovepipes/silos. One example of a fusion center is the FBI's Joint Terrorism Task Forces (JTTF) which are scattered across the US and are each comprised of the local branches of FBI, US Secret Service, DEA, ATF, ICE, US Postal Inspection Service, US Marshals Service and much more.

Another example of a fusion center is the OCDETF, which Bruce Ohr ran not too long ago. That organization gathers intelligence on multi-jurisdictional drug trafficking and money laundering operations by pooling information from many of the same agencies mentioned above.

However, unlike the JTTF (terrorism) or the OCDETF (drug trafficking), the NCIJTF is specifically focused on cyber crimes, a discipline which the FBI has had an interesting relationship with. Any talk of the NCIJTF has to be couched in a larger conversation about the FBI and Cyber.

FBI, Cyber & creating the NCIJTF

A ton of things changed after 9/11 and the FBI shifted from an almost exclusively law enforcement agency to one that actually prioritized national security first. In 2006, then-Director Robert Mueller said:
"After the September 11 attacks on America, the FBI priorities shifted dramatically. Our top priority became the prevention of another terrorist attack. Today, our top three priorities—counterterrorism, counterintelligence, and cyber security—are all national-security related. To that end, we have made a number of changes in the Bureau, both in structure and in the way we do business."
As part of the reorganization, the FBI established a Cyber Division in 2002 and it was actually a quite prescient move. But "cyber" can mean many things of course. At first, the intent for the department seems to have been "crimes committed using a computer." So things like identity theft, digital child pornography and yes, P2P network intellectual property piracy.

Whatever your opinion of Napster is, the FBI's focus did not seem to extend much to large scale cyber intrusions. And to be fair, these were just were just starting to filter into the mainstream. But the federal government as a whole didn't seem to really get serious about cyber intrusions until the waning days of the Bush administration.

In January 2008, a classified presidential directive (specifically the Homeland Security Presidential Directive 23 and National Security Presidential Directive 54) was issued. It's also sometimes referred to as the Comprehensive National Cyber Security Initiative (CNCI). This thing seems to have a million names so I'm going to call it NSPD-54 or simply "the directive."

It was classified at the time, but we have access to a semi-redacted version of it now. From it's preamble, the purpose was to "(strengthen) policies for protecting the security and privacy of information entrusted to the Federal Government." Meaning, protect the data of the federal government from all adversaries. It's described further in this congressional report.

So, note here, that there is already a Cyber Division inside the FBI. NSPD-54 is intended to supplement or go above and beyond what is already there, and it's not just about the FBI, this has elements that affect all the three letter agencies.

A clue for what was envisioned under this directive can be gained from one of it's architects: Shawn Henry

an enterprising lad

Henry, later of Crowdstrike fame, was actually on the "study group" which formulated NSPD-54.

At the time he was Deputy Assistant Director in the FBI Cyber Division and was in the middle of a large, successful sting operation, which the FBI later took credit for and boasted about. Henry had set up an elite seven-agent cybercrime unit based at the National Cyber Forensics Training Alliance in Pittsburgh, PA, which is itself a semi-autonomous organization within the FBI.

This will come up again. Henry seems to like small teams outside of the bureaucratic structure and ideally working in non-identified and non-descript buildings in order to outfox whatever his cyber foe is at the time. But I digress...

The sting operation involved setting up a cybercrime forum called DarkMarket which purported to be run out of Eastern Europe but was actually run by the FBI in Pittsburgh! It netted 56 arrests worldwide, clearly a success.

So the NCIJTF seems to be an outgrowth of this. A way to maintain an agile cyber team within the bureaucratic US Government while having access to it's vast array of tools and resources. Henry was promoted to Assistant Director inside the FBI shortly after NSPD-54 was issued.

What does the NCIJTF do?

Back to the directive, section 31 reads as follows:
From NSPD-54

The NCIJTF is made up of a constellation of federal agencies. In fact, the full list is here:
From DOJ IG Report

The one redacted agency is the CIA of course. But this redaction explains so many things. Anything that gets "The Agency" involved becomes extremely secretive, in fact ridiculously so, as you can tell from the above image.

But in terms of what the NCIJTF was intended to do, here are some examples directly from the US Government:
  • Strategy: Developing global view of information warfare activity creating strategic framework for centralizing coordination of existing operational initiatives an developing new initiatives
  • Attribution: Seeks to identify threats to computer networks affecting national security
  • Investigation: Conducts LE/CI/CT cyber-related investigations and response to counterintelligence threats
  • Disruption: Proactively disrupts the foreign exploitation of U.S. computer networks
  • Incident Response: Identifies new methods of attacks; intends to develop 24/7 operations center
  • Collaboration: Collaborates with Intelligence, Law Enforcement, USSS, other USG entities, foreign LE agencies, state and local government, and private sector; Developing synchronization and collaboration approach for investigations
  • Monitor: Reviews all-source data and identifies intelligence gaps
  • Collection: Collects and synthesizes common operating picture of hostile-intrusion-related activity to aid investigations

And even though this is a collection of various agencies, the FBI was clearly taking the lead role on the NCIJTF. There was later a push to make it equally-led.

Obama signs on

So to re-state, NSPD-54 is a late Bush administration invention.

But once Obama was inaugurated in January 2009, he fully bought in to the plan. Look at this, published by the Obama White House in May 2009 which essentially puts the NSPD-54 directive in in graphic form:
Issued by Obama White House

You can see the NCIJTF is named directly in the bottom left as one of seven federal cyber centers (fusion centers). If you count the spokes sticking out of each fusion center, each of which represent "main functions", the NCIJTF actually has the most spokes and thus the most expected functions.

On the campaign trail, Obama promised to "make cyber security the top priority that it should be in the 21st century" so it must have been convenient to plug and play this policy. Also, his campaign was supposedly targeted by foreign hackers and he got a defensive warning from the FBI about it. So maybe he appreciated that. Regardless, Shawn Henry's brainchild survived a change in presidential administration and political party control in Washington.

The NCIJTF through today

Since 2009, the US Government has faced a dramatic rise in cyber threats and has had a spotty record of defending against them. The list of foreign hacks is long and sad. Some lowlights include the DPRK launched Sony hack in December 2014, the Clinton home-brew server reveal in March 2015, the Shanghai launched OPM theft in June 2015 and of course the GRU spearfishing attempts starting March 2016.

Yet through all that, the NCIJTF has been assigned more and more responsibility. Under the FBI's "Next Generation Cyber"  program launched in 2012, the NCIJTF was strengthened.
From DOJ IG Press Release

Plus, at the height of the election interference of 2016, the Obama administration designated the NCIJTF as the lead responder to emerging cyber threats. That was issued on July 26, 2016...four days after the shocking Wikileaks drop of hacked DNC documents.

Shawn Henry left the FBI in April 2012 to found his cybersecurity company, Crowdstrike. But Henry still uses his involvement with the NCIJTF in his press bios. It is something he is especially proud of:

It is also named in some of the "Midyear Exam" (Hillary Clinton Email Case) FBI documentation. Such as here:

Which even names a location for the NCIJTF: Chantilly, Virginia. In a text message, Peter Strzok mentions going to "Mission Ridge" which is an office building complex in Chantilly and is where I believe the NCIJTF is located. 

But more info on that in for the next article...

84 comments:

  1. I have seen this abbreviation so many times and I had no question in my head what it means. Now, having read this article, I understood what it is.

    ReplyDelete
  2. Top Technologies to learn


    Excellent blog with lots of information. I have to thank for this. Do share more.

    ReplyDelete
  3. Does your site work? Gab's not working. I'm dead cuz I can't bug you.

