US plots to KILL hackers – with bureaucracy!
New Cyber Threat Intelligence Integration Center will share info with big biz
A new US government "cyber threat" agency will take information on computer security breaches at private companies, pair it with classified intelligence – and put it back out to businesses so they can learn how to beef up their defences.
That's the dream, anyway, according to President Obama's homeland security and counterterrorism advisor Lisa Monaco, who launched the Cyber Threat Intelligence Integration Center (CTIIC) on Tuesday in Washington DC.
"So much of our critical infrastructure - and just infrastructure - is in private sector hands," Monaco noted. "And so we are relying on it to some significant measure about information on vulnerabilities."
The new center comes on the heels of a number of executive orders from President Obama in which he urged private companies to phone in any security breaches they suffer so that the federal government can assist in improving overall security.
"It's a two-way street," Monaco noted, adding that the government was "very focused" on identifying hacker groups who she says are behind the majority of damaging cyber-activity.
In recent months, there have been high-profile "cyber" assaults against Sony Pictures, healthcare insurance company Anthem, and retail stores Target and Home Depot. The idea of CTIIC (pronounced 'see-tick') is for the government to build relationships with companies and share information on threats quickly in order to limit broader exposure.
There are a number of different agencies within the federal government that have cybersecurity arms including the FBI, the Department of Homeland Security, the NSA and the CIA. Monaco said the private sector should provide Homeland Security with the information and it will then share with the other arms of the federal government.
CTIIC will also hook up different arms of the government, pulling in intelligence from everyone and then act as a source of information for all.
A very similar approach was attempted back in 2008 with the creation of the National Cybersecurity Center, also under Homeland Security, but the organization was engulfed in inter-agency fighting and its head quit after less than a year in a job, publishing a resignation letter in which he blamed the NSA for trying to control all cybersecurity efforts.
Whether the new CTIIC will suffer under the same inter-agency fighting is unclear, with one expert telling the Washington Post that she was skeptical. “We should not be creating more organizations and bureaucracy,” former White House cybersecurity coordinator Melissa Hathaway told the paper. "We need to be forcing the existing organizations to become more effective, hold them accountable." ®