Q: What is the goal of the NGCI Apex program?
A: The United States critical infrastructure sectors have an immediate need for technologies that can adequately detect, defend, protect, restore, and respond, to sophisticated cyber threats. The Next Generation Cyber Infrastructure (NGCI) Apex program will identify, test, evaluate and deploy cutting-edge technologies to deter cyberattacks against the financial sector. The program will concentrate on delivering capabilities identified by the financial sector to address five primary functional gaps - See main page.

Q: What is the timeline of the NGCI Apex program?
A: During the first three years, the NGCI Apex program will be aligned to the current DHS Strategic Plan and will focus on the deployment and transition of advanced technologies to the financial services sector (FSS). In follow-on phases, the tools developed for the FSS can be adapted to other critical infrastructure sectors across the U.S.

Q: Who are the stakeholders involved with the NGCI Apex program?
A: Stakeholders include; The Department of Homeland Security's (DHS) Science and Technology Directorate (S&T), Cybersecurity Division (CSD), Homeland Security Systems Engineering and Development Institute (HSSEDI), U.S. Department of the Treasury, the Financial Services Sector, the OTA Contractor and private technology vendors.

Q: What is an Other Transaction Authority (OTA)?
A: OTA is an acquisition method authorized under Title 10 USC § 2371. Its use is authorized to accelerate the prototyping and deployment of technologies that address Homeland Security vulnerabilities. OTA also provides a great deal of flexibility and offers the advantage of expeditious obligation of funds.

Q: How can vendors join the consortium?
A: Technology vendors may join the consortium by contacting the OTA Contractor for membership. The OTA contractor will provide subcontract management support allowing vendors to join the consortium as determined by the needs of the end-user.

Q: How does a financial institution become a member of the Cyber Apex Review Team (CART)?
A: Any financial services organization can request to join the CART by contacting the DHS S&T CSD program management office (PMO).

Q: How often does the CART convene?
A: The CART normally meets on a monthly basis, but meeting intervals are occasionally adjusted to accommodate scheduling conflicts and other priorities.

Q: Where are CART meetings held?
A: The meeting locations alternate between Washington D.C. and the financial district in New York City.

Q: Will the NGCI Apex program be duplicated or applied to other critical infrastructures?
A: Currently, the goal of the NGCI Apex program is to reduce the vulnerability gaps in the financial industry’s critical infrastructure. The ultimate plan is for the program to expand and provide benefits to other critical infrastructure institutions opting to implement the technologies developed under NGCI Apex.

Q: Why is DHS spearheading this program?
A: DHS is the Federal Government’s lead agency for coordinating the protection, prevention, mitigation, and recovery from cyber incidents. DHS, in coordination with other government agencies, was mandated to establish a voluntary program to support the adoption of the NIST Cybersecurity Framework by owners and operators of the nation’s 16 critical infrastructure sectors, including private sector firms and other entities alike. DHS S&T is also a trusted entity to the finance sector, having completed several R&D projects with no regulatory role.

Q: How will the technologies be transitioned under the NGCI Apex program?
A: The NGCI Apex program will use a range of proven methodologies to transition technologies from development into practice or commercial use:

1. Managed Security Services Providers (MSSPs). The Finance Sector has numerous trusted MSSPs. Cyber Apex developed and tested technologies will be licensed to financial sector MSSPs to ensure long term sustainment and maintenance.
2. Entrepreneurial and Investment Partners. Using the Transition to Practice (TTP) model, technologies that are not transitioned to a MSSP can be made available to investment partners for licensing, startup creation, or other opportunities.
3. Financial Institution internally operated. Some technologies may be sensitive enough that the financial sector will not want them exposed, and therefore absorb the operational cost of retaining them.
4. Open Source. Technologies that do not fit into the three categories above may be made available through open source channels.