The Obama administration announced the creation of a new executive agency on Tuesday that will cooperate with the private sector along with other agencies and countries to try and disrupt cyber criminals.
“Those who do harm should know that they can be found, and held to account,” said Lisa Monaco, chief counterterrorism advisor to the president.
The announcement is largely a response to the rise in cyber-terrorism activity, such as North Korea’s recent attacks on Sony. Monaco also cited last week’s data breach at Anthem insurance, which contains sensitive information for up to 80 million identities.
The new Cyber Threat Intelligence Integration Center will employ what Monaco said are lessons we have learned in combating other forms of terrorism that need to be applied to the realm of cyber threats – namely coordinating all of the government’s tools to respond at the highest level.
“Currently no single government entity is responsible for producing coordinated cyber-threat assessments ensuring that information is shared rapidly among existing cyber centers and other elements within our government,” she explained. “We need to build up the muscle memory for our cyber-response capabilities, as we have on the terrorism side.”
Monaco said the new entity will not collect new intelligence, but analyze data already collected by other relevant agencies, such as the Department for Homeland Security, to enable it to do its job more effectively.
According to Monaco, 85 percent of the country’s critical infrastructure such as hospitals, banks and water grids are in private sector (.com) hands.
“You are vulnerable if you are hooked up to the internet,” she said.
Therefore the system is designed to work in lockstep with the private sector, and encourages companies that are victims to do the patriotic thing and report the details to DHS, where it can then be passed on to CTIIC — which will use all of the government’s tools and unique capacity to integrate information about threats, and make the best possible assessment.
She claimed that the government will not bottle up intelligence, but will do its utmost to share it, and used the Sony attack as an example.
“Within 24 hours of learning about the Sony Pictures Entertainment attack, the U.S. government pushed out information and malware signatures to the private sector to update their cyber defenses so they could take action,” Monaco said.
Officials said the new agency will begin with a staff of about 50 people and a budget of $35 million.
Monaco made a gentle pitch to Congress, pointing out that cyber security should not be a partisan issue, and asked Congress to pass a budget with funding for it.
Some, however, question the need for a new agency when there are already several that have cyber-operations centers.
“We should not be creating more organizations and bureaucracy,” argued Melissa Hathaway, president of Hathaway Global Strategies and former White House cybersecurity coordinator.
“We need to be forcing the existing organizations to become more effective – hold them accountable,” she said.
Monaco disagrees, and believes that similar defects that could have contributed to the 2001 terrorist attacks, such as a failure to combine analysis from across the government, still exist in the cyber context today.