Cyber Information Sharing and Collaboration Program (CISCP)Information shared via CISCP allows all participants to better secure their own networks and helps support the shared security of CISCP partners. Further, CISCP provides a collaborative environment where analysts learn from each other to better understand emerging cybersecurity risks and effective defenses. CISCP is based upon a community of trust in which all participants seek mutual benefit from robust information sharing and collaboration. CISCP is free of charge and provides value to all members. Therefore, all companies with an interest in multi-directional cybersecurity information sharing and robust analytic collaboration between the government and the private sector should consider joining CISCP.National Cybersecurity and Communications Integration CenterNCCIC_6651e044-bbca-11e6-a72d-d1d8f7e90587The Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) serves as the hub of information sharing activities for the Department to increase awareness of vulnerabilities, incidents, and mitigations.Department of Homeland SecurityCyber Information Sharing and Collaboration Program (CISCP)Within the NCCIC, the Cyber Information Sharing and Collaboration Program (CISCP) is DHS's flagship program for public-private information sharing and complements ongoing DHS information sharing efforts.CompaniesIn CISCP, DHS and participating companies share information about cyber threats, incidents, and vulnerabilities.Networks are secure._6651e1ac-bbca-11e6-a72d-d1d8f7e90587To share information about cyber threats, incidents, and vulnerabilities._6651e210-bbca-11e6-a72d-d1d8f7e90587CybersecurityInformation sharing is a key pillar of effective cybersecurity.Information SharingSpeedBy sharing information rapidly between the government and the private sector, network defenders are able to block cyber threats before damaging compromises occur. EmpowermentInformation shared among CISCP partners is governed using the Traffic Light Protocol (TLP), which empowers the submitter to determine the handling and dissemination of their information. For more on TLP, visit http://us-cert.gov/tlp.Information ProtectionProtecting Shared Information and Privacy -- Data can be submitted to CISCP under Protected Critical Infrastructure Information (PCII) Program. Any PCII submissions are statutorily exempt from regulatory use or any disclosure under the Freedom of Information Act or state Sunshine Laws. However, PCII does not fulfill federal, state and local reporting requirements that may apply to specific organizations.PrivacyDHS embeds privacy protections and provides transparency in all of its cyber activities. DHS uses the Fair Information Practice Principles (FIPPs) to assess and mitigate impacts on an individual's privacy. For more information, visit the DHS Cybersecurity and Privacy web page.TransparencyCooperationTo join CISCP, companies are required to sign a Cooperative Research and Development Agreement (CRADA). Along with governing participation in CISCP, a signed CRADA may permit access to the NCCIC watch floor and allows for company personnel to be eligible for security clearances to view classified threat information.Information SharingShare information bi-directionally._6651e29c-bbca-11e6-a72d-d1d8f7e905871A key aspect of CISCP is bi-directional information sharing: CISCP partners submit indicators of observed cyber threats and information about cyber incidents and identified vulnerabilities to DHS, which DHS then shares with other CISCP partners in an anonymized, aggregated fashion. Upon receiving a submission, CISCP analysts redact any personal or proprietary information and analyze the submission in collaboration with both government and industry partners to produce accurate, relevant, timely and actionable analytical products. Currently, those products take the form of:Indicator Bulletins (IB)Send short, timely bulletins regarding new threats and vulnerabilities. _6651e33c-bbca-11e6-a72d-d1d8f7e905871.1These bulletins are sent several times a week in machine-readable formats. These formats enable faster parsing and analysis, resulting in faster action taken to thwart attacks and remediate vulnerabilities.Analysis Report (AR)Provide a more in-depth analytic product that ties together related threat and intruder activity, describing the activity, how to detect it, defensive measures and remediation advice._6651e3d2-bbca-11e6-a72d-d1d8f7e905871.2Priority Alert (PA)Provide early warning of a single specific threat or vulnerability expected to have significant and far-reaching impact._6651e468-bbca-11e6-a72d-d1d8f7e905871.3Recommended Practices (RP)Provide a method for collaboratively defining and documenting a series of "best practice" recommendations or strategies._6651e51c-bbca-11e6-a72d-d1d8f7e905871.4EventsFacilitate collaboration events with government and industry partners._6651e5c6-bbca-11e6-a72d-d1d8f7e905872As part of CISCP, DHS facilitates collaboration events with government and industry partners, which foster a trusted environment for sharing cyber threat information. These exchanges are unclassified and focus on current threats or recent activity. In addition, the team hosts analyst-to-analyst technical threat exchanges and analyst training events that allow for classified and unclassified briefings.Threat ExchangesHosts analyst-to-analyst technical threat exchanges and analyst training events that allow for classified and unclassified briefings._6651e666-bbca-11e6-a72d-d1d8f7e905872.1Network Security AnalystsTraining EventsHost analyst training events that allow for classified and unclassified briefings._6651e710-bbca-11e6-a72d-d1d8f7e905872.2Network Security Analysts2016-12-06https://www.dhs.gov/ciscpOwenAmburOwen.Ambur@verizon.net