Homeland Security Watch

News and analysis of critical issues in homeland security

February 11, 2015

The Cyber Threat Intelligence Integration Center

Filed under: Cybersecurity — by Arnold Bogis on February 11, 2015

The Washington Post broke the news about a new government entity focused on cybersecurity.

The Obama administration is establishing a new agency to combat the deepening threat from cyberattacks, and its mission will be to fuse intelligence from around the government when a crisis occurs.

The agency is modeled after the National Counterterrorism Center, which was launched in the wake of the Sept. 11, 2001, attacks amid criticism that the government failed to share intelligence that could have unraveled the al-Qaeda plot.

Some like this concept, while others don’t.

“The cyberthreat is one of the greatest threats we face, and policymakers and operators will benefit from having a rapid source of intelligence,” Lisa Monaco, assistant to the president for homeland security and counterterrorism, said in an interview. “It will help ensure that we have the same integrated, all-tools approach to the cyberthreat that we have developed to combat terrorism.”

“It’s a great idea,” said Richard Clarke, a former White House counterterrorism official. “It’s overdue.”

Others question why a new agency is needed when the government already has several dedicated to monitoring and analyzing cyberthreat data. The Department of Homeland Security, the FBI and the National Security Agency all have cyber-operations centers, and the FBI and the NSA are able to integrate information, noted Melissa Hathaway, a former White House cybersecurity coordinator and president of Hathaway Global Strategies.

“We should not be creating more organizations and bureaucracy,” she said. “We need to be forcing the existing organizations to become more effective — hold them accountable.”

Christian Beckner, this blog’s founder, points out that there are limits to the comparison of this new entity with the NCTC:

My initial reaction to this proposal is one of caution and uncertainty, in large part because of the inherent limits in making an analogy between counterterrorism-related intelligence and cyber threat-related intelligence. While there are some areas of commonality, the following four differences are significant:

[Note: Christian goes into some detail about these difference, which you can read here: http://www.securityinsights.org/2015/02/the-nctc-and-cyber-threat-intelligence-the-limits-of-analogy/]

Given these distinctions between the two domains, it is important that any decision to establish an “NCTC for cybersecurity” needs to be carried out carefully, with the new CTIIC being organized and staffed in a way that adopts the most relevant attributes of NCTC (e.g. its access to all relevant terrorism-related intelligence, and its role in developing and coordinating finished intelligence products for senior policy makers) but also is different in critical ways.

For example, given the role of the private sector in cyber threat analysis, CTIIC may want to consider finding creative ways to integrate private sector and other non-governmental analysts into its activities.

He also wonders whether legislation is needed to properly establish this new center:

One issue left unclear by the announcement yesterday of a new Cyber Threat Intelligence Integration Center (CTIIC) is whether the Administration intends to seek legislation as part of its proposal to establish the Center. The President’s Homeland Security Advisor Lisa Monaco addressed this obliquely in her remarks at the Wilson Center, when she referenced authority that the Director of National Intelligence has in Sec. 102A(f)(2) of the National Security Act, which says that the DNI “may establish such other national intelligence centers as the Director determines necessary,” and indicated that the CTIIC would be established pursuant to this authority.

But that is a weak statutory basis for establishing such a center, especially in comparison with the authorities in law given to the National Counterterrorism Center (NCTC), as codified in Sec. 119 of the National Security Act. NCTC’s statutory language provides it with a clear set of missions and responsibilities, and clarifies its role (at least in part) with respect to its key interagency partners.

Ronald Marks, also writing at the Security Insights blog, is pleased that the government is finally starting to “do something.”

The US Government’s reaction to the insecurity of this vital new frontier has been fragmented along 20th century bureaucratic lines. The FBI, the Department of Homeland Security, NSA, Commerce Department, State Department, the Defense Department have all been drawn into the operational fray. Coordinating out of the White House has been difficult with each player needing to deal with their own interests and constituencies in the law enforcement, military and private sectors. Information needs are massive, yet quite scattered in collection.

 So, before all the bureaucratic sniping begins, and the negative talk of another bureaucracy rings forth, let’s remember that whatever CTIIC turns out to be, at least with regards to sharing and analyzing threats in cyber space, we’ve quit talking and started to do something.

You can watch Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, announce the creation of the CTIIC during a speech at the Wilson Center here or below.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

1 Comment »

Comment by William R. Cumming

February 12, 2015 @ 1:14 pm

A last desperate effort by the Administration IMO to leave some legacy on cyber-security!

Again the notion that 80% of critical infrastructure independent of government a total fiction since I was at the NSC meeting on PD-63 where this guestimate semi-officially adopted.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>