How fusion centers protect the country
COMMENTARY: The centers provide the technology and tools needed to identify threats that lie beyond the walls of the organization.
Following the devastating attacks of September 11, 2001, leaders at all levels of government determined they needed to do a better job of sharing information across government agency boundaries in order to prevent another such occurrence. The thinking went that agencies operating at the federal, state and local levels needed to increase their ability to share information, including with law enforcement, the intelligence community and other civilian and defense agencies. By pulling together agencies with disparate pieces of the puzzle, the government would obtain a much better understanding of the threats the country faced.
Fusion centers - projects that bring together these disparate agencies for exactly that reason - position all of the necessary components and decision makers in a room together for quick collaboration to combat threats. When the concept of fusion centers was established, the concern was specifically preventing future physical attacks against the U.S. Since then, cyberattacks perpetrated by nation-states and other malicious actors have presented an ever increasing threat to our national security, especially in the wake of the Ukraine conflict, where we saw an uptick in critical infrastructure attacks coming from Russia. Fusion centers have been activated to address these threats by combining law enforcement, cybersecurity and physical security under one umbrella.
For that reason, fusion centers have proven successful in the area of election security as well. During the previous election cycle, I worked in the private sector supporting a state government fusion center focused on safeguarding voters by filtering through the noise and closely monitoring any discussion about election threats or targeting on the open web, deep web and dark web. Through the fusion center, the state had the ability to alert law enforcement if there was a potential threat to voting machines or ballots or anything of that nature.
State officials later said the last election was the safest in its history due to the contributions of the fusion center. And given that every year fusion centers make gains in terms of knowledge and intelligence about the methods and techniques of actors looking to disrupt elections or compromise electronic voting systems, our elections are getting more and more secure.
Four components of a successful fusion center
Cybersecurity concerns now transcend traditional IT. With the proliferation of connected operational operational technology devices, the internet of things, IP-based cameras and sensors and other devices (such as voting machines), cybersecurity has become a major concern for critical infrastructure protection and government operations. Because many critical infrastructure operators, particularly those at the state and local levels, often lack the resources and staff to adequately protect their assets, they can benefit from the resources and staff provided by fusion centers.
These organizations often do a good job protecting their internal infrastructure but require tools to help them address threats to assets outside of their perimeters. Fusion centers provide the technology and tools needed to identify threats that lie beyond the walls of the organization.
With that in mind, organizations looking to establish a fusion center should consider four steps for a successful implementation:
- First, determine who should be involved. Pinpoint which agencies will be the most beneficial inside of the fusion center and then identify which individuals from those agencies are going to be detailed to the center and how often those people are rotated through.
- Thoroughly train participants. Fusion center participants can range from intelligence experts to members of local law enforcement.The roles and responsibilities of each participant must be clearly defined. Cross training will be essential, so be prepared to train intelligence workers in cybersecurity and vice versa. All participants at least need to know the basics of each other’s focus areas to enable meaningful conversations with others who are experts in that field. This is often the greatest challenge in establishing a successful fusion center.
- Document your processes. Make sure that the steps for all processes and procedures are documented and cataloged for quick access for clarity around whom to contact in the event of an incident. That way, as new participants are brought into the fusion center, they have the history of what activities have been conducted regarding training, lessons learned, contact information, etc. – all documented in a handbook of sorts.
- Get external help. As noted above, technology exists to identify and protect against threats that lie beyond the traditional boundaries of government agencies. Private sector contractors and consultants and tools are often critical components of successful fusion centers in terms of providing the technology needed to protect citizens from the entire range of threats posed by cyberattacks.
The bottom line is that fusion centers have proven successful beyond the imagination of those who created the concept as a way to address physical security threats. Not only do they address cyber threats as well, they continue to improve with experience and are utilized beyond the federal government – with a growing number of state governments as well as private enterprises such as major financial institutions and manufacturing companies embracing the concept. Fusion centers not only serve as a government success story but a blueprint for how government and industry can work together to stay ahead of our adversaries.