    ReplyDelete
  4. Um, I hope you get this Nick .... it's about Gab. Everyone thinks/says I'm psycho. Complicated, but I posted a couple of messages to Gab via their link to Facebook (which I haven't been on for years). Then I tried to get on Gab's site again and get this:
    gabcom.cloudflareaccess.com
    www
    A code has been emailed to you. Enter it below to complete your login:

    (My screenshots don't appear - took a camera shot). Anyways, I entered my e-mail address, but did NOT receive an email to "complete your login" with a code. Ugh. I hate everyone. Gab/Torba is going to die if they don't fix their site (I warned them and now after I followed their links to FB and warned them 3 times - I am now getting weird shit and can't even access their site's "error" maintenance message? Huh. I'm not tech savvy, but I ain't stupid Nick. Huh.
    https://news.gab.com/2020/05/19/gab-status/

    ReplyDelete
  5. famous jewellery shops in chennai

    The craze on jewelry never goes down. Are you looking for the best Jewellery shops in Chennai? Here, is the list for you.

    ReplyDelete
  6. data scientist interview questions and answers pdf

    Important Data science Interview Questions and Answers for freshers and experienced to get your dream job in Data Science! Basic & Advanced Data Science Interview Questions for Freshers & Experienced.

    ReplyDelete
  7. What are the best practices the team follows for your business processes? Whether they have the required business experience for your field? Salesforce training in Hyderabad

    ReplyDelete
  8. Choose to bet on football with us There are more than 100 different sports to choose from, playing live every match for you to have fun 24 hours a day. There is an online casino, Baccarat, สมัคร ufa, Dragon Tiger, Sa Casino Sexy Bacarat, live broadcast directly to your hand 24 hours a day.

    ReplyDelete
  9. Choose to bet on football with us There are more than 100 different sports to choose from, playing live every match for you to have fun 24 hours a day. There is an online casino, Baccarat, สมัคร ufa, Dragon Tiger, Sa Casino Sexy Bacarat, live broadcast directly to your hand 24 hours a day.

    ReplyDelete
  10. Internet slots (Slot Online) is actually the launch of a gambling machine. Slot machine As said before above Used to make electronic games called web based slots, due to the development era, people have left turned to gamble with one another by computers. Will draw slot games to make web based gambling games Via the web network system Which players are able to play through the slot plan or will perform Slots through the service provider's website Which online slots games are on hand in the kind of playing guidelines. It is similar to playing on a slot machine. Both realistic pictures as well as sounds are at the same time thrilling as they go to lounge in the casino ever.บาคาร่า
    ufa
    ufabet
    แทงบอล
    แทงบอล
    แทงบอล

    ReplyDelete
  11. Internet slots (Slot Online) is actually the launch of a gambling machine. Slot machine As said before above Used to make electronic games called web based slots, due to the development era, people have left turned to gamble with one another by computers. Will draw slot games to make web based gambling games Via the web network system Which players are able to play through the slot plan or will perform Slots through the service provider's website Which online slots games are on hand in the kind of playing guidelines. It is similar to playing on a slot machine. Both realistic pictures as well as sounds are at the same time thrilling as they go to lounge in the casino ever.บาคาร่า
    ufa
    ufabet
    แทงบอล
    แทงบอล
    แทงบอล

    ReplyDelete
  12. I get emails on all of these comments Nick - I don't read them, but I'm worried about you. I get it more than you know. Ugh. Sigh.

    Kathryn

    ReplyDelete
  13. Very interesting post,Thanks for sharing this information.

    SAP ABAP Course in pune

    ReplyDelete
  14. Silos in every sector lead to problems.

    ReplyDelete
  15. Great blog.thanks for sharing such a useful information
    QTP Training

    ReplyDelete
  16. You've written a fantastic article. This article provided me with some useful knowledge. Thank you for providing this information. ISO 9001 certification in UAE

    ReplyDelete
  17. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. concrete contractors milwaukee

    ReplyDelete
  18. This post is so interactive and informative.keep update more information...
    selenium training in tambaram
    selenium training in chennai

    ReplyDelete
  19. Chilterntmc is one of the best ISO Consultants in Dubai, do check the website at https://www.ctmc.ae/

    ReplyDelete
  20. https://www.ctmc.ae/iso-17025-training-in-dubai.php

    ReplyDelete
  21. This comment has been removed by the author.

