Coinciding with Obama having made cybersecurity a priority for the government – his Fiscal Year 2016 budget proposal calls for $14 billion to shore up the government’s ability to deal with threats to federal and private systems — Lisa Monaco, assistant to the president for homeland security and counterterrorism, announced Tuesday the administration will stand up a new Cyber Threat Intelligence Integration Center (CTIIC) “under the auspices of the Office of the Director of National Intelligence (ODNI).”
“Currently, Monaco pointed out, “no single government entity is responsible for producing coordinated cyber threat assessments, ensuring that the information is shared rapidly among existing cyber centers and other elements within our government, and supporting the work of operators and policymakers with timely intelligence about the latest cyber threats and threat actors.”
“The CTIIC is intended to fill these gaps,” Monaco said. “In thisvein, CTIIC will serve a similar function, for cyber, as the National Counterterrorism Center does for terrorism, [by] integrating intelligence about cyber threats, providing all-source analysis to policymakers and operators, and supporting the work of existing federal cyber centers, network defenders, law enforcement communities.”
Continuing, Monaco stressed that, “The CTIIC will … not … collect … intelligence.” Rather “it will analyze and integrate information already collected under existing authorities, nor will the CTIIC perform functions already assigned to other centers. It’s intended to enable them to do their jobs more effectively, and, as a result, make the federal government more effective as a whole in responding to cyber threats.”
"We need to sync up our intelligence with our operations," Monaco said, adding that, "Since I began this job two years ago, I can tell you an increasing amount of the bad news I share is unfortunately … cyber threats.”
She said, "We are at a transformational moment" in dealing with cyber threats. "Our prosperity and security depend upon the Internet being secure against threats."
“The administration’s updated proposal promotes better cybersecurity information sharing between the private sector and government, and it enhances collaboration and information sharing amongst the private sector,” a White House statement said. “Specifically, the proposal encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), which will then share it in as close to real-time as practicable with relevant federal agencies and with private sector-developed and operated Information Sharing and Analysis Organizations (ISAOs) by providing targeted liability protection for companies that share information with these entities.”
Continuing, the White House said its proposed “legislation also encourages the formation of these private-sector led Information Sharing and Analysis Organizations [and] would also safeguard Americans’ personal privacy by requiring private entities to comply with certain privacy restrictions such as removing unnecessary personal information and taking measures to protect any personal information that must be shared in order to qualify for liability protection.”
Additionally, “The proposal further requires the Department of Homeland Security and the Attorney General, in consultation with the Privacy and Civil Liberties Oversight Board and others, to develop receipt, retention, use and disclosure guidelines for the federal government.”
“Finally, the administration intends this proposal to complement and not to limit existing effective relationships between government and the private sector,” the White House statement said, noting that, “These existing relationships between law enforcement and other federal agencies are critical to the cybersecurity mission.”
NTIIC will be established by presidential memorandum under authority from a 2004 intelligence law. The administration is expected to use existing funds in the Fiscal Year 2015 budget and will request another $35 million in the 2016 budget proposal for the agency.
Cyber experts weigh in
Dr. Mike Lloyd, CTO of RedSeal, a security analytics company, said, “The idea of a cyber-intelligence hub is a good and timely one. Modern cybersecurity still has a lot to learn from traditional military strategists, including the central role of a ‘war room’ – a single location where complex flows of data about the fight can be centralized, filtered, compared, mapped out and acted upon. This is the main way to cut through the fog of war. At RedSeal, we recommend all organizations should follow this model for their cyber defenses – combine sensor data with an accurate map of the cyber environment, so that decision makers can visually understand the situation. This also makes sense as a national strategy.”
But Lance Cottrell, chief scientist at the cybersecurity firm Ntrepid, said, “The Cyber Threat Intelligence Integration center must be very carefully crafted for it to have a real effect on cyber security for American businesses. Right now the responsibility for cyber security is distributed between the National Security Agency (NSA), CIA, FBI and Department of Homeland Security, among others. When we see five different organizations with overlapping and conflicting responsibility for an issue, we often respond bysaying that there should be one new organization which can take control and coordinate the others. The unfortunate reality is that you often then have six different organizations with overlapping and conflicting responsibilities. This new organization has quite a challenge before it.”
“Information sharing is important, and many organizations, both public and private, already exist to support the exchange of confidential threat information. The reality is that most of the big hacks we are seeing succeed using well known techniques. The situation would be improved much more if companies seriously addressed the basic blocking and tackling tasks of cyber security,” Cottrell said, adding, “Software will always have flaws and humans will always click on things they should not. Security requires that we start designing our systems and networks to be robust even in the face of this kind of inevitable vulnerability. Attacks must be quickly detected, contained, and eliminated. A properly designed security system ensures that even if a browser is hacked, or a bad link is clicked, the damage will be minimal. Encryption, anomaly detection, and application virtualization are critical components in next generation security designs.”
“The creation of the CTIIC seems like a move in the right direction,” said Josh Cannell, malware intelligence analyst at Malwarebytes Labs. “The government already has a lot of intelligence gathering through various departments and agencies, and having a place to put it all together makes sense.”
“The important thing here is having the CTIIC work closely with public businesses and law enforcement, so it can be a vital tool in stopping data breaches and other forms of cybercrime,” Cannell explained. “The government has a lot of manpower through agencies like the NSA to focus on protecting their own internal networks, so having something for everyone else needs to be a goal for the CTIIC.”
Michele Borovac, VP at HyTrust, a cloud control company, said, “The creation of the CTIIC is an important and necessary move. Attackers are getting smarter, and breaches are increasing in frequency, damage and cost. Bringing disparate organizations together is critical so that information can be shared more easily among ‘the good guys.’”
He said CTIIC will only “be successful if it can tap the brains of leading cybersecurity experts, as well as those leading companies and government organizations to reduce the knowledge gap between them. As a nation, we must absorb the knowledge and commit the necessary resources to defend against these new threats.”
Photo: Lisa Monaco briefs President Obama. Photo: Pete Souza.