Jump to content

Department of Defense Cyber Crime Center

From Wikipedia, the free encyclopedia

DoD Cyber Crime Center
Agency overview
Formed1998
HeadquartersLinthicum, Maryland
Parent agencyDepartment of Defense
Websitewww.dc3.mil

The Department of Defense Cyber Crime Center (DC3) is designated as a Federal Cyber Center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23,[1] as a Department of Defense (DoD) Center Of Excellence for Digital and Multimedia (D/MM) forensics by DoD Directive 5505.13E,[2] and serves as the operational focal point for the Defense Industrial Base (DIB) Cybersecurity program.[3] DC3 operates as a Field Operating Agency (FOA) under the Inspector General of the Department of the Air Force.[4]

Mission

[edit]

Deliver superior digital and multimedia forensic services, cyber technical training, vulnerability sharing, technical solutions development, and cyber analysis within the following DoD mission areas: cybersecurity and critical infrastructure protection, law enforcement and counterintelligence, document and media exploitation, and counterterrorism.[4][5]

Cyber Forensics Laboratory

[edit]

The Cyber Forensics Laboratory performs Digital and Multimedia (D/MM) forensic examinations, repairs damaged devices and extracts otherwise inaccessible data from them, and provides expert testimony in legal proceedings for DC3 customers. The lab's robust intrusion and malware analysis capability supports law enforcement, counterintelligence, and Defense Industrial Base activities and operations. The CFL also works with the Defense Cyber Operations Panel (which consists of Defense Criminal Investigative Organizations and Military Department Counterintelligence Organizations) to develop requirements and set standards for digital investigations as new technologies emerge and evolve. The CFL is an accredited lab under ISO 17025 by the ANSI National Accreditation Board, and its operations are subject to strict quality control and peer review. The CFL produces results which are valid and reliable, based on conditions and methods which are repeatable.

  • Digital and Multimedia (D/MM) forensic examinations
  • Device Repair
  • Data Extraction
  • Expert Testimony for DC3 Customers

[6][7]

Cyber Training Academy

[edit]

The DoD Cyber Crime Center – Cyber Training Academy has been active since 1998, providing cyber training for Department of Defense (DoD) personnel. Over the years, the academy has played a role in training various defense entities, including Defense Criminal Investigative Organizations (DCIOs), Military Department Counterintelligence Organizations, Cyber Mission Forces (CMFs), Cyber Protection Teams (CPTs), Mission Defense Teams (MDTs), and others within the broader DoD enterprise. "The CTA offers more than 30 unique courses of classroom, online, and Instructor-Led Virtual (ILV) cyber training to both individuals and organizations within the DoD charged with protecting defense information systems from unauthorized use, criminal and fraudulent activities, and foreign intelligence/counterintelligence efforts." —CTA[8]

Technical Solutions Development

[edit]

Technical Solutions Development (TSD) tailors software to the requirements of digital forensic examiners and cyber intrusion analysts. TSD validates digital forensic tools from commercial off-the-shelf, government off-the-shelf, and open-source domains to ensure relevancy and reproducibility as to expected use. In coordination with its cooperative partners, TSD:

  • Leads the way[clarification needed] by proactively identifying, researching and evaluating relevant new technologies, techniques and tools
  • Actively participates in the development of industry standards, including Structured Threat Information eXpression (STIX) and Cyber-investigation Analysis Standard Expression (CASE)
  • Shares in-house-developed tools with federal, state, and local law enforcement partners
  • Maintains the Counterintelligence Tool Repository (CITR), a warehouse of classified and unclassified tools that support digital forensics and counterintelligence needs.[9]

DIB Cybersecurity

[edit]

