21 July 2004

This morning Cryptome received a telephone call from a woman claiming to be a representative of the Department of Homeland Security's National Infrastructure Coordination Center (NICC).  

DHS says this of NICC:

The NICC, comprised of industry representatives from key companies, Information Sharing Advisory Committees (ISAC), and industry groups within each sector will be launched in May 2004 to support the Homeland Security Operations Center. These sector experts will work both within their areas of expertise and across sectors to maintain constant situational awareness of the status of the critical infrastructure. The NICC will provide a centralized mechanism for sharing information with the ISACs and the private sector in response to an event or crisis. The ISACs will also be expanded to ensure that one exists for all 13 critical infrastructure sectors and key segments within each sector.

She asked about two recent Cryptome reports on threats to the Democratic National Convention in Boston and the person who wrote them, James Atkinson:



Cryptome suggested she call Mr. Atkinson for comment, that his contact information was given with the reports.

We asked if she had already contact Mr. Atkinson. She said no, that she wanted to talk first to Cryptome about why the reports were published on Cryptome rather than sent to DHS. We said it was done to give the information to the public, to make up for whatever is given to government and withheld from the public.

The woman said the purpose of NICC was to provide information about homeland security to government, industry and the public. That information on Cryptome was useful for that and she appreciated it.

She asked what Cryptome is and does, what kind of organization it is. We said it is not an organization, only a web site. We explained it was a source of information on national security, intelligence, homeland security and other public information on government operation.

We asked what NICC intended to do about the articles and our conversation. She said she could not reveal that, that her task was to gather information and pass it to DHS, that all public statements must come from the DHS public affairs office.

We asked her to repeat her name and telephone number -- she gave her name at the start of the call but it was not noted -- so they could be published as part of a report on the call. That we did this whenever an official called about Cryptome offerings to help understand how government works. She said she could not give her name again if it was going to be published. She said to call the Watch Captain at 202-282-8000.

We asked if she was a public official or a contractor. She said she could not answer that.

We asked for the name and telephone number of her supervisor. She said her "government supervisor" was named D'Arcy Morgan, telephone 202-282-9201, and that he would be in this afternoon.

We called the Watch Captain and got DHS. We asked for confirmation of the first woman's legitimacy. The second woman asked her name. We said she wouldn't give it to us. The second woman said how can I confirm who she is if I don't have a name. We said that's our problem, too. We asked for the Watch Captain, and was transferred to a number. A man's message said he was out of the office.

We called D'Arcy Morgan, described the call and asked for confirmation of the first woman's role at NICC. He asked for her name. We said we didn't have it. We told Mr. Morgan the purpose of the first woman's call. He said he knew about it. We asked if the first woman was a government employee or contractor. He asked why do you need that. We said to publish a report. He said what kind of report. We said a report on the calls by the woman and our call to him.

We asked if he was a government employee or contractor so it could be put in our report. He said I cannot answer that, that the NICC was part of the DHS. We said we understood that NICC was a private group working with DHS, and wanted to know if he and the first woman were private or government employees. He said he would check and get back to me on whether he could tell us that.

The last call occurred about 1:10 PM EST.

21 July 2004

A reader provides:

The 282-8000 number you mention goes to DHS, and it is their main number:

U.S. Department of Homeland Security
Domestic Terrorism Watch Officer
Washington, DC 20528


The other number (282-9201) given, also goes to Homeland Security

U.S. Department of Homeland Security
Industry Liaison Desk
245 Murray Lane, SW, Building 410
Washington, DC 20528-0001
(202) 282-9201 or (202) 282-9202.

See also these documents:

Source: http://www.esisac.com/publicdocs/NICC%20Watch%20Office%20Info.doc

Dear Customer,

Recently, the former National Infrastructure Protection Center (NIPC) was fully integrated into the Information Analysis and Infrastructure Protection Directorate of the Department of Homeland Security (DHS). As such, the responsibilities of fulfilling the mission of physical and cyber critical infrastructure assessment and protection of the former NIPC are now being addressed by two new divisions.

As a key component of the Infrastructure Coordination Division (ICD), the National Infrastructure Coordinating Center (NICC), serving as an extension of the Homeland Security Operations Center, provides the mission and capabilities to assess the operational status of the nation's Critical Infrastructures and Key Resources, supports information sharing with the Information Sharing and Analysis Centers (ISACs) and the owners and operators of critical infrastructure facilities, and facilitates information sharing across and between the individual sectors. Please email or call the NICC at the new contact information provided below for information, and to report issues of a physical nature that may affect or have an impact on our Nation's Critical Infrastructures and Key Resources.

E-mail: nicc@dhs.gov
Phone: 202-282-9201, 9202, and 9203
Fax: 703-607-4998

IMPORTANT NOTE: As of April 2, 2004, the NICC will no longer be receiving e-mail at nipc.watch@fbi.gov and phone calls at 202-323-3205. Please ensure you have updated your address and phone lists with the new NICC contact information provided above.

As part of the National Cyber Security Division, the United States Computer Emergency Readiness Team (US-CERT), a partnership between the DHS National Cyber Security Division (NCSD) and the private sector, has been established to protect our Nation's Internet infrastructure.

Please visit www.us-cert.gov for information, and to report issues that may affect or have an impact on our Nation's Internet infrastructure.

The DHS looks forward to serving you, our customers, with our continued mission of protecting the Nation from terrorism. Please visit our Web site at www.dhs.gov for more information.

