The U.S. government announced in February the establishment of a new Cyber Threat Intelligence Integration Center (CTIIC) to analyze all cyberthreats for U.S. policymakers, including foreign cyberthreats and threats against U.S. interests.
According to a spokesperson from the U.S. government, this new center is necessary because there is a need for a single government agency to provide coordinated cyberthreat intelligence assessments and share information in a timely manner in the face of spiraling cybersecurity incidents and breaches, including a number of very large and high-profile breaches in recent months.
What Will the Cyber Threat Intelligence Integration Center Do?
The CTIIC will work alongside the National Cybersecurity and Communications Integration Center (NCCIC), the National Cyber Investigative Joint Task Force (NCIJTF) and U.S. Cyber Command to form an integrated capability for protecting the country from cyberthreats. These intelligence centers were established as a result of the Intelligence Reform and Terrorism Prevention Act of 2004.
The CTIIC has been established to help find, research and mitigate threats. However, it is not an operational center and is not authorized to collect intelligence or conduct intelligence operations, direct investigations, manage incident response efforts or directly engage with private entities. Instead, it will support the NCCIC in its network defense and incident response activities; the NCIJTF in coordinating, integrating and sharing information related to cyberthreat investigations within the United States; and the U.S. Cyber Command in defending the country from significant cyberattacks. The CTIIC will support these centers and other federal departments and agencies by providing the necessary intelligence to undertake their activities.
The CTIIC is also expected to form part of the interagency Cyber Response Group, to support the National Security Council and to work with all agencies and departments that are charged with cybersecurity functions within the U.S. government.
Some criticism has been levied at the U.S. government, questioning whether the new center is necessary, since many government departments are charged with cybersecurity. However, the government has countered these concerns by saying that rather than overlapping with existing agencies, the CTIIC fills a current gap by providing the ability to rapidly communicate mission-critical intelligence to other agencies. In order to do this, it is tasked with overseeing the development of intelligence-sharing capabilities among federal agencies, including systems and standards, and integrating intelligence from other agencies, including the CIA and the National Security Agency.
According to The Wall Street Journal, the creation of the Cyber Threat Intelligence Integration Center acknowledges that past efforts to tackle cyberthreats were not altogether successful. It claims recent breaches have exposed significant gaps in the way information is shared and have forced the U.S. government to take additional steps to close those gaps. It is also necessary to have one central group that can determine which information can be shared with the private sector so that the government can warn both private companies and the public about possible incidents and attacks.