President Obama officially directed the Director of National Intelligence (DNI) to establish the Cyber Threat Intelligence Integration Center (CTIIC) in a memorandum on Feb. 25.

Announced earlier this month, the CTIIC is to be a national intelligence center focused on “connecting the dots” with malicious foreign cyber threats to the United States and incidents affecting U.S. national interests. It was originally noted as analogous to the National Counter Terrorism Center (NCTC).

“The Administration is applying some of the hard-won lessons from our counterterrorism efforts to augment that “whole-of-government” approach by providing policymakers with a cross-agency view of foreign cyber threats, their severity, and potential attribution,” a fact sheet released with the memo by the White House said.

The specific responsibilities of the CTIIC are:

  • Provide integrated all-source analysis of intelligence related to foreign cyber threats or related to incidents affecting national interests;
  • Support the National Cybersecurity and Communications Integration Center (NCCIC), the National Cyber Investigative Joint Task Force (NCIJTF), U.S. Cyber Command, and other relevant entities by providing access to intelligence necessary to carry out their respective missions;
  • Oversee development and implementation of intelligence sharing capabilities (including systems, programs, policies, and standards) to enhance shared situational awareness of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests;
  • Ensure that indicators of malicious cyber activity and, as appropriate, related threat reporting contained in intelligence channels are downgraded to the lowest classification possible for distribution to both U.S. government and private sector entities;
  • Facilitate interagency efforts to develop and implement coordinated plans to counter foreign cyber threats to U.S. national interests using all instruments of national power, including diplomatic, economic, military, intelligence, homeland security, and law enforcement activities.

The presidential memorandum directs executive agencies to support the effort by providing personnel and resources as necessary for the CTIIC to reach full operating capability by the end of FY 2016.

Within 90 days of the memo, the DNI, in consultation with the Secretary of State, Secretary of Defense, Attorney General, Secretary of Homeland Security, Director of the Central Intelligence Agency (CIA), the Director of the Federal Bureau of Investigation (FBI), and the Director of the National Security Agency (NSA) are to provide a status report to the director of the Office of Management and Budget (OMB) and the Assistant to the President for Homeland Security and Counterterrorism on the establishment of the CTIIC.

The report is to further refine the CTIIC’s mission, roles, and responsibilities to ensure the roles and responsibilities are aligned with other presidential policies and existing policy coordination mechanisms, the memo said.

The announcement said that agencies are directed to provide the CTIIC with all intelligence related to foreign cyber threats or incidents affecting national interests. “The CTIIC shall access, assess, use, retain, and disseminate such information, in a manner that protects privacy and civil liberties and is consistent with applicable law, Executive Orders, Presidential directives, and guidelines.”

The memo also noted that agencies providing information to the CTIIC are to ensure privacy and civil liberties protections are provided, based upon the Fair Information Practice Principles or other policies and principles as they apply to each agency.

The chairmen and ranking members of the House and Senate committees overseeing the Department of Homeland Security have expressed doubts and questions about the CTIIC. In a letter sent to the president on Feb. 11, the committee leaders asked if it is needed at this time and how it will differ from the NCCIC. They also asked if it will duplicate the work of the NCCIC and other cyber centers.

“The activities outlined for the center seem to resemble the functions authorized in law for the NCCIC. We are concerned that the introduction of the CTIIC at this moment in the NCCIC’s evolution may complicate those efforts and introduce uncertainty for the private sector and other partners.”

The White House fact sheet highlighted that unlike other cyber intelligence centers, the CTIIC will not be an operational center. “Instead, the CTIIC will support the NCCIC in its network defense and incident response mission; the NCIJTF in its mission to coordinate, integrate, and share information related to domestic cyber threat investigations; and U.S. Cyber Command in its mission to defend the nation from significant attacks in cyberspace.”

Suzanne Spaulding, Under Secretary of the Department of Homeland Security (DHS) for the National Protection and Programs Directorate (NPPD), explained the differences at a hearing on Feb. 25.

“We welcome the establishment of the Cyber Threat Intelligence Integration Center. And those two “I’s” are important to help make this distinction, because what the CTIIC will do for us is pull together intelligence information from across the 16 different entities that make up the Intelligence Community, over which the DNI has purview,” Spaulding said at a hearing of the House  Committee on Homeland Security.

“In military terms, they are the supporting command and we are the supported command. So they will provide that integrated analysis for us, which will be very useful,”

The CTIIC will also be a place where DHS can get information cleared for wider dissemination. “Instead of having to go to 16 different entities, we can go to this one place who will be an advocate for us because that’s their mission in making sure we can disseminate this information.”

In contrast, NCCIC’s mission is to interact on a daily basis with partners in the federal government and the private sector, receive information from them, and get information out as broadly as it can so those defending their networks can do so effectively, Spaulding said.

The CTIIC is being established under authority granted to the DNI under the Intelligence Reform and Terrorism Prevention Act of 2004 to create intelligence centers, the White House said in the fact sheet.

The CTIIC does not yet have a specific location set yet, but is planned to be in the Washington, D.C., metro area in an existing intelligence community center. It is expected to have a staff of about 50 people, drawn from relevant departments and agencies.