Cyberattacks threaten national security by undermining information-dependent critical infrastructure. The Department of Homeland Security (DHS) identified 16 critical infrastructure sectors designated in the Presidential Policy Directive (PPD-21) - Critical Infrastructure Security and Resilience. Subsequently, the DHS Science and Technology Directorate’s (S&T) Cyber Security Division (CSD) and the financial services sector identified three major challenges:

• Adversaries are infiltrating our systems and networks without our knowledge,
• The sectors’ understanding of the cyber situation is inaccurate, incomplete, or only achieved forensically and after the infiltration has occurred, and
• Network owners/operators lack strong ways to respond and mitigate the impact of adversaries on our systems while still allowing for the sector to maintain adequate operating capacity.

Apex NGCI Program

The Next Generation Cyber Infrastructure (NGCI) Apex program addresses these challenges by providing the financial services sector with the technologies and tools to confront advanced adversaries when they attack U.S. cyber systems and networks.

NGCI will concentrate on delivering capabilities identified by the financial sector to address five primary functional gaps:

• Dynamic Defense: Changing external and internal network layouts are harder for adversaries to probe, breach and exploit, thereby increasing the economic costs for a potential attacker.
• Network Characterization: Provide real-time understanding of a network, including the internal communication patterns of connected assets, to enable immediate anomaly detection and rapid response to cyber incidents.
• Malware Detection: Deliver improved ability to detect and prevent the execution of malware in all formats and to predict the likely evolution of malware code.
• Software Assurance: Decrease false positive rates and accelerating the analytic timeline to increase the likelihood of finding software defects in complex software code.
• Insider Threat: Deliver the capability to detect data exfiltration below the network level; predict and model potential insider threats.

Customer and Stakeholder Engagement

• Conducted in collaboration with the U.S. Department of Treasury, the initial phase evaluates tools that can help the financial services sector defend itself from threats.
• Working with sector chief information security officers, NGCI has established the Cyber Apex Review Team (CART) to define prioritized requirements, plan and execute test and evaluation activities, and carry out the most appropriate methods of technology deployment and transition.

For more information about the Apex NGCI program, please refer to the FAQ page or email: CyberApex@hq.dhs.gov.