This week, the White House announced that it will create a new office integrating data on cyber threats from various intelligence organizations (CIA, NSA etc.) and distributing this information to other federal agencies. This new Cyber Threat Intelligence Integration Center will be part of the Office of the Director of National Intelligence, which is in charge of coordinating intelligence across the U.S. federal government.
The new agency, modeled after the National Counterterrorism Center, is supposed to employ 50 people and will have an annual budget of $35 million. The fiscal year 2016 budget request by President Barack Obama asked for $16 billion in overall expenditure for cybersecurity; the Pentagon spends around $5 billion on cyber defense and its cyber arsenal per year.
“The threat is becoming more diverse, more sophisticated and more dangerous, and I worry that malicious attacks… will increasingly become the norm unless we adapt quickly and take a comprehensive approach,” stated Lisa Monaco, the White House’s senior advisor for counterterrorism and homeland security, in a speech this Tuesday outlining the rationale behind the creation of a the new office.
She noted that the Sony hack changed everything: “It was a game changer because it wasn’t about profit. It was about a dictator trying to impose censorship and prevent the exercise of free expression.” As a consequence, the White House decided that it needs to step up its efforts to fight such attacks.
“Currently, no single government entity is responsible for producing coordinated cyber threat assessments, ensuring that information is shared rapidly among existing cyber centers … and supporting the work of operators and policymakers with timely intelligence about the latest cyber threats and threat actors. The CTIIC is intended to fill these gaps,” Monaco said.
Some experts, however, are not convinced about the need for a new agency. “I do think it is redundant. You don’t necessarily need a new center,” emphasized one expert, according to Reuters. For example, the National Cybersecurity and Communications Integration Center appears to have a mission similar to that of the new office. A former White House cybersecurity coordinator also called for better cooperation among existing agencies rather than the creation of a new entity: “We need to be forcing the existing organizations to become more effective — hold them accountable.”
There is also concern that the new office will not be efficient without reforms in other parts of the federal government: “If you still are not restructuring agencies to be able to share in an automated fashion, then there’s probably little value to be had out of creating a new organization,” a cyber expert told The Guardian. Privacy advocates have also expressed alarm over the creation of a new institution, which they fear will only expand the reach of the national security state.
Offices and new divisions dealing with different aspects of cybersecurity have mushroomed in the last couple of years within the United States government. In broad terms the Pentagon is protecting military networks, the National Security Agency defends government networks, and the Department of Homeland Security secures U.S. domestic critical information infrastructure.
Private-public partnerships remain at the core of good cybersecurity and the development of cyber defenses as well as offensive cyber capabilities. Tomorrow, President Obama will host a meeting with industry and government leaders at Stanford University in California, Reuters reports. In her speech, Monaco underlined the need for better information sharing between private and public entities: “The federal government won’t leave the private sector to fend for itself. We want this flow of information to go both ways. The private sector has vital information we don’t always get unless they share it with us.”