DCISE Resources

DC3 DCISE Service Offerings

DC3 DCISE offers many Cybersecurity-as-a-Service (CaaS) products at no cost to DIB CS Partners:
  • Cyber Resilience Analysis (CRA): evaluates processes and practices across 10-security domains that provides insight into an organization’s operational resilience and ability to manage cyber attacks
  • DCISE3: deploys instantly and delivers enterprise-grade threat identification and real-time monitoring of your network
  • DIB VDP: utilizes independent white hat hackers to help you discover vulnerabilities on your publicly facing infrastructure
  • Adversary Emulation (AE): conducts penetration testing, which includes network mapping, vulnerability scanning, phishing assessments, and web application testing. Adversary Emulation merges technical, process, and policy issues into a single, actionable framework

DIBNet Portal

DIBNet-U Portal: https://dibnet.dod.mil/ 
The DIBNet-U Portal is DoD’s gateway for defense contractor cyber incident reporting and participation in the DoD-DIB CS Program. The DIBNet-U Portal’s splash page is home to various DC3/DCISE offerings. 

Navigate to the DIBNet-U splash page to learn more about:
  • The Cyber Threat Roundup (CTR): a collection of recent open-source articles of interest for the DIB
  • DCISE-Recommended Top Five Cybersecurity Practices for small and medium companies
  • DIB-Reported Cyber Threats

DIBNet User Types

DIBNet User Types (Company Representative, Technical POC, or Regular User):
Value of being the Company Representative:
  • Responsible for nominating additional DIBNet users
  • Responsible for keeping Company POC up to date
  • Primary POC for DIB Communications
Value of being a Technical POC:
  • Receives ALL DCISE encrypted communications, including Participant Reports
  • Real-time awareness of DIB-reported activity
DIBNet Regular User:
  • Access to DIBNet including:
    • Reporting
    • Forums
    • Presentation Slides
  • Time-sensitive Alerts & Warnings
  • Designated to share cyber activity via ICF with DCISE
  • Invitations to DCISE-led events

DC3 DCISE Events

DC3 DCISE facilitates a number of events throughout the year. Registration for events is done through the Customer Portal (https://customerportal.dc3.mil). If you have issues registering for an event, email DC3.DCISE@us.af.mil and our team can help.
 
  • Partner Familiarization Event: Introductory meeting between DC3 DCISE and newly onboarded DIB CS Program Partners. Meeting discussions include the role of DC3 DCISE and Partnership member participation, overview of offerings available, and cyber activity/incident reporting guidance.
     
  • DC3 TechEx: Bi-annual meetings between DIB Partners and USG stakeholders to share best practices,
    lessons learned, tools, and other industry insights.
     
  • RPEX: Provides an opportunity for local DIB Partners within the same geographic region to have a TechEx experience on a smaller scale. DC3 DCISE Leadership and analysts provide a tailored threat brief covering the current threat landscape, specific APT trends, and threat actor TTPs. Partners have the opportunity to network, discuss topics of concern, present briefs, chair panels and collaborate.
     
  • DCISE F.I.R.E.: One day SANS-supported event led by DCISE (in-person or remote) for DIB CS Program
    participants to test their skills at a variety of topics while earing CPEs for certs.
     
  • A2A: DIB Partner-driven and may address APT TTPs, technology targeting, and current threat reporting.
     
  • B2B: Introduction to DCISE products and services to DIB POCs and their corporate leadership in addition to highlighting the positive business impact of network security and participation in the DIB CS Program.
     
  • DIB Web Conference/DIB Teleconference: Enable DIB Partners and DCISE analysts to have unclassified, granular and technical discussions on adversary techniques and trends. DCISE schedules a recurring series of introductory web conferences called “Partner Essentials.” Partner Essentials web conferences are tailored to assist new Partners, new Partner POCs, and others to fully acclimate to the DIB CS Program. In addition, DCISE provides the Partnership with video presentations that are hosted online for training purposes. These offerings may or may not be monitored and offer the flexibility to view the latest educational recordings that DCISE has to offer.

