Cybersecurity is one of the most important issues facing organizations today. It is so important that President Obama addressed it 20 January during his State of the Union address. The President talked about the urgent need to ensure that “no foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.” He then went on to add: “We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.”
Currently, there are many elements across Government dealing with cyber security and information sharing, but up to this point there has been very little integrated intelligence on cyber threats compared to integrated counterterrorism information. Cognitio noted at the time of the State of the Union that President Obama was making overtures of changes to come.
On 10 February, the White House announced that a new Cyber Threat Intelligence Integration Center (CTIIC) would be stood up in the Office of the Director of National Intelligence, mirroring the efforts for counterterrorism information sharing. CTIIC will be responsible “for producing coordinated cyber threat assessments, ensuring that information is shared rapidly among existing cyber-centers and other elements within our government, and supporting the work of operators and policy makers with timely intelligence about the latest cyber threats and threat actors.”
I surveyed our senior staff and advisors, comprised of former Intelligence Community executives and cyber security practitioners, to provide a pulse check on the most significant issues around the standup of the CTIIC. We have outlined what we believe are the top issues for Congress, the CTIIC Standup Team, and Industry that will need to be addressed in order for the CTIIC to be a useful agency.
Issues for Congress:
- Placement of CTIIC: The public perception of placing CTIIC within the Intelligence community, given recent events, could impinge the ability for CTIIC to act in the best interests of US Citizens. Careful consideration to privacy, disclosure, security and entitlements should be given before CTIIC becomes operational.
- Scope of Entitlements: Congress must carefully consider the scope and authorities of an organization like CTIIC. It must have access to vast amounts of data, some of which will be highly sensitive. By carefully carefully outlining what data the new agency may have and how it may act, Congress will go a long way towards ensuring success and transparency to the American public.
- Regulations and Standards: Organizations today spend more than half of their technology dollars to comply with regulations, often at the expense of necessary technology innovation that can drive their business forward or better protect them. Guidance and knowledge are more important than imposition of regulation. Creating arbitrary regulations may cause unreasonable burden to taxpayers and corporations alike.
Issues for The CTIIC Standup Team:
- Defining Actions: A first step is to define the actions that CTIIC may be allowed to undertake. What types of remediation, dissemination and security will be necessary to be effective, yet also balance other equities?
- Data Governance: With the ability to potentially collect and analyze large amounts of sensitive data from many agencies, the CTIIC team will have to establish an over-arching Data Governance Plan and ensure appropriate handling, and protection of data.
- Outreach: A key factor for this new agency will be the alignment and partnership with corporations and Citizens to create an on-going, public dialogue to help protect vital assets, personal data, and information throughout the country.
Issues for Industry:
- Understand Your Risk: The threat landscape is rapidly changing. The worst mistake is to think that a cyber breach or incident can’t or won’t happen to you. Stay abreast of current threats, build a robust response capability, and create your own cyber threat intelligence capability.
- Get Involved: The greatest Government help may come from having a strong relationship with your regional FBI office. Historically, organizations that have a relationship with the FBI before a breach know whom to call and what to do much faster. Also, become involved with Infragard and seek other fora, groups and resources that can provide threat knowledge and support in remediation
- Be Prepared: By stepping back and assessing your enterprise, you can quickly identify gaps and areas of opportunity to enhance your cyber risk posture.
The establishment of the CTIIC should be monitored closely and seems to have the potential to create a unique Government/Corporate/Pubic Alliance to protect national and personal interests. While we applaud the President for taking decisive action, more work will be needed to create an effective threat analysis capability that may be accessed by a broad spectrum of constituencies.
- Executive Order Underscores Need For Leadership Accountability In Reducing Digital Risk
- The Cyber Threat Provides New Insights Into Bad Actors: Book updated with latest on threat actors and the tech ecosystem
- Good Cybersecurity is Not Glamorous
- Chinese Intelligence Operations In America