Cyber Threat Intelligence Integration Center (CTIIC)

No CTIIC Meddling Please: Excerpts from White House Veto Threat

By Robert Chesney
Wednesday, June 24, 2015, 6:57 PM

Back on June 15, the White House issued a SAP (statement of administration policy) spelling out objections to H.R. 2596, the Intelligence Authorization Act for FY'16.  The SAP concludes that the President will veto the bill if presented as-is.  Since I wrote about certain interesting provisions of the IAA before, I thought it worthwhile to highlight the White House objections to those same provisions (they all take a hit here...except, interestingly, not the one that would bar PCLOB from seeking information relating to covert action).  Note: the lead items in the SAP are complaints about circumvention of budget caps via reliance on Overseas Contingency Operation (OCO) funding, and of course also about the latest round of GTMO transfer restrictions.  By omitting the language on those, I don't mean to suggest they aren't the main items of concern.  But these other items are interesting, and not as widely-appreciated, so herewith the SAP language about them:

Prohibition on Sharing of Certain Information in Response to Foreign Government Inquiries: The Administration strongly objects to section 308, which prohibits the IC from responding to, sharing, or authorizing the sharing of any non-public information related to an intelligence activity carried out by the United States in response to a legislative or judicial inquiry from a foreign government into the intelligence activities of the United States. This provision could affect our relationships with foreign partners and interferes with the President’s authority to conduct foreign relations and control the dissemination of sensitive national security information.

Cyber Threat Intelligence Integration Center (CTIIC): The Administration is committed to establishing the CTIIC as a robust element of the government’s cyber capabilities, but objects to the language in this bill concerning the CTIIC’s role and responsibilities. The Administration intends for the CTIIC to be a national intelligence center focused on “connecting the dots” regarding malicious foreign cyber threats to the nation and cyber incidents affecting U.S. national interests, and on providing reliable all-source analysis to U.S. policy makers. This bill seeks to significantly expand CTIIC’s roles and responsibilities beyond those contained in the President’s February 25 memorandum directing the establishment of the CTIIC. Further, the bill gives the CTIIC certain intelligence mission management functions already assigned elsewhere in the IC. Given the rapidly changing nature of cyber threats to the United States, the CTIIC will require flexibility in executing its core functions. Furthermore, the limits this bill would place on CTIIC’s resources, and the expansive approach the bill would take with regard to CTIIC’s missions, are unnecessary and unwise, and would risk the CTIIC being unable to fully perform the core functions assigned to it in the bill. Instead, the Administration believes that 3 responsibilities given to the CTIIC in the President’s February 25 memorandum are appropriate given the need for the CTIIC to be a tailored, nimble organization that supports and enables the Federal government’s efforts to identify, defend against, and respond to cyber threats.

Reporting Requirements: The Administration also objects to certain reporting requirements in the bill. For instance, section 303 would prohibit the use of funds to initiate any new special access program unless the Director of National Intelligence or the Secretary of Defense submits a notification to the congressional committees 30 days before initiating such program, subject to a limited exception. Such a requirement is unduly burdensome and does not offer the IC sufficient flexibility to efficiently manage special access programs while meeting the oversight needs of the Congress. The Administration also objects to section 332, which requires a report to Congress every 60 days for the next three years on foreign fighter flows to and from Syria. These provisions are unnecessary and overly burdensome and could, in certain circumstances, interfere with the President’s authority with regard to sensitive national security information. The Administration stands ready to work with Congress on possible alternatives. The Administration is committed to ensuring that the relevant committees have the information they need for effective oversight of the IC and looks forward to working with Congress to address our concerns with these provisions.