    ReplyDelete
  22. Very nice post, impressive. its quite different from other posts. Thanks for sharing.
    Apply for Super Visa Canada

    ReplyDelete
  23. The NCIJTF has the primary responsibility to coordinate, integrate, and share information in support of cyber threat investigations; supply and support intelligence analysis for community decision-makers; and provide value to other ongoing efforts in the fight against cyber threats to the nation

    ReplyDelete
  24. I'm privilege to see this post here. Check out the top Tree Removal Harrisonburg VA for a better tree service.

    ReplyDelete
  25. The National Cyber Investigative Joint Task Force (NCIJTF), is in charge of threat response, which entails investigating and attributing specific cyber activities to specific individuals or entities, as well as coordinating with other agencies. Looking for the best concrete contractor? Visit us at Stamped Concrete Harrisonburg.

    ReplyDelete
  26. A new joint-seal ransomware fact document has been produced by the National Cyber Investigative Joint Task Force (NCIJTF). Click here for more details

    ReplyDelete
  27. Looking for the best concrete contractor? We are providing the best concrete contractors around Harrisonburg area. View more here https://www.concreteharrisonburg.com/

    ReplyDelete
  28. What does FBI cyber crimes investigate?
    In the national security area, the FBI investigates criminal matters involving the nation's computerized banking and financial systems; the various 911 emergency networks; and telecommunications systems.

    ReplyDelete
  29. Excellent website! Is your theme one you created yourself or did you get it from somewhere?
    With a few minor tweaks, a design like yours could really make my blog pop. Check out Orange County Tree Service

    ReplyDelete
  30. Thanks for sharing this Informative content. Well explained. Got to learn new things from your Blog.
    Salesforce Offshore Support Services

    ReplyDelete
  31. This article is very attractive. Those who need this information, it's very informative and understandable for those all. Thanks for this information.
    Microsoft Dynamics CRM Support

    ReplyDelete
  32. Awesome blog.I find it interesting and is pretty fascinating, By reading your blog i got very useful information.Thanks for sharing this blog.
    SharePoint Support

    ReplyDelete
  33. Very interesting article. Many articles I come across these days really not provide anything that attracts others, but believe me the way you interact is literally awesome.
    FinancialForce offshore Support

    ReplyDelete
  34. Happy to hear all about this. Your blog is getting more attention.

    ReplyDelete
  35. Being a citizen of the U.S. FBI is the National Cyber Investigative Joint Task Force's (USIC) principal agency (NCIJTF). In the Washington, D.C., area By Presidential Directive, the NCIJTF acts as the national hub for organizing cyber threat investigations throughout the metro region.

    You can also visit our blog about quality concrete foundation.

    ReplyDelete
  36. There are numerous federal agencies that make up the NCIJTF.

    Find more info here . To see our amazing general contractor in Spokane.

    ReplyDelete
  37. Beyond Compare License Key is focused. It allows you to quickly and easily compare your files and folders. By using simple, powerful commands Beyond Compare Crack

    ReplyDelete
  38. Thanks for sharing this wonderful post!
    Tree Services Santa Fe

    ReplyDelete
  39. What is the NCIJTF and how is it involved in cybersecurity investigations?

    ReplyDelete
  40. Thank you for such a well written article. It’s full of insightful information and entertaining descriptions. Your point of view is the best among many.

    How about a quick visit to Kennewick Concrete Patio

    ReplyDelete
  41. Wow great Article, the details you have provided are much clear, easy to understand, if you post some more Article, it will be very much useful for me.

