President Obama announced this week the formation of the Cyber Threat Intelligence Integration Center (CTIIC), a new federal agency, “tasked with coordinating the response to cybersecurity threats.” (Source: US News and World Report, Feb 10, 2015 by Tom Risen).
According to the USNWR report, “The new agency will report to the Office of the Director of National Intelligence, like the National Counterterrorism Center (“NCTC”) after which it is modeled. The NCTC, formed after the attacks of 2001, is an integration and analysis center built to study terrorism-related intelligence. The new cybersecurity center will apply this same focus by reviewing intelligence collected from entities like the National Security Agency, the FBI and foreign law enforcement agencies, “(Source: USNWR report, citing Lisa Monaco, assistant to the president for homeland security and counterterrorism).
According to Ms. Monaco, “No single government entity is responsible for producing coordinated cyber threat assessments, ensuring that information is shared rapidly among existing cyber centers and other [government] elements, and supporting the work of operators and policymakers with timely intelligence about the latest cyber threats and threat actors…The Cyber Threat Intelligence Integration Center [ ] is intended to fill these gaps, analyzing and integrating information already collected under existing authorities, and [ ] enabl[ing] centers that already perform cyber functions to do their jobs more effectively.” (Source: DoD News, “New Threat Center to Integrate Cyber Intelligence,” by Cheryl Pellerin) (emphasis added).
The formation of the CTIIC is the latest in a string of recent developments at the federal level aimed at acknowledging and addressing cybersecurity threats in the United States. Just last month the Federal Trade Commission released a 55-page report with recommendations for enhancing cybersecurity in the Internet of Things (IoT). And in late December, Congress passed four (4) cybersecurity bills representing the first time that Congress has passed and sent major cybersecurity legislation to the White House in 12 years.
More action at the federal level is likely, even as privately held and public companies alike work on their own volition to develop information security programs designed to identify and defend against cybersecurity threats.