Thank you,

D'Arcy Morgan, Director
National Infrastructure Coordinating Center
Department of Homeland Security

More by D'Arcy Morgan:


Source: https://www.ditco.disa.mil/public/discms/IASSURE/00250_00.doc

[Excerpt from Order for Supplies and Services.]

2. Order Title: Support to DHS/HSOC.

3. Background:

3.2.1 DHS Under Secretary for Information Analysis and Infrastructure Protection ( IAIP). The mission of DHS IAIP is to identify and assess current and future threats to the homeland, map those threats against vulnerabilities, issue timely warnings and take preventive and protective action. Two key areas of support include Intelligence Analysis and Alerts and Critical Infrastructure Protection. The goal of the Intelligence Analysis and Alerts function is to produce actionable intelligence, i.e., information that can lead to stopping or apprehending terrorists, improve the government's ability to disrupt and prevent terrorist acts, and to provide useful warning to the private sector and our population. IAIP fuses and analyzes information from multiple sources pertaining to terrorist threats and partners with intelligence-generating agencies, such as the National Security Agency, the CIA and the FBI. DHS threat analysis and warning functions support the President and other national decision-makers. It coordinates with Federal, State, and local agencies and with the private sector. The Critical Infrastructure Protection function deals with protecting the nation's critical infrastructure in a shared responsibility of Federal, State, and local government, in active partnership with the private sector, which owns approximately 85 percent of the nation's critical infrastructure. IAIP has the responsibility of coordinating the national effort to secure the nation's infrastructure and providing the primary Federal contact for coordinating protection activities, including vulnerability assessments, strategic planning efforts, and exercises.

3.2.2 DHS Homeland Security Operations Center (HSOC). The DHS HSOC is an integrated watch function staffed 24x7 by senior analysts from DHS components and partner agencies including command and special staff, Emergency Preparedness & Response (EP&R), Science & Technology (S&T), Border & Transportation Security (BTS), and Information Analysis & Infrastructure Protection (IAIP). This structure allows the HSOC to maintain continuous domestic situational awareness, direct, coordinate and monitor DHS operations, conduct information analysis and threat monitoring to detect, prevent, and deter terrorist incidents, and manage response to critical threats and incidents.

6. Specific Tasks: [Oct 30, 2003] HSOC Action Officer Desks and Subject Matter Experts. The contractor shall continue to supply technical, analytical, and liaison support services expert [previously included in paragraph 4 of this SOW] for the 24 x 7 DHS HSOC Production Action Officer (AO) function, the 24 x 7 HSOC Tracking AO function, and the 8 x 5 Law Enforcement (LE) Fusion subject matter expert (SME). Production and Tracker AO's will use the Subject Matter Expert (SME) 1 labor category, and the LE Fusion SME will use labor category SME 2. AO's and the SME shall be provided for 12 months of effort. All work will be performed at the Nebraska Avenue site in Washington, DC.

a. 24 x 7 HSOC Production AO role. The HSOC production AO prepares the daily intelligence briefings for the DHS Secretary, the White House Situation Room, and DHS/IAIP Under Secretary; prepares secure video teleconferences with other collaborative agencies; supports and attends the daily Secretary's Morning Brief (SMB) Editor's Briefing; researches articles for inclusion in the brief(s); collects and reviews incoming operational reports from component agencies for items to include in the SMB; integrates responses to the Secretary's questions and ensures timely distribution of production products.

b. 24 x 7 HSOC Tracker AO role. The HSOC Tracker AO provides direct support to the Senior Watch Officer (SWO) within the Homeland Security Operations Center (HSOC) Watch. The Tracker AO maintains situational awareness of all events being monitored by the HSOC Watch; monitors inbound traffic for events/issues that should be "tracked" by DHS. On a daily basis the Tracker requests the various DHS desk officers for counter-terrorist investigative research and analysis, coordinates the exchange of information with the major intelligence agencies, (e.g. CIA, DIA, Army Intelligence, Office of Naval Intelligence, Air Force Office of Special Investigations (AFOSI)), and interfaces with counter-terrorist centers in the White House, Central Intelligence Agency (CIA),Federal Bureau of Investigation (FBI), Joint Terrorism Task Force (JTTF), Terrorist Threat Integration Center (TTIC), Department of State (DoS), and Department of Defense (DoD) on a 24/7 basis.

c. 8x 5 Law Enforcement (LE) Fusion role. The LE Fusion Officer provides a liaison between Intel/Analytical and Law Enforcement cells to guide character and depth of informational inquiries in direct support of counter-terrorist activities for DHS. Specific activities include providing the interface between HSOC Special Events Committee and FBI, Special Events Management Unit, to develop standard operational procedures for DHS/FBI fusion of counter-terrorism (CT) efforts at designated US National Security Special Events, e.g., World Cup Games, G-8 Summit, National Political Conventions, etc. The LE Fusion Officer develops and organizes the HSOC State-by-State initiative which involves developing baselines by which unusual activity can be measured for upcoming special events; and advises on multi-agency law enforcement taskings for follow up investigation of potential terrorist activity.

7. Place of Performance:

Work performed under this task order will be performed at the Government sites, located at the headquarters for the Department of Homeland Security, Nebraska Avenue, Washington D.C.

10. Security:

a. Clearances.

For the period of performance covered by this SOW, the contractor must provide personnel cleared at the Top Secret Sensitive Compartmented Information (SCI) level. Personnel must be SCI-indoctrinated prior to working at the Washington D.C. DHS site. The contractor shall coordinate such cases with the government prior to assigning new personnel to this task.