The United States is creating a new cybersecurity agency to sniff out cyber-threats and centralize threat intelligence for use by existing federal agencies.
The White House counter-terrorism coordinator, Lisa Monaco, will officially announce the new center.
While the National Security Agency, Department of Homeland Security, the FBI and the CIA all have cyber practices and departments, the new Cyber Threat Intelligence Integration Center (CTIIC), true to its name, will be an "intelligence center that will 'connect the dots' between various cyber-threats to the nation so that relevant departments and agencies are aware of these threats in as close to real time as possible," a senior Obama administration official told Reuters.
The CTIIC will aim to provide "integrated, all-source analysis” for "seamless intelligence flows among centers, including those responsible for sharing with the private sector," the official said.
Mike Lloyd, CTO at RedSeal, told Infosecurity that the military-style approach of a command-center structure is apt.
“Modern cyber-security still has a lot to learn from traditional military strategists, including the central role of a ‘war room’—a single location where complex flows of data about the fight can be centralized, filtered, compared, mapped out and acted upon,” he said. “This is the main way to cut through the fog of war. At RedSeal, we recommend all organizations should follow this model for their cyber defenses—combine sensor data with an accurate map of the cyber-environment, so that decision makers can visually understand the situation. This also makes sense as a national strategy.”
Josh Cannell, malware intelligence analyst at Malwarebytes Labs, added that an important focus of the new agency should be working with the private sector.
“The important thing here is having the CTIIC work closely with public businesses and law enforcement, so it can be a vital tool in stopping data breaches and other forms of cybercrime,” he said via email. The government has a lot of manpower through agencies like the NSA to focus on protecting their own internal networks, so having something for everyone else needs to be a goal for the CTIIC.”