A look inside the Department of Homeland Security's cyberhub

The building where the Department of Homeland Security tracks every cyberattack against the US is surprisingly bland. With its neutral exterior and circular drive, I wasn’t even sure we were at the right place until I saw our press liaison standing in the lobby. There are no signs to distinguish it from the generic office park that surrounds it, and the doorman wouldn’t even confirm if DHS had an office inside.

The National Cybersecurity and Communications Integration Center, better known by the abbreviated NCCIC, opened in 2009 to serve as a place where DHS could monitor cyber threats across government agencies and critical infrastructure, such as power grids and dams. If an attacker ends up on the Department of Agriculture’s network or a government employee surfs to a malicious website, for example, the NCCIC is supposed to detect it. Until recently, the government has relied on its own information gathering, as well as partnerships with outside companies, to monitor its network and stay ahead of digital threats. But now, DHS is restructuring its work because of a law passed this past December as part of a huge omnibus bill: the Cyber Information Sharing Act, or CISA. The legislation focuses the agency on an effort to build out a more comprehensive cyber threat detection system, one that’s fed by information shared with the government by various companies.