Using Fusion Centers to Improve Situational Awareness

By James Robinson ·

I have been having many discussions lately around the concept of threat intelligence fusion centers. If you haven’t heard of a fusion center, it is an idea originally created by the government to promote information sharing between federal agencies, the military, and state and local governments. According to the National Fusion Center Association, the goals of a fusion center are to integrate information and intelligence in order to enhance public safety; encourage effective, efficient, ethical, lawful, and professional intelligence and information sharing; and prevent and reduce the harmful effects of crime and terrorism on victims, individuals, and communities.

Over the past few years, fusion centers have been largely focused on cybersecurity, gathering collaborative intelligence to gain a higher level of situational awareness to prepare for and respond to threats. This is a tool mostly used by the public sector, but can also be valuable for private sector entities. Fusion centers can help organizations improve situational awareness by driving information sharing across different departments – to enable organizations to better recognize and analyze trends.

The way to build a threat intelligence fusion center is to have different business units (marketing, IT, legal, etc.) work together in the same physical location in order to easily share information and collaborate on events. Let’s look at a practical example of how a fusion center could discover a threat to an organization. Say that the marketing team recognizes a large amount of activity from a user downloading collateral and spending a lot of time on the pages. At the same time the IT team has identified a disabled user trying to infiltrate the organization’s internal network. And, what both of these groups don’t know is that the legal team is currently in litigation with a former employee accused of stealing intellectual property. On their own, each group recognizes this activity, but doesn’t have the holistic picture that these events are all related. A fusion center aims to recognize these trends so the company can put actions can be put in place to protect the organization.

When dealing with threats, context is key and the fusion center model focuses on bringing context to events that impact an organization. I have seen many DoD contractors and financial institutions use this concept. I think that it is beneficial for all industries and could be a useful new approach to managing threats and enabling collaborative response within your organization.

James Robinson

Vice President, Third-Party Risk Management

As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation.