In the wake of the White House announcement that it is going to create the Cyber Threat Intelligence Integration Center (CTIIC), I wrote an essay for Lawfare regarding lessons for CTIIC that might be drawn from the experience of the National Counterterrorism Center (NCTC). After I wrote the essay—but before it appeared on Lawfare—the White House released a memorandum and Fact Sheet concerning CTIIC. I write now to explain how these documents impact my analysis.
The presidential memorandum, addressed to relevant department and agency heads, did not clarify most of the issues and potential challenges flagged in the essay. The DNI was directed to establish CTIIC under statutory authority granted in the IRTPA to create intelligence centers. The new center is slated to be fully operational by the end of FY 2016.
The CTIIC’s intelligence responsibilities track closely with those of NCTC and its predecessor, TTIC, and the preview by the Homeland Security Advisor: provide all-source analysis; develop information sharing capacity; and support the missions of DHS, DOD and the FBI. It is clear the White House does not intend for CTIIC to play the same role in operational planning or incident response assigned to NCTC in the IRTPA. Rather than “conduct strategic operational planning” and “assign roles and responsibilities…to lead departments or agencies” (NCTC’s responsibilities regarding terror threats), CTIIC will “facilitate and support interagency efforts to develop and implement coordinated plans to counter foreign cyber threats”. The Fact Sheet further stipulates that CTIIC will not “manage incident response efforts” and will only be a “participant” in the interagency Cyber Response Group. CTIIC will be proscribed from directly engaging the private sector on cyber threat information and its analysis will, therefore, remain critically dependent on the extent and quality of threat data available to DHS, the FBI and IC collection agencies.
ODNI will lead an interagency process to define more precisely CTIIC’s roles and responsibilities, and submit a coordinated status report to the White House within 90 days. We presume, in an era of enhanced transparency, that the DNI’s initial status report will be unclassified and help the public understand how this new intelligence organization will contribute to improved national cybersecurity. We will try not to miss its publication.
Steven Slick is the Director of the Intelligence Studies Project at the University of Texas-Austin and a former CIA Clandestine Service officer who served as the NSC’s Senior Director for Intelligence Programs and Reform from 2005-2009. He can be reached at email@example.com.