Cyber Threat Intelligence Integration Center: will CTIIC be a game changer?

Is America's new Cyber Threat Intelligence Integration Center a step forward? Or a duplication of the National Cybersecurity and Communications Integration Center at DHS?

Is America’s new Cyber Threat Intelligence Integration Center a step forward? Or a duplication of the National Cybersecurity and Communications Integration Center at DHS?

In announcing America’s new Cyber Threat Intelligence Integration Center, Lisa Monaco, the White House’s top aide for counter-terrorism and homeland security said yesterday: “The threat is becoming more diverse, more sophisticated and more dangerous, and I worry that malicious attacks…will increasingly become the norm unless we adapt quickly and take a comprehensive approach.”

Yesterday, Monaco talked about the role of this new agency: to rapidly pool and disseminate data on cyberbreaches. Ironically, the mission of this new Cyber Threat Intelligence Integration Center (CTIIC) sounds a lot like this:

“a 24×7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement.”

Where’s the irony? The above mission statement belongs to NCCIC, the National Cybersecurity and Communications Integration Center, and that entity already exists, within the Department of Homeland Security. And that is where the above photo was taken, less than a month ago.

So what’s wrong with NCCIC? Monaco called the destructive cyber attack on Sony Pictures “a game changer”. Is the hope that this new agency will do better than NCCIC and change the game in our favor and stem the tide of cyber attacks? In what ways could NCCIC or other agencies have done more to prevent or contain the Sony Pictures breach? How about the breaches of JPMorgan Chase and Anthem? Frankly, many security experts think the entities that could have done the most to prevent/contain those breaches were the companies themselves (for example, if the leaked Sony auditors’ report is anything to go by, Sony — which has been hacked numerous times over the past 10 years — was not yet up to code).

What clearly is different about CTIIC is that reports to the Director of National intelligence, a role created in the wake of the 9/11 terrorist attacks. That is in keeping with the stated rationale for the CTIIC, which goes like this: the current cyber threat scenario resembles the post-9/11 situation in which failure to share intelligence between agencies was seen as contributing to the failure to prevent the attacks. That led to the National Counterterrorism Center (NCTC) being established within the Office of Director of National Intelligence (ODNI). And now we need something similar to counter cyber threats.

Of course, some people have argued that better cooperation between agencies would have solved the 9/11 problem without adding a new agency. And the NCTC has been criticized on several fronts, firstly for a slow start, then for a variety of issues, like getting too big, discussed here. That may be why Monaco has already stressed that the new CTIIC will be a small operation. And it may remain so. Indeed, it may be just what the intelligence community needs to get cyber threat data flowing and advance the private sector threat and incident information sharing that is a centerpiece of the President’s cyber-initiative.

Naturally, the push for more data sharing between government and the private sector has many privacy advocates watching this space very closely, particularly as there is talk of proposed legislation giving immunity to commercial entities that violate the privacy of individuals during the sharing process. Yet the idea that the sharing circle will now include ODNI is going to alarm some people, given the broad remit of the NCTC which allows “databases of U.S. civilian information to be given to foreign governments for analysis of their own. In effect, U.S. and foreign governments would be using the information to look for clues that people might commit future crimes” (WSJ, 12/13/12).

From my perspective, a larger concern is the assumption that merely having more intelligence faster will stop people attempting to commit cybercrime. Where is the evidence for that assumption? I fear that, unless the primary goal of all these new cyber initiatives is to identify bad actors more swiftly and sanction them with greater precision and immediacy, we’re not going to deter the kind of attacks that apparently gave birth to this new agency.

I recently spoke to Ben Johnson at Marketplace on NPR about this new CTIIC agency. I expressed hope that CTIIC will succeed in its stated mission, but again urged that we pursue a policy of stronger and swifter deterrence.


[Correction: The lady in red in the above photo is not in fact Ms. Monaco as we earlier stated. As an eagle-eyed reader pointed out, that is Phyllis Schneck, Deputy Under Secretary for Cybersecurity and Communications for the National Protection and Programs Directorate (NPPD). She is the chief cybersecurity official for the Department of Homeland Security (DHS). Our sincere apologies for the earlier erroneous identification. The above official White House Photo was taken on January 13, 2015 by Pete Souza and is public domain.]

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center