Obama Administration Proposes Centralized Threat Intelligence Center
The Obama administration is spearheading the creation of a cybersecurity center that monitors security threats and identifies the risk level to systems.
The Cyber Threat Intelligence Integration Center (CTIC) will be a central point for analyzing and distributing information about security threats, bringing together information from cybersecurity offices within the National Security Agency, Department of Homeland Security, the FBI and the CIA, said Lisa Monaco, assistant to the president for homeland security and counterterrorism, in remarks made today at the Wilson Center, a government think tank based in Washington, D.C.
The proposed Cyber Threat Intelligence Integration Center will fall under the Office of the Director of National Intelligence. Its role will be to consolidate, analyze and provide assessments on fast-moving threats and cyberattacks, Monaco said. The center would distribute threat intelligence information to help federal agencies to mitigate threats as they arise, Monaco said. Over time it would also exchange information with the private sector, Monaco said.
"We are at a transformational moment in the evolution of the cyberthreat," Monaco said. "The actions we take today and those we fail to take will determine whether cyberspace remains a great national asset or increasingly becomes a strategic liability."
The frequency, scale, sophistication and severity of threats have risen significantly in recent years, requiring a more systematic approach to threat intelligence sharing, Monaco said. The range of cyberthreat actors, methods of attack, targeted systems and victims are expanding at an unprecedented clip, she said. The pace of cyberintrusions also has risen substantially, increasing five times since 2009, Monaco said.
"The threat is becoming more diverse, more sophisticated and more dangerous," Monaco said.
The new center would support already established federal cyber centers, including the Defense Cyber Center, the Intelligence Community Security Coordination Center, and other intelligence collection and dissemination centers within the U.S. government.
The structural, organizational and cultural shifts made at the federal level to address terrorism should be applied to cyberthreats, Monaco said. Threat information needs to be shared more broadly, and responses to threats as they arise need to be better coordinated, she said.
A spate of high-profile data breaches over the last year, from Home Depot, JPMorgan Chase to Target, Sony Pictures, and the U.S. Postal Service, has made cybersecurity a significant issue at the federal level. In his sixth State of the Union Address, President Obama made cybersecurity one of his key priorities. The White House is advocating for legislation to promote threat intelligence sharing between public- and private-sector organizations and create federal data breach notification rules that would impact every state.
Solution providers said the threat intelligence center is a positive step to pull together threat intelligence from various sources, but warned that an additional layer of bureaucracy could slow the dissemination of information, not speed it up. Anything that can be done to solve threats more rapidly is a positive step, said Stephen Harrison, director of sales at the EverSec Group.
"I get worried about the public potentially becoming numb to these breaches and threats," Harrison said. "I wouldn't want business owners to become lazy and not be proactive in trying to stop these kinds of attacks."
Solution providers also are increasingly working with the federal government to support private-sector threat response. The Obama Administration also is promoting the NIST Cybersecurity Framework, a set of voluntary minimum security guidelines and best practices that were created under the Presidential Executive Order on Cybersecurity. The goal, according to Monaco, is to raise the costs for bad threat actors and deter them from carrying out attacks, enhance international cooperation and encourage the creation of more resilient networks.
"We need durable, long-term solutions codified in law that bolster the nation's cyberdefenses," Monaco said. "This is not, and should not be, a partisan issue."
The increasing number of data breaches may be associated with the better tools on the market to detect a system compromise, said John Wondolowski, CTO of Mill Valley, Calif.-based Chouinard & Myhre. Investment dollars are shifting in the private sector to support security improvements, Wondolowski told CRN.
"It's no doubt become a priority at every level," Wondolowski said. "The pool of data about threats and vulnerabilities is increasing every day, and our ability to use that data in a proactive way is also rising significantly."
PUBLISHED FEB. 10, 2015