DoD-Defense Industrial Base Collaborative Information Sharing Environment (DCISE)—DCISE is the operational hub of the Defense Industrial Base (DIB) Cybersecurity Program of the Department of Defense, focused on protecting intellectual property and safeguarding DoD content residing on, or transiting through, contractor unclassified networks. The public-private cybersecurity partnership provides a collaborative environment for crowd-sourced threat sharing at both unclassified and classified levels. DCISE provides cyber resilience analyses for Cleared Defense Contractor (CDC) companies and offers unmatched Cybersecurity-as-a-Service capabilities. DCISE performs cyber threat analysis and diagnostics, offers mitigation and remediation strategies, provides best practices, and conducts analyst-to-analyst exchanges with DIB participants ranging in size from small to enterprise-sized companies.[10]

Operations Enablement

[edit]

Operations Enablement Directorate (OED) The mission and principal focus of the OED is to amplify the effects of DoD-wide law enforcement and counterintelligence (LE/CI) investigations and operations, and by extension, the effects of the U.S. Intelligence Community at large. That charge encompasses:

  1. Conducting expert technical and all-source analysis (resulting in more than 493 products released in FY21) focused on countering foreign intelligence threats to DoD and the U.S. government as a whole
  2. Integrating disparate and emerging technologies to enhance collaboration, interoperability, and the collective capabilities of DoD and Federal LE/CI, cybersecurity, and acquisition communities
  3. Providing focused oversight and integration with the LE/CI and intelligence communities through liaison officers and embeds with:
    • Air Force Life Cycle Management Center (AFLCMC)
    • Army Military Intelligence
    • U.S. Cyber Command
    • Defense Counterintelligence and Security Agency (DCSA)
    • FBI
    • National Cyber Investigative Task Force (NCIJTF)[11]

Vulnerability Disclosure

[edit]

The mission of the DoD VDP is to function as the single focal point for receiving vulnerability reports and interacting with crowd-sourced cybersecurity researchers supporting the DoDIN.1 This improves network defenses and enhances mission assurance by embracing a previously overlooked, yet indispensable, resource: private-sector white hat researchers. In January 2021, the DoD VDP scope was officially expanded from public-facing websites to all publicly accessible information systems throughout the DoD. This broadens the protection for the DoD attack surface and offers a safe harbor for researchers while providing more asset and technology security. The success of the program relies solely on the expertise and support of the security researcher community, and the program's success contributes to the overall security of the DoD.[12]

See also

[edit]

Department of the Air Force

Military Criminal Investigative Organizations

Federal law enforcement

References

[edit]
  1. ^ "DoD Computer Forensics Laboratory and Training Program". defense.gov. Archived from the original on 19 December 2014.
  2. ^ "Archived copy" (PDF). Archived from the original (PDF) on 26 October 2011. Retrieved 30 June 2015.{{cite web}}: CS1 maint: archived copy as title (link)
  3. ^ "32 CFR 236 - DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA) ACTIVITIES". gpo.gov.
  4. ^ a b "About DC3 < Defense Cyber Crime Center (DC3)". Archived from the original on 6 February 2015. Retrieved 29 June 2015.
  5. ^ "Department of Defense Cyber Crime Center (DC3) > About DC3 > DC3 Leadership > Mission and Vision".
  6. ^ "ASCLD/LAB - American Society of Crime Laboratory Directors / Laboratory Accreditation Board". ascld-lab.org.
  7. ^ "CFL Overview". Defense Cyber Crime Center (DC3). Archived from the original on 21 March 2023. Retrieved 11 October 2022.
  8. ^ "CTA Overview". Defense Cyber Crime Center (DC3). Archived from the original on 21 March 2023. Retrieved 11 October 2022.
  9. ^ "TSD Overview". Defense Cyber Crime Center (DC3). Archived from the original on 21 March 2023. Retrieved 11 October 2022.
  10. ^ "DCISE Overview". Defense Cyber Crime Center (DC3). Retrieved 11 October 2022.
  11. ^ "OED Overview". Defense Cyber Crime Center (DC3). Archived from the original on 21 March 2023. Retrieved 11 October 2022.
  12. ^ "VDP Overview". Defense Cyber Crime Center (DC3).