U.S. Launches New Cybersecurity Agency
- New Agency to Sniff Out Threats in Cyberspace | The Washington Post
- U.S. Creates New Agency to Lead Cyberthreat Tracking | Reuters
- New Agency to Aid Battle Against Hackers | U.S. News
In an effort to thwart cyber-attacks and provide government agencies with a repository of cyber intelligence, the Obama Administration announced this week the creation of a new office charged with analyzing and integrating cybersecurity threat data collected by regional intelligence agencies. The new agency, the Cyber Threat Intelligence Integration Center (CTIIC), aims to do for cybersecurity what the National Counterterrorism Center did for terrorism after the Sept. 11, 2001 attacks.
Cybersecurity has moved to the top of the Obama Administration’s agenda after recent hacking attacks against Sony Pictures, Home Depot, Anthem, Target Corp, and the federal government itself. During his State of the Union Address, Obama called for stricter cybersecurity measures, including higher legal penalties for hackers and legislation that would facilitate sharing of threat information between companies and government.
While industry executives and cybersecurity experts have welcomed Obama’s increased focus on cybersecurity, some are questioning whether a new government agency is the answer, and whether it should be part of the secretive U.S. intelligence community. Responsibility for cybersecurity is already spread across various government agencies, including the National Security Agency, Department of Homeland Security, FBI, and the U.S. military’s Cyber Command. At first glance, then, this new agency appears to be a duplicative body in an already-unwieldy bureaucracy. Government officials have rejected the criticism of the new agency, which is expected to be relatively small, by arguing that it will not overlap with existing agencies that have operations that investigate and disrupt cyber-attacks. Instead, its proponents argue, it will help feed timely and actionable intelligence to other agencies.
Congress has tried for years to pass legislation to encourage companies to share data from cyber-attacks with the government and with each other. Past efforts, however, were stymied by liability and privacy concerns. Last month, Obama proposed legislation to strike a balance between the two, offering liability protection to companies that provide information in near real-time to the government, while requiring them to delete personal data from it. In addition, this is an area where cooperation with the Republican-led Congress seems likely, which is a welcome antidote to the ongoing gridlock in Washington.
Additional questions will remain on the effectiveness of the new Cyber Threat Intelligence Integration Center, including: how it will work within our existing bureaucratic arena; how it will cooperate with the private sector as well as overseas allies and partners; and how it will balance security with domestic laws and rights.