On Tuesday, February 10, Lisa Monaco, the Assistant to the President for Homeland Security and Counterterrorism, announced the creation of the Cyber Threat Intelligence Integration Center (CTIIC). The CTIIC will be responsible for analyzing and integrating cyber threat intelligence currently collected by other government agencies and “producing coordinated cyber threat assessments” based on that intelligence. Monaco underscored that the CTIIC “will not collect intelligence” but instead will facilitate a more effective overall government response to cyber threats by ensuring that data is “shared rapidly among existing Cyber Centers and other elements within the government.” In prepared remarks at the Wilson Center in Washington, D.C., Monaco noted that “it has become clear that we can do more as a government to quickly consolidate, analyze, and provide assessments on fast-moving threats or attacks. As President Obama said during the State of the Union last month, we will make ‘sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.’”
In announcing the new center, Monaco highlighted that the White House modeled the CTIIC after the National Counterterrorism Center, which was created in the wake of 9/11 to perform a similar function related to terrorist threats. Monaco noted that the Federal government needs to “develop the same muscle memory in the government response to cyber threats as we have for terrorist incidents.” The CTIIC will function under the auspices of the Director of National Intelligence. The administration recognizes that a key difference between cyber and counterterrorism response is the role of the private sector, which “plays a more central role in spotting and responding to cyber incidents than they do in the counterterrorism realm.”
Monaco stressed that combating the cyber threat requires a “partnership” between the government and private sector involving “daily collaboration to identify and analyze threats, address vulnerabilities and then work together to respond.” She added that the Obama administration has taken distinct steps to share intelligence with the private sector, highlighting that within 24 hours of learning of the Sony hack the government “pushed out information and malware signatures to the private sector to update their cyber defenses.” The administration wants such “flow of information to go both ways” and recognized that “to truly safeguard Americans online and enhance the security of what has become a vast cyber ecosystem, we are going to have to work lock-step with the private sector.”
Companies from various industries have shown reluctance to share threat intelligence with the government due to several concerns, including potential regulatory action or civil liability based on shared information. Recent cybersecurity legislative proposals related to information sharing, including the Cyber Threat Intelligence Sharing Act introduced this week in the Senate, have included broad liability protections related to private sector information sharing efforts with the government. While the administration has identified information sharing liability protection as a priority, legislative efforts on the issue have yet to gain broad traction in Congress.