About the NCFTA

Cyber crime today is becoming increasingly complex and international in nature. A domestic cyber breach can quickly change into a convoluted, on-line ID theft or global money laundering matter. To effectively address such crimes, organizations must quickly identify and leverage the most complete intelligence and be capable of following that trail wherever it leads.

The NCFTA, a non-profit corporation, evolved from one of the nation’s first High Tech Task Forces and, since 1997, has established an expansive alliance between subject matter experts (SMEs) in the public and private sectors (more than 500 worldwide) with the goal of addressing complex and often internationally-spawned cyber crimes. These SMEs, from industry, academia and government, each bring specific talents and experiences to the partnership. Through a steady cycling of such cross-sector national and international resources, both embedded at the NCFTA and through initiative-specific intelligence channels, the NCFTA is well positioned to adapt and regularly reinvent itself to better address today’s evolving threat landscape.

Fundamental Acknowledgments:

• Rapid and comprehensive intelligence development is critical in cyber crime matters.
• Cyber threats are not “sector specific”.
• Cyber crime incidents are more NOT likely to be referred to law enforcement in a timely manner.
• Industry stakeholders own the most significant intelligence pertaining to cyber crimes as well as some of the best SMEs to quickly identify and analyze this intelligence.
• Trust and timely two-way communications are vital in establishing, and nurturing effective partnerships with industry and academia.
• Actual or virtual collocation of resources greatly aids in building trust, diffusing barriers and in increasing mutually beneficial resource sharing.

The NCFTA was developed with these fundamental acknowledgments and enlists SMEs from hundreds of stakeholder organizations to share real-time intelligence regarding today’s global cyber threats. This unique collaboration also supports the development of joint proactive strategies to better identity, mitigate and ultimately neutralize that threat. As part of its expanding base of supporters, the NCFTA currently has formal partnership/agreements with more than 40 US private sector organizations and more than 15 US and international law enforcement (LE) or regulatory agencies.

Acknowledgments by GAO and the Obama Administration

In a 2007 report on cyber crime, the Government Accountability Office (GAO) specifically acknowledged the NCFTA as the type of public and private sector partnership necessary to address complex cyber crimes. Similarly, the President’s 2009, 60-day comprehensive “clean-slate” review to assess U.S. cyber-security, cited the NCFTA as an “effective model” that “has a clearly defined institutional mission, well-defined roles and responsibilities for participants, and a clear value proposition that creates incentives for members to participate” while “establishing and maintaining an environment of trust among the members.”

The primary objectives of this public/private alliance are to:

• Identify, mitigate, and neutralize cyber crime threats
• Rapidly build intelligence to the actionable level so that the threat can be:
  • Further located/identified (who all are involved and where they are located)
  • Mitigated through timely enhancement of security practices/procedures
  • Effectively neutralized through:
    • Proactive law enforcement engagement (domestically & internationally)
      − This can/may include both criminal and civil avenues in coordination with appropriate authorities
    • Implementation of interim technology solutions (i.e. null-routing of botnet traffic or similar interdiction action via TLD’s or ICANN)

Selected relationships with the NCFTA are viewed/evaluated primarily on what an organization brings to the equation (value added–in line with the above objectives)

Initiative-based Models

In an effort to streamline intelligence exchange, the NCFTA regularly organizes SME and LE interaction into threat-specific initiatives. Once a significant cyber crime trend is realized and a stakeholder consensus defined, an initiative is developed wherein the NCFTA manages the collection and sharing of intelligence with industry partners, appropriate LE, and other cross-sector SMEs. The objective of each initiative is to develop real-time intelligence to an actionable level in order to identify and mitigate threats, identify threat actors, and provide intelligence to domestic and international LE to neutralize the threats. Through these initiatives, hundreds of criminal (and some civil) investigations have been launched, which otherwise would not have been addressed, with successful prosecutions of more than 300 cyber criminals worldwide. In further support of these initiatives, the NCFTA has produced more than 400 cyber threat intelligence reports over the past three years alone.