It’s a mouthful, but the Cyber Threat Intelligence Integration Center (CTIIC) is a darling of the Obama administration designed to centralizes intelligence sources to fight hacks and attacks. It marries law enforcement data with facts, information, and intel from internet, hosting, and white hat hackers in the hopes that 2014—the year of the cyber attacks—won’t be repeated. However, the real action will take place when a “cyber crisis” happens. It’s already well-known that a number of attacks could have been prevented with some pretty basic measures like two-step authentication. It’s also well-known that many attacks could have been minimized if action was taken faster. That’s where CTIIC steps in.
The Obama administration admits that some of the major agencies like the Department of Homeland Security, Central Intelligence Agency, Federal Bureau of Investigation, Department of Defense and the Department of Justice aren’t doing their best to share data or coordinate their actions even though they have rich cyber capabilities. With the CTIIC, which was inspired by the National Counterterrorism Center (NCTC), it’s meant to battle the lack of intelligence sharing. The NCTC was kickstarted post-9/11 when critics said a little more government intelligence sharing could have stopped the attacks.
Putting the CTIIC Into Action
Already, some critics are pointing out potential flaws of the CTIIC—like the fact that it’s just more bureaucracy with no real benefits. However, it’s important to note that there will be zero operational requirements for the CTIIC. It’s all a coordinating effort. Basically, the CTIIC’s job will be to ensure that all information on a threat is pooled into one place, then analyzed thoroughly. A lack of coordination is a big issue, especially when multiple agencies are involved. The CTIIC will hopefully make sure that agencies play well together, share, and work as a team when cyber crises occur.
It’s a good idea in theory, but the CTIIC is still way too young to know if it’ll be effective. However, with a plethora of recent attacks and big name victims like Home Depot, Sony and Target, it’s clear that information security is subpar at best. James Comey, FBI Director, says, “There are two kinds of big companies in the United States: There are those who’ve been hacked…and those who don’t know they’ve been hacked.” According to research from Ponemon Institute, a single cyber crime cost for the average US Retail store is $8.6 million. In the financial services industry, that cost goes up to $20.8 million.
Building Blocks of Success?
Obviously, the NCC has been around since 2001—almost 15 years. Overall, it’s been called a success. Featuring both a virtual and physical space to share and collect data, analyze it and coordinate action, it’s helped agencies work better together to combat terrorism. It’s not perfect, but it’s a solid model for the CTIIC to use as inspiration. However, unlike the NCTC, the CTIIC will be located in the Office of the Director of National Intelligence (ODNI).
Right now, ODNI has no operational mandate—which is fine as long as the CTIIC remains a coordinator/analyzer alone. But will CTIIC grow into something more? Only time will tell, and there will surely be growing pangs along the way.