The White House, on February 10, 2015, announced the creation of a new federal agency, the Cyber Threat and Intelligence Integration Center (“CTIIC” or the “Center”), to combat cyber-threats by coordinating digital intelligence. While there are federal agencies that operate as stand-alone cyber-threat information gathering centers like the U.S. Department of Homeland Security, the National Security Agency and the FBI, there is no unified mechanism for coordinating all the data collected by these agencies, or sharing information rapidly among them. The new Center will bridge this gap by consolidating, analyzing and redistributing the cyber-threat intelligence and threat indicators gathered by these various agencies.
Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, announced the creation of the Center during a keynote address delivered last week at the Wilson Center in Washington, D.C. During her remarks, Ms. Monaco stated that “it has become clear that we can do more as a government to quickly consolidate, analyze and provide assessments on fast-moving cyber-threats or cyber-attacks.” According to Ms. Monaco, the new CTIIC will be modeled after the National Counterterrorism Center, which was established after the September 11, 2001, terrorist attacks to enable federal agencies to more efficiently and effectively share data on terrorist threats.
Ms. Monaco explained the role of the new Center by clarifying that it will not collect any intelligence data or carry out functions already assigned to other agencies. Rather, the Center will analyze and integrate the information already collected under existing authorities, then share it rapidly so that the federal government can respond to cyber-threats in a timely manner.
While momentum has been growing in recent years to craft legislation that would make it faster and easier for companies and the government to respond to cybersecurity threats, Congress has not passed any bills in this regard due to disagreements over the scope of liability protections that should be granted to companies and concerns regarding privacy. President Obama has recently proposed legislation offering immunity from prosecution to companies that provide cybersecurity information (without personal data) in near real-time to the government.