    Check here: https://www.spokaneheatingcooling.com/

    ReplyDelete
  42. The psychology of packaging and consumer behavior involves understanding how packaging design and elements such as color, shape, texture, and typography influence consumers’ emotions, perceptions, and behavior. This includes the way consumers perceive the product’s quality, value, and functionality, as well as how packaging can communicate a brand’s values, personality, and identity. The psychology of packaging is rooted in the principles of visual perception, cognition, and neuroscience, and seeks to identify the subconscious and conscious factors that drive consumers’ reactions to packaging.

    ReplyDelete
  43. This is a comprehensive and engaging overview of the NCIJTF, its history, and its role in combating cyber threats. It's unique to see how the NCIJTF has evolved and become a critical hub for collaboration and information-sharing among various federal agencies. Kudos to the author for presenting this complex topic clearly and concisely!

    ReplyDelete
  44. By coordinating efforts between intelligence and law enforcement organizations, the National Counterintelligence and Joint Terrorism Task Force (NCIJTF) is essential in preserving national security. This cooperative strategy assists in identifying and reducing risks posed by both domestic terrorists and foreign intelligence services. Maintaining the safety and integrity of the United States depends heavily on the knowledge and information-sharing of the NCIJTF.
    career counseling services

    ReplyDelete
  45. This is my first time visit here. From the tons of comments on your articles, I guess I am not only one having all the enjoyment right here!

    You can also visit us at Frederick Decorative Concrete

    ReplyDelete
  46. Incredible post I should state and much obliged for the data. Instruction is unquestionably a sticky subject. Be that as it may, is still among the main themes of our opportunity. I value your post and anticipate more.

    More info at www.a1treeservicespokane.com

    ReplyDelete
  47. The NCIJTF, or National Counterintelligence and Security Center (NCSC) Counterintelligence and Security Directorate, is a crucial government organization dedicated to safeguarding the United States against foreign intelligence threats and promoting national security. With its expertise and collaborative approach, the NCIJTF plays a vital role in detecting, countering, and mitigating espionage and other illicit activities that pose a risk to the nation's interests. .Get more details here Charlottesville tree service.

    ReplyDelete
  48. Pleasant article. Think so new type of elements have been incorporated into your article. Sitting tight for your next article.

    Now look for the best Stamped Concrete Harrisonburg

    ReplyDelete
  49. Reading about the formation of the fusion center in response to the 9/11 attacks reminded me of my own experience working in a similar collaborative setting. As a cybersecurity analyst, I had the opportunity to participate in a joint task force where experts from various agencies came together to combat cyber threats. Witnessing the collective effort and expertise firsthand truly emphasized the importance of collaboration in addressing the evolving challenges of the digital landscape.

    ReplyDelete
  50. "very informative article!!! thank you so much!
    "
    Lawyers Red Deer

    ReplyDelete
  51. Wow, this blog post provides an intriguing glimpse into the world of cybersecurity and the formation of the NCIJTF. Reading about the FBI's shift in priorities after 9/11 and their efforts to combat cybercrime is eye-opening. The involvement of Shawn Henry, the mastermind behind the successful DarkMarket sting operation, adds a thrilling element to the story. It's fascinating to see how the NCIJTF has evolved and taken on more responsibility in the face of rising cyber threats.

    ReplyDelete
  52. Great post with heaps of data. I truly partook in each and every piece of it, over all items is should understand material. I'm trusting a similar best work from you later on moreover. There are genuinely bunches of reasonable focuses on this site some of my perusers could understand this helpful. I'm grateful for this data. Continue to post, remember to visit my site.

    ReplyDelete
  53. Such a well-researched and informative piece.
    Accountants Brampton

    ReplyDelete
  54. I really loved it and thank you very much for sharing this with us.Great site with an awesome post. Thanks for sharing.
    Tree Services

    ReplyDelete
  55. Keep up the great work! It's truly fantastic and wonderful! I found it exceptionally engaging. Thanks! Victoria Gutter Services Company

    ReplyDelete