The Obama administration is establishing a new agency to combat the deepening threat from cyberattacks, and its mission will be to fuse intelligence from around the government when a crisis occurs.
The agency is modeled after the National Counterterrorism Center, which was launched in the wake of the Sept. 11, 2001, attacks amid criticism that the government failed to share intelligence that could have unraveled the al-Qaeda plot.
Over the past several years, a series of significant cyber-incidents has affected U.S. companies and government networks, increasing the profile of the threat for policymakers and industries. Disruptions, linked to Iran, of major bank Web sites, a Russian intrusion into the White House’s unclassified computer network and the North Korean hack of Sony Pictures have raised the specter of devastating consequences if critical infrastructure were destroyed.
“The cyberthreat is one of the greatest threats we face, and policymakers and operators will benefit from having a rapid source of intelligence,” Lisa Monaco, assistant to the president for homeland security and counterterrorism, said in an interview. “It will help ensure that we have the same integrated, all-tools approach to the cyberthreat that we have developed to combat terrorism.”
Monaco will announce the creation of the Cyber Threat Intelligence Integration Center on Tuesday in a speech at the Wilson Center.
“It’s a great idea,” said Richard Clarke, a former White House counterterrorism official. “It’s overdue.”
Others question why a new agency is needed when the government already has several dedicated to monitoring and analyzing cyberthreat data. The Department of Homeland Security, the FBI and the National Security Agency all have cyber-operations centers, and the FBI and the NSA are able to integrate information, noted Melissa Hathaway, a former White House cybersecurity coordinator and president of Hathaway Global Strategies.
“We should not be creating more organizations and bureaucracy,” she said. “We need to be forcing the existing organizations to become more effective — hold them accountable.”
The idea of a central agency to analyze cyberthreats and coordinate strategy to counter them isn’t new. But as the threat has grown, the idea has taken hold again.
Monaco, who has a decade of government experience in counterterrorism, has long thought that the lessons learned from fighting terrorism can be applied to cybersecurity. She saw that as a policymaker she could quickly receive an intelligence community assessment on the latest terrorism threat from NCTC, but that was not possible in the cyber realm.
“We need to build up the muscle memory for our cyber-response capabilities, as we have on the terrorism side,” she said.
Last summer, Monaco directed White House cybersecurity coordinator Michael Daniel to see whether lessons learned from the counterterrorism world could be applied to cyberthreats. She also revived a cyber-response group for senior staff from agencies around the government, modeled after a similar group in the counterterrorism world, to meet weekly and during crises.
Daniel’s staff concluded that the same defects that contributed to the 2001 terrorist attacks — intelligence agency stove-piping and a failure to combine analysis from across the government — existed in the cyber context.
They recommended the creation of an NCTC for cybersecurity, but some agencies initially resisted. Advocates argued that the new center would not conduct operations or supplant the work of others. Rather it would support their work, providing useful analysis so that the FBI can focus on investigations and DHS can focus on working with the private sector, officials said.
During Thanksgiving week, news broke of a major incident at Sony Pictures Entertainment. In the following days, it became clear the hack was significant: Computers were rendered useless, and massive amounts of e-mail and employee data were pilfered and made public.
President Obama wanted to know the details. What was the impact? Who was behind it? Monaco called meetings of the key agencies involved in the investigation, including the FBI, the NSA and the CIA.
“Okay, who do we think did this?” she asked, according to one participant. “She got back six views.” All pointed to North Korea, but they differed in the degree of certainty. The key gap: No one was responsible for an analysis that integrated all the agency views.
In the end, Monaco asked the FBI to produce one, coordinating with the other agencies.
The Office of the Director of National Intelligence, which oversees the NCTC, might seem a natural place to provide that analysis. But its small cyber staff focuses on strategic long-term analysis, not a rapid merging of all sources of intelligence about a particular problem.
The Sony incident provided the final impetus for the new center. Monaco began making the rounds at the White House to build support for the center, officials said.
In his State of the Union speech on Jan. 20, Obama made a veiled reference to the center, saying the government would integrate intelligence to combat cyberthreats “just as we have done to combat terrorism.”
Obama will issue a memorandum creating the center, which will be part of the Office of the Director of National Intelligence. The new agency will begin with a staff of about 50 and a budget of $35 million, officials said.
Matthew Olsen, a former NCTC director, said the quality of the threat analysis will depend on a steady stream of data from the private sector, which operates the nation’s energy, financial and other critical systems. “One challenge will be identifying ways to work more closely with the private sector, where cyberthreats are the most prevalent,” he said.
The government and industries need to invest more in technology, information-sharing and personnel training, as well as in deterring and punishing those who carry out cyberattacks, said Michael Leiter, another former NCTC director who is now executive vice president at Leidos, a national security contractor.
The new center “is a good and important step,” Leiter said. “But it is far from a panacea.”