The Obama administration has announced its intention to create a new fusion center to bring together all sources of intelligence and law enforcement information to combat cyber intrusions. The new center will be known as the Cyber Threat Intelligence Integration Center (or CTIIC).
What would this new center do?
The mission of CTIIC will be to fuse intelligence from around the government when a cyber crisis occurs. As with counterterrorism, the concern is that existing agencies (principally the National Security Agency, Central Intelligence Agency, Department of Defense, Department of Homeland Security, Federal Bureau of Investigation and Department of Justice) with cyber-capabilities are not sufficiently coordinating their activities and sharing information.
The new center is modeled after the National Counterterrorism Center (NCTC), which was launched in the wake of the Sept. 11, 2001, attacks amid criticism that the government failed to share intelligence that could have unraveled the al-Qaeda plot. Much the same criticism has arisen in recent weeks with respect to cyberattacks, especially in the wake of the North Korean hack of Sony Pictures.
How does the CTIIC fit in with existing agencies and organizations? Do we really need more bureaucracy?
The CTIIC will have a coordinating role, without operational responsibility. Its mission will be to insure that all of the available data on a particular threat stream is collected in a single place and fused together for a comprehensive analysis. Our experience in the counterterrorism field suggests that in the absence of such a coordinating body individual agencies are reluctant and/or unable to effectively work together. The additional layer of bureaucracy may prove cumbersome and ineffective or it may prove useful and successful – only time will tell.
How serious are cybersecurity threats?
With the recent news of big name companies like Sony, JP Morgan Chase, Home Depot and Target’s data being breached, the effectiveness of the private sector’s information security comes into question. According to FBI Director James Comey “there are two kinds of big companies in the United States. There are those who’ve been hacked… and those who don’t know they’ve been hacked.”
A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual $8.6 million per company in 2014. For financial services, technology, and communications industries the cost of successful cyberattacks increased by an annual average of $20.8 million, $14.5 million and $12.7 million respectively.
The administration is comparing this to the National Counterterrorism Center. Has that center been successful? How should this new agency imitate the center and how should it be different?
The NCTC is generally viewed as a success story in post-9/11 government operations. By creating a physical and virtual space where all agencies with counterterrorism responsibility come to share information, coordinate activity and collate data for analysis, the NCTC has improved our cross-agency approach to counterterrorism significantly. No system is perfect, but the NCTC has reduced gaps between agency activities and enhanced intelligence information sharing. It is a good model for CTIIC to follow.
The CTIIC will be housed in the Office of the Director of National Intelligence (ODNI). Is that the right place for it?
Probably. The ODNI was created for the overall purpose of coordinating national intelligence collection and analysis. It lacks any operational mandate of its own. So long as the CTIIC follows that same model and limits its role to coordination and analysis then the ODNI is probably as appropriate a place as any in government for this new center to be housed. It will be able to take advantage of synergies from coordination with the NCTC more readily and, probably, also able to benefit from the existing NCTC/ODNI infrastructure that has been developed since 9/11.