New cyber agency modeled on counterterrorism center

Shutterstock image: the White House.

The Obama administration’s new agency for fusing cyber-threat information is modeled after the National Counterterrorism Center, which was established after the Sept. 11, 2001, attacks to "connect the dots" on terror threats. The new cyber center -- which is being announced today -- is meant to give federal agencies a clearer view of cyber-threat patterns after a series of damaging attacks on public- and private-sector entities in recent months.

"We are at at a transformational moment in the evolution of the cyber threat," Lisa Monaco, assistant to the president for homeland security and counterterrorism, said in remarks at the Woodrow Wilson Center in Washington, D.C., on Feb. 10. Citing attacks such as those on the U.S. Postal Service and U.S. Central Command, she asserted that "the actions we take today, and those we fail to take, will determine whether cyberspace will remain a great national asset or increasingly becomes a strategic liability."

The Cyber Threat Intelligence Integration Center is intended to "connect the dots between various cyber threats to the nation so that relevant departments and agencies are aware of these threats in as close to real time as possible," an administration official said in a statement.

The CTIIC will likely be housed at the Office of the Director of National Intelligence, with an initial interagency staff of about 50, the administration official said. President Barack Obama's fiscal 2016 budget proposal calls for $35 million for the center, the official added.

The CTIIC will provide "all-source analysis of foreign cyber threats; ensure that the U.S. government centers responsible for cybersecurity and network defense have access to the intelligence needed to perform their missions; and facilitate and support efforts by the government to counter foreign cyber threats," the official's statement continued.

To facilitate this flow of information, the center will work to downgrade cyber-threat intelligence to "the lowest possible classification level," the statement said. "No existing agency has the responsibility for performing these functions, so we need these gaps to be filled to help the federal government meet its responsibilities in cybersecurity."

Though the CTIIC is intended to fill a void in federal cybersecurity policy, the center's functions bear some similarity to those of the Department of Homeland Security's National Cybersecurity and Communications Integration Center. NCCIC, a 24/7 hub that shares threat information with law enforcement, intelligence agencies and the private sector, has been a linchpin of the administration's efforts to make information sharing more effective. Obama will reportedly announce fresh executive action on Feb. 13 to encourage information sharing between NCCIC and the private sector.

A DHS spokesman declined to comment on how NCCIC would interface with the new cyber threat center.

Chris Cummiskey, who until November was DHS's acting undersecretary for management, said the new cyber center could help provide the White House something that has heretofore been elusive: a coordinated view of various cyber "threat streams" across government. Cummiskey nonetheless said his first reaction to the news of the CTIIC's establishment was that its prescribed functions sounded quite a bit like NCCIC’s. It will be important, he added, for administration officials to clearly delineate inter-agency coordination on cybersecurity to prevent bureaucracy from getting in the way of good policy.

For federal cybersecurity policy, "the issue of roles and responsibilities continues to be a sticking point," Cummiskey said.

Another former DHS official, Rob Zitz, is less concerned about potential overlap, saying the new cyber-threat center does not represent a "duplication of efforts" in federal cybersecurity policy.

NCCIC "isn't perfectly positioned to have access to all the most sensitive intelligence that others in the [federal government] might hold," Zitz, who was deputy undersecretary of preparedness at DHS from 2006 to 2007 and is now senior vice president and chief systems architect at Leidos, wrote in an email. "This new organization can integrate the sensitive intelligence data and work hand-in-glove with NCCIC."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.