DoD-Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE)
DCISE Resources

DC3 DCISE Service Offerings

DC3 DCISE provides a range of Cybersecurity-as-a-Service (CaaS) capabilities to support DIB Partners
  • DCISE3: automated threat detection, scoring, and blocking solution with integration of DCISE threat intelligence
  • DIB-Vulnerability Disclosure Program: utilizes independent white hat hackers to help you discover vulnerabilities on your publicly facing infrastructure
  • DC3 ENSITE: Delivers real-time threat intelligence and AI/ML-powered detection through a centralized dashboard, enabling partners to inspect traffic and strengthen enterprise awareness

DC3 DCISE Events

DC3 DCISE facilitates a number of events throughout the year. If you have issues registering for an event, email DC3.DCISE@us.af.mil and our team can help.
 
  • Partner Familiarization Event: Introductory meeting between DC3 DCISE and newly onboarded DIB Partners. Discussions include DCISE and Partner Points of Contact (POCs) as well as a high-level overview of offerings, and submitting incident reports.
     
  • A2A: DIB Partner-driven and may address APT TTPs, technology targeting, and current threat reporting.
     
  • B2B: Introduction to DCISE products and services to DIB POCs and their corporate leadership in addition to highlighting the positive business impact of network security.
     
  • DC3 TechEx: Bi-annual meetings between DIB Partners and USG stakeholders to share best practices, threat briefs, lessons learned, tools, and other industry insights at classified and unclassified levels.
     
  • RPEX: Provides an opportunity for local DIB Partners within the same geographic region to have a TechEx experience on a smaller scale. DCISE Leadership and analysts provide a tailored threat brief covering the current threat landscape, specific APT trends, and threat actor TTPs. Partners have the opportunity to network, discuss topics of concern, present briefs, chair panels and collaborate.
     
  • DCISE F.I.R.E.: One day technology-supported table top exercise event led by DCISE (in-person or remote) for DIB Partners participants to test their skills in a variety of topics (e.g., incident response, intrusion detection) while earning CPEs for certs.
     
  • DIB Webinar: DCISE provides a platform for DIB Partners and DCISE analysts to engage in Unclassified, detailed discussions on adversary techniques and trends. These sessions aren’t limited to just technical topics; they also cover a broad spectrum of issues relevant to the DIB, led by various experts from DCISE. In addition, DCISE runs a recurring series of introductory web conferences called “Partner Essentials” to help Partners stay informed and prepared.

DC3 DCISE Analytics Division (AD) Products

DC3 DCISE produces products ranging from indicator-based to strategic cyber threat analyses
  • DC3 DCISE Threat Reporting:
    • ​TIP: Derived from USG reporting; includes relevant Indicators of Compromise (IOCs) to DIB/CDCs and narrative context
    • CRF Rollup/Supplement:
      • ​​CRF Rollup – Derived from DIB reporting; includes relevant IOCs to DIB/CDCs and narrative context
      • CRF Supplement – Produced when additional amplifying data becomes available after initially reported in CRF Rollup (i.e. malware samples)
  • CTAR: In-depth risk analysis product detailing adversarial cyber targeting of US DoW technology/ platforms/systems
  • TAR: In-depth analysis of cyber threat actors’ TTPs against DIB targets
  • DC3 DCISE Notifications:
    • ​Alerts, Warnings, Advisories, TIPPERs
    • Vehicles to notify DIB Partners of varying levels of cyber threats (critical through situational)
  • DC3 DCISE Informational Reporting:
    • WIR: Roundup of DCISE IOCs released in DCISE products for the given week
    • Slick Sheets (on varying topics)

Mandatory vs Voluntary Reporting

Mandatory

  • DFARS 252.204-7012 – Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting
  • Cyber incident that affects: 
    • CDI and/or the systems it resides on, or
    • Ability to provide operationally critical support

Voluntary

  • Helps DIB with situational awareness and indicator sharing
  • Crowdsourcing threat information
  • Types of events vary
  • No impact to DoW information

malware and Forensic Analysis

  • DC3 DCISE is your point of contact for submitting malware and/or other relevant files to the DC3 Cyber Forensics Laboratory (CFL) for a quick triage or an in-depth examination 
  • Can be submitted as part of a Voluntary or Mandatory ICF submission

Program Policy Related Resources

Common Acronyms

  • Advanced Persistent Threat (APT)
  • Analyst-to-Analyst (A2A)
  • Business-to-Business (B2B)
  • Customer Response Form (CRF)
  • Cybersecurity (CS)
  • Cyber Targeting Analysis Report (CTAR)
  • DoD Cyber Crime Center (DC3)
  • DoD-DIB Collaborative Information Sharing Environment (DCISE)
  • DCISE Facilitated Incident Response Exercise (F.I.R.E.)
  • Defense Industrial Base (DIB)
  • Electronic Malware Submission (EMS)
  • Incident Collection Format (ICF)
  • Mandatory Incident Report (MIR)
  • Partner Familiarization Event (PFE)
  • Point of Contact (POC)
  • Public Key Infrastructure (PKI)
  • Request for Information (RFI)
  • Regional Partner Exchange (RPEX)
  • Threat Activity Report (TAR)
  • Technical Exchange (TechEx)
  • Threat Information Product (TIP)
  • Tactics, Techniques, and Procedures (TTPs)
  • Weekly Indicator Round-Up (WIR)

FAQ'S

DCISE Resources FAQ+
How do I become a POC?+

To become a POC, send an email to DC3.DCISE@us.af.mil and include your name, email address, and phone number.

POCs are required to have the following:

Can I follow DC3/DCISE on social media?+

X (formerly Twitter): https://twitter.com/DC3DCISE
LinkedIn: https://www.linkedin.com/company/defense-cyber-crime-center/

How do I submit a Mandatory Report/Voluntary Report?+

All Mandatory/Voluntary Reports can be submitted through the Incident Collection Format. You may also call the DCISE Hotline to report an incident (410) 981-0104.

I am departing my company and I am the only POC listed. What should I do?+

Please keep DC3/DCISE updated on all personnel moves. If there is a POC change within your company, please email DC3.DCISE@us.af.mil with a listing of who will be the new designated POC for your company.

Contact Information

DC3.DCISE@us.af.mil
DCISE Hotline (410) 981-0104
 

Ways to Submit to DC3 CFL

  • Traditional Mail
  • DC3 Electronic Malware Submission (EMS) Portal (https://ems.dc3on.gov/)
    • Application Programming Interface (API) available to upload malware and retrieve analysis results
    • Email service account available for fast upload of suspicious email
Please do not email malware to anyone at DC3 DCISE

DC3 DCISE Videos

Watch the DIB Tech Talk Interview Series for an in-depth overview of DC3's cybersecurity mission and initiatives

Malware and Forensic Analysis

  • DCISE is your point of contact for submitting malware and/or other relevant files to the DC3 Cyber Forensics Laboratory (CFL) for a quick triage or an in-depth examination
  • Can be submitted as part of a Voluntary or Mandatory ICF submission

Automated Malware Response (AMR)

  • The DC3 Electronic Malware Submission (EMS) portal provides an option for Automated Malware Response (AMR). This capability provides:
    • A quick, automated analysis of your submitted malware, phishing emails, email attachments,
      or other suspicious files
    • Results ready in less than 15 minutes
    • Results that include antivirus engine checks, file attributes, notable strings, YARA signature
      matches, and more



Need additional help or have an unanswered question?
Reach out today! Our team is standing by to assist you:
DCISE Inbox: DC3.DCISE@us.af.mil
DCISE Hotline: 410-981-0104