New cyber agency modeled on counterterrorism center

The Obama administration’s new agency for fusing cyber-threat information is modeled after the National Counterterrorism Center, which was established after the Sept. 11, 2001, attacks to "connect the dots" on terror threats. The new cyber center -- which is being announced today -- is meant to give federal agencies a clearer view of cyber-threat patterns after a series of damaging attacks on public- and private-sector entities in recent months.

"We are at at a transformational moment in the evolution of the cyber threat," Lisa Monaco, assistant to the president for homeland security and counterterrorism, said in remarks at the Woodrow Wilson Center in Washington, D.C., on Feb. 10. Citing attacks such as those on the U.S. Postal Service and U.S. Central Command, she asserted that "the actions we take today, and those we fail to take, will determine whether cyberspace will remain a great national asset or increasingly becomes a strategic liability."

The Cyber Threat Intelligence Integration Center is intended to "connect the dots between various cyber threats to the nation so that relevant departments and agencies are aware of these threats in as close to real time as possible," an administration official said in a statement.

The CTIIC will likely be housed at the Office of the Director of National Intelligence, with an initial interagency staff of about 50, the administration official said. President Barack Obama's fiscal 2016 budget proposal calls for $35 million for the center, the official added.

The CTIIC will provide "all-source analysis of foreign cyber threats; ensure that the U.S. government centers responsible for cybersecurity and network defense have access to the intelligence needed to perform their missions; and facilitate and support efforts by the government to counter foreign cyber threats," the official's statement continued.

To facilitate this flow of information, the center will work to downgrade cyber-threat intelligence to "the lowest possible classification level," the statement said. "No existing agency has the responsibility for performing these functions, so we need these gaps to be filled to help the federal government meet its responsibilities in cybersecurity."

Though the CTIIC is intended to fill a void in federal cybersecurity policy, the center's functions bear some similarity to those of the Department of Homeland Security's National Cybersecurity and Communications Integration Center. NCCIC, a 24/7 hub that shares threat information with law enforcement, intelligence agencies and the private sector, has been a linchpin of the administration's efforts to make information sharing more effective. Obama will reportedly announce fresh executive action on Feb. 13 to encourage information sharing between NCCIC and the private sector.

A DHS spokesman declined to comment on how NCCIC would interface with the new cyber threat center.

Chris Cummiskey, who until November was DHS's acting undersecretary for management, said the new cyber center could help provide the White House something that has heretofore been elusive: a coordinated view of various cyber "threat streams" across government. Cummiskey nonetheless said his first reaction to the news of the CTIIC's establishment was that its prescribed functions sounded quite a bit like NCCIC’s. It will be important, he added, for administration officials to clearly delineate inter-agency coordination on cybersecurity to prevent bureaucracy from getting in the way of good policy.

For federal cybersecurity policy, "the issue of roles and responsibilities continues to be a sticking point," Cummiskey said.

Another former DHS official, Rob Zitz, is less concerned about potential overlap, saying the new cyber-threat center does not represent a "duplication of efforts" in federal cybersecurity policy.

NCCIC "isn't perfectly positioned to have access to all the most sensitive intelligence that others in the [federal government] might hold," Zitz, who was deputy undersecretary of preparedness at DHS from 2006 to 2007 and is now senior vice president and chief systems architect at Leidos, wrote in an email. "This new organization can integrate the sensitive intelligence data and work hand-in-glove with NCCIC."