Become a NCFTA Partner

Initiative-based Models

The NCFTA functions as a conduit between private industry and law enforcement with a core mission to identify criminals or criminal groups responsible for cyber-based threats against US interests. In an effort to streamline intelligence exchange, the NCFTA will often organize SME interaction into threat-specific initiatives. Once a significant online scheme is realized and a stakeholder consensus defined, an initiative is developed wherein the NCFTA manages the collection and sharing of intelligence with the affected parties, industry partners, appropriate law enforcement (as needed), and other SMEs.

The objective of each initiative is to share and develop timely intelligence to an actionable level in order to identify threat actors, mitigate threats, and provide intelligence to law enforcement in order to neutralize threats.

What will the NCFTA provide for participants?

• A physical forum to meet with NCFTA analysts, law enforcement, scholars, and peer firms
• Dedicated staffing including a program manager and analysts, specializing in each initiative
• Quarterly Focus Group meetings for each initiative
• Intelligence feeds built and maintained by the NCFTA
• Monthly initiative “Peer Firm” calls, to include updates on trends, law enforcement efforts and gaps needing attention
• Numerous contacts to help inform and encourage coordination within law enforcement agencies working elements of similar cases
• Generate assessment reports based on the above-generated intelligence, including focused bench marking and success metrics on each initiative

What is expected from participants?

• Active participation at quarterly meetings and on monthly “Peer Firm” calls
• Sharing of intelligence via technology enhanced methods established for each initiative
• Participation in the strategic and technical development of initiatives in which organization has a stakeholder interest

Stakeholder Engagement Options
The primary objectives of this public/private alliance are to:

• Identify, define, and more completely understand the current/most significant cyber-based threats to US interests
• Rapidly build intelligence to the actionable level so that the threat can be:
  • Further located/identified (who all are involved and where they are located)
  • Mitigated through timely enhancement of security practices / procedures
  • Effectively neutralized through:
    • Proactive law enforcement engagement (domestically & internationally)
      −This can/may include both criminal and civil avenues in coordination with appropriate authorities
    • Implementation of interim technology solutions (i.e. null-routing of botnet traffic or similar interdiction action via TLD’s or ICANN)
• Selected relationships with the NCFTA are viewed/evaluated primarily on what an organization brings to the equation (value added–in line with the above objectives)

* If an organization cannot specifically articulate this with credibility – as it relates to NCFTA primary objectives- this engagement may not be appropriate.

Engagement Options

For each level of engagement there is a suggested annual base funding option. There is no pre-established “high” end for each level. Qualifications for different levels are established with a base funding level and further distinguished by both the services/capacity of NCFTA (& SME) resources leveraged, and the in-kind contributions, separate from funding that each organization makes toward the overall goals/objectives listed herein.

1 (Base level)

Previously listed NCFTA assets and:

• Access to NCFTA- SME resource pool (local and via Listserv or Initiative specific tools)
• Access to local and international law enforcement resources (with unique mission to develop and refer actionable threat intelligence for neutralization)
• Opportunity to contribute value added intelligence (including that developed through 3rd parties) through initiative specific tools – contributing to threat identification & neutralization (success attribution as threats are identified/neutralized)
• Output –intelligence back – via initiative specific tools
• Output via quarterly and yearly NCFTA reports.

2 (Mid Level)

• Level 1 +
• Access to cross-initiative intelligence to determine:
  • Correlation to known threat / actors
  • Correlation to known points of origin, i.e., Romanian or Russian based compromises.
  • Correlation to known groups advertising sale of harvested brokerage account credentials or methods of harvesting these credentials.
• Refined proactive research opportunities
  • Also may be further driven / defined via embedded resources (cost enhancements determined separately)
• Credit for up to two conferences/focus group meetings per year

3 (Premier level)

Evaluated based on your organization’s contribution to primary objectives and on enhancing the NCFTA’s ability to credibly deliver capacity in levels 1 and 2 above.

• Level 2+
• Unlimited access to focus groups/training hosted by NCFTA
• Opportunity to hold a Steering Committee Seat for specific initiative
  • A Steering Committee Seat is selected every 12 months by the Full Members.The Steering Committee is compromised of 3-5 members who will set the direction for the initiative for the next 12-month period.
• Access to the Initiative specific Community Portals (TBD)
  • Up to 4 user accounts for portal access

General Contributions:

The NCFTA may also accept general funding/contributions (no established limit) which are intended to enable the NCFTA to further develop core competencies, and to pursue emerging threat research areas which in turn are designed to enhance the NCFTA’s ability to deliver on its primary objectives.

• The specifics of each executed agreement are subject to change / customization based on the evaluated role of the organization in line with NCFTA objectives, consideration of organizational size, and credibility within the cyber SME community.