DC3 DCISE Analytics Division (AD) Products

DC3 DCISE produces products ranging from indicator-based to strategic cyber threat analyses
  • DC3 DCISE Threat Reporting:
    • ​TIP: Derived from USG reporting; includes relevant Indicators of Compromise (IOCs) to DIB/CDCs
      and narrative context
    • CRF Rollup/Supplement:
      • ​​CRF Rollup – Derived from DIB reporting; includes relevant IOCs to DIB/CDCs and narrative context
      • CRF Supplement – Produced when additional amplifying data becomes available after initially reported in CRF Rollup (i.e. malware samples)
  • CTAR: In-depth risk analysis product detailing adversarial cyber targeting of US DoD technology/ platforms/systems
  • TAR: In-depth analysis of cyber threat actors’ TTPs against DIB targets
  • DC3 DCISE Notifications:
    • ​Alerts, Warnings, Advisories, TIPPERs
    • Vehicles to notify DIB Partners of varying levels of cyber threats (critical through situational)
  • DC3 DCISE Informational Reporting:
    • WIR: Roundup of DCISE IOCs released in DCISE products for the given week
    • Cyber Threat Round-Up: Compilation of relevant cyber news articles, posted to DIBNET splash page
    • Slick Sheets (on varying topics)

Mandatory vs Voluntary Reporting

Mandatory

  • DFARS 252.204-7012 – Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting
  • Cyber incident that affects: 
    • CDI and/or the systems it resides on, or
    • Ability to provide operationally critical support

Voluntary

  • Helps DIB with situational awareness and indicator sharing
  • Crowdsourcing threat information
  • Types of events vary
  • No impact to DoD information

malware and Forensic Analysis

  • DC3 DCISE is your point of contact for submitting malware and/or other relevant files to the DC3 Cyber Forensics Laboratory (CFL) for a quick triage or an in-depth examination - for free
  • Can be submitted as part of a Voluntary or Mandatory ICF submission

Program Related Resources

Common Acronyms

  • Advanced Persistent Threat (APT)
  • Analyst-to-Analyst (A2A)
  • Business-to-Business (B2B)
  • Cyber Resilience Analysis (CRA)
  • Customer Response Form (CRF)
  • Cybersecurity (CS)
  • Cyber Targeting Analysis Report (CTAR)
  • DoD Cyber Crime Center (DC3)
  • DoD-DIB Collaborative Information Sharing Environment (DCISE)
  • Defense Industrial Base (DIB)
  • Electronic Malware Submission (EMS)
  • Government-to-Government (G2G)
  • Incident Collection Format (ICF)
  • Mandatory Incident Report (MIR)
  • Partner Familiarization Event (PFE)
  • Point of Contact (POC)
  • Policy and Operations Working Group (POWG)
  • Public Key Infrastructure (PKI)
  • Regional Partner Exchange (RPEX)
  • Request for Information (RFI)
  • Threat Activity Report (TAR)
  • Threat Information Product (TIP)
  • Tactics, Techniques, and Procedures (TTP)
  • Technical Exchange (TechEx)
  • Technology and Architecture Working Group (TAWG)
  • Virtual Industry-Based Partner Exchange (VIPEX)
  • Weekly Indicator Round-Up (WIR)

FAQs

Contact Information

DC3.DCISE@us.af.mil
DCISE Hotline (410) 981-0104
DIB CS Program Management Office:
OSD.DIBCSIA@mail.mil

Ways to Submit to DC3 CFL

  • Traditional Mail
  • DC3 Electronic Malware Submission (EMS) Portal (https://ems.dc3on.gov/)
    • Can also be accessed directly through DIBNet-U
  • DoD SAFE (Secure Access File Exchange) https://safe.apps.mil
  • Please do not email malware to anyone at DC3/DCISE

DIB CS Program & DC3/DCISE Videos

Watch the DIB Tech Talk Interview Series for an in-depth overview of the DoD’s DIB CS Program & DC3:

Malware and Forensic Analysis

  • DCISE is your point of contact for submitting malware and/or other relevant files to the DC3 Cyber Forensics Laboratory (CFL) for a quick triage or an in-depth examination - for free
  • Can be submitted as part of a Voluntary or Mandatory ICF submission

Automated Malware Response (AMR)

  • The DC3 Electronic Malware Submission (EMS) portal provides an option for Automated Malware Response (AMR). This capability provides:
  • Completes a quick, automated analysis of your submitted malware, phishing emails, email attachments, or other suspicious files
  • Results ready in less than 15 minutes
  • Results include antivirus engine checks, file attributes, notable strings, YARA signature matches, and more



Need additional help or have an unanswered question?
Reach out today! Our team is standing by to assist you:
DCISE Inbox: DC3.DCISE@us.af.mil
DCISE Hotline: 410-981-0104