The White House: go-ahead to US Cyber Threat Intelligence Integration Center
One of the reasons that the US has been slow to respond to attacks is because its security agencies don’t talk to each other. This lack of communication may make the FBI, CIA etc look very butch. The Obama administration is establishing a new agency to combat the deepening threat from cyberattacks, and its mission will be to fuse intelligence from around the government when a crisis occurs.
This is why the White House established a new agency that’s designed to remedy the problem. The agency is modeled after the National Counterterrorism Center, which was launched in the wake of the Sept. 11, 2001, attacks amid criticism that the government failed to share intelligence that could have unraveled the al-Qaeda plot.
The US Cyber Threat Intelligence Integration Center (see below) has been given the official go-ahead, and will sit between the FBI, NSA and CIA, amongst others, collating that data and offering a cohesive policy to fight off digital attacks. Others question why a new agency is needed when the government already has several dedicated to monitoring and analyzing cyberthreat data.
- U.S. and U.K. launch cyber “war games” to shore up their respective defenses
- The Role of Cyber Defence to Protect and Sustain EU Economy
- NATO to concentrate cyber services in The Hague
- WHITE HOUSE Releases Cybersecurity Guide
- White House Announces Voluntary Cybersecurity Framework
The Department of Homeland Security, the FBI and the National Security Agency all have cyber-operations centers, and the FBI and the NSA are able to integrate information, noted Melissa Hathaway, a former White House cybersecurity coordinator and president of Hathaway Global Strategies. “We should not be creating more organizations and bureaucracy,” she said. “We need to be forcing the existing organizations to become more effective — hold them accountable.”
The CTIIC will be responsible for is informing both lawmakers and US businesses of impending threats and advise upon solutions and will begin with a staff of about 50 and a budget of $35 million.
In his 2016 budget, Obama proposed spending $14 billion to combat online threats.
Presidential Memorandum — Establishment of the Cyber Threat Intelligence Integration Center
MEMORANDUM FOR THE SECRETARY OF STATE
THE SECRETARY OF DEFENSE
THE SECRETARY OF THE TREASURY
THE SECRETARY OF COMMERCE
THE ATTORNEY GENERAL
THE SECRETARY OF HOMELAND SECURITY
THE DIRECTOR OF NATIONAL INTELLIGENCE
THE CHAIRMAN OF THE JOINT CHIEFS OF STAFF
THE DIRECTOR OF THE CENTRAL INTELLIGENCE AGENCY
THE DIRECTOR OF THE FEDERAL BUREAU OF INVESTIGATION
THE DIRECTOR OF THE NATIONAL SECURITY AGENCY
SUBJECT: Establishment of the Cyber Threat Intelligence Integration Center
By the authority vested in me as President by the Constitution and the laws of the United States of America, I hereby direct as follows:
Section 1. Establishment of the Cyber Threat Intelligence Integration Center. The Director of National Intelligence (DNI) shall establish a Cyber Threat Intelligence Integration Center (CTIIC). Executive departments and agencies (agencies) shall support the DNI’s efforts to establish the CTIIC, including by providing, as appropriate, personnel and resources needed for the CTIIC to reach full operating capability by the end of fiscal year 2016.
Section 2. Responsibilities of the Cyber Threat Intelligence Integration Center. The CTIIC shall:
- provide integrated all-source analysis of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests;
- support the National Cybersecurity and Communications Integration Center, the National Cyber Investigative Joint Task Force, U.S. Cyber Command, and other relevant United States Government entities by providing access to intelligence necessary to carry out their respective missions;
- oversee the development and implementation of intelligence sharing capabilities (including systems, programs, policies, and standards) to enhance shared situational awareness of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests among the organizations referenced in subsection (b) of this section;
- ensure that indicators of malicious cyber activity and, as appropriate, related threat reporting contained in intelligence channels are downgraded to the lowest classification possible for distribution to both United States Government and U.S. private sector entities through the mechanism described in section 4 of Executive Order 13636 of February 12, 2013 (Improving Critical Infrastructure Cybersecurity); and
- facilitate and support interagency efforts to develop and implement coordinated plans to counter foreign cyber threats to U.S. national interests using all instruments of national power, including diplomatic, economic, military, intelligence, homeland security, and law enforcement activities.
Section 3. Implementation.
- Agencies shall provide the CTIIC with all intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests, subject to applicable law and policy. The CTIIC shall access, assess, use, retain, and disseminate such information, in a manner that protects privacy and civil liberties and is consistent with applicable law, Executive Orders, Presidential directives, and guidelines, such as guidelines established under section 102A(b) of the National Security Act of 1947, as amended, Executive Order 12333 of December 4, 1981 (United States Intelligence Activities), as amended, and Presidential Policy Directive-28; and that is consistent with the need to protect sources and methods.
- Within 90 days of the date of this memorandum, the DNI, in consultation with the Secretary of State, the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, the Director of the Central Intelligence Agency, the Director of the Federal Bureau of Investigation, and the Director of the National Security Agency shall provide a status report to the Director of the Office of Management and Budget and the Assistant to the President for Homeland Security and Counterterrorism on the establishment of the CTIIC. This report shall further refine the CTIIC’s mission, roles, and responsibilities, consistent with this memorandum, ensuring that those roles and responsibilities are appropriately aligned with other Presidential policies as well as existing policy coordination mechanisms.
Section 4. Privacy and Civil Liberties Protections. Agencies providing information to the CTIIC shall ensure that privacy and civil liberties protections are provided in the course of implementing this memorandum. Such protections shall be based upon the Fair Information Practice Principles or other privacy and civil liberties policies, principles, and frameworks as they apply to each agency’s activities.
Section 5. General Provisions.
- Nothing in this memorandum shall be construed to impair or otherwise affect:
(i) the authority granted by law to an executive department, agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
- This memorandum shall be implemented consistent with applicable law and subject to the availability of appropriations.
- This memorandum is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
- The DNI is hereby authorized and directed to publish this memorandum in the Federal Register.
signed: BARACK OBAMA
SOURCE: White House