Skip to main content

Sign up for our newsletter.

Quality journalism. Progressive values. Direct to your inbox.

We already have significant information sharing avenues, which makes the new center redundant. (ITU Pictures/flickr/cc)

Administration's New Cyber Threat Center Replaces Old Cyber Threat Center

Mark Jaycox

 by Deeplinks Blog

This week the Obama administration is releasing its second Executive Order in as many years on computer ("cyber") security, which reports are saying will create a new department in the intelligence community to handle computer security threat information sharing. Officials are hailing the center as "new" and unprecedented.

It’s not.  We already have significant information sharing avenues, which makes the new center redundant. Companies can definitely look forward to more red tape when it comes to sharing computer security threats. And it’s not just a question of seemingly unnecessary bureaucracy.  We’re concerned that the whole point of the new center is to be IN the intelligence community, and thus all but eliminate any transparency and accountability. And even if the center is housed in the Department of Homeland Security there is a potential for redundancy.

In a press release the Administration lauded the center, formally called the Cyber Threat Intelligence Integration Center, saying:

No single government entity is responsible for producing coordinated cyber threat assessments, ensuring that information is shared rapidly among existing cyber centers and other [government] elements, and supporting the work of operators and policymakers with timely intelligence about the latest cyber threats and threat actors

The description looks awfully familiar. It should; the Department of Homeland Security (DHS) has an entire department called the National Cybersecurity and Communications Integration Center (NCCIC) that seems to do pretty much everything the Administration thinks needs doing. NICCIC is a bridge between government, private sector, and international network defense communities. It's About page states that the "NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts."

Digging deeper, NCCIC in turn houses US-CERT (United States Computer Emergency Readiness Team) and ICS-Cert (Industrial Control Systems Cyber Emergency Response Team). Both teams also handle computer security information sharing and threat analysis. Specifically, US-CERT "leads efforts to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks."

The descriptions speak for themselves.

Current Public Sharing...

More confusing is trying to reconcile what this new center will contribute to the current public and private information-sharing regime. In 2012 the President signed EO 13636, which created the Enhanced Cybersecurity System, or ECS. The ECS focuses on sharing computer security information from the government to critical infrastructure and other "commercial service providers." At the time, it was hailed as a critical step to improving information sharing and coordinating cyberattacks since the private sector owns about 85% of the America's critical infrastructure. Two years later, we've heard little about its implementation.

The bottom line is that ECS, US-CERT, ICS-CERT, NCCIC, and other departments appear to be tasked with doing exactly what this new "Cyber Threat Agency" will be doing. And there’s more—the DHS programs complement DOD programs like the DIBNET, or Defense Industrial Base Network, where defense contractors share computer security information between themselves and with the government.

Current Private Sharing

All of this is on top of private-sector hubs known as Information Sharing and Analysis Centers (ISACs). ISACs are often sector specific and facilitate information sharing; they’ve been noted as working "very well" and are supplemented by public reports and private communications, like the recently launched ThreatExchange. Private sharing was further encouraged when the FTC and DOJ stated they would not prosecute companies under antitrust law for sharing computer security information. Combined, these private centers facilitate sharing and are core parts of the already current information-sharing regime.

What's New About the New Center?

Given the apparent redundancy of the new center, it’s hard not to believe that its main reason for being is its location: inside the intelligence community and shrouded in near-impenetrable secrecy. Keep in mind that it's long been settled that a civilian agency should lead the country's computer security—so settled that even former NSA chief General Keith Alexander declared that civilian agencies should take the lead on government computer security.  

If the government wants more information sharing then it should expand the ECS or utilize the already current information sharing regimes in US-CERT and the private sector—or explain why it can’t be done in DHS. And of course, as we’ve often said, it’s not at all clear that information sharing is where we should be putting our security dollars and attention. Many of the past years' breaches were due to low-hanging fruit like encrypting personal information, making sure passwords aren't sent in unencrypted emails, and that employees don't download malware. For instance, the New York Times reported the JP Morgan hack occurred due to an un-updated server.

Devils are in the Details

The exact details of the center will be released later this week, but as of now the new center seems redundant. If we want to improve computer security and the sharing of threat information we must encourage companies and the government to use the already existing information sharing regimes. Creating another new bureaucracy inside the intelligence community will probably hinder, not help, the computer security landscape.


This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.

Mark Jaycox

Mark Jaycox is a Policy Analyst and Legislative Assistant for the Electronic Frontier Foundation. His issues include user privacy, civil liberties, EULAs, and current legislation or policy rising out of Washington, DC

This is the world we live in. This is the world we cover.

Because of people like you, another world is possible. There are many battles to be won, but we will battle them together—all of us. Common Dreams is not your normal news site. We don't survive on clicks. We don't want advertising dollars. We want the world to be a better place. But we can't do it alone. It doesn't work that way. We need you. If you can help today—because every gift of every size matters—please do. Without Your Support We Simply Don't Exist.

Ahead of Canadian Election, Bernie Sanders and Rashida Tlaib Endorse NDP

"Bernie, you have fought courageously for public healthcare, affordable medication, making the rich pay their fair share, and tackling the climate crisis," said party leader Jagmeet Singh. "We're doing the same here."

Jessica Corbett ·

US Urged to End Drone Strikes After Pentagon Says Killing 10 Afghan Civilians Was 'Horrible Mistake'

"That was not a 'mistake,'" said journalist Anand Giridharadas. "War crimes are not oopsies."

Brett Wilkins ·

40+ NYC Activists Arrested for Protests Against Banks Fueling Climate Emergency

"We're sending a message loud and clear that the little action that politicians and greenwashing CEOs have taken so far does not begin to deal with the magnitude of this crisis."

Jessica Corbett ·

FDA Panel Recommends Pfizer Booster Shots for People 65+ and Especially Vulnerable

The scientific advisory committee voted down a recommendation for other adults.

Common Dreams staff ·

'What Betrayal Looks Like': UN Report Says World on Track for 2.7°C of Warming by 2100

"Whatever our so-called 'leaders' are doing," said Swedish climate activist Greta Thunberg, "they are doing it wrong."

Jake Johnson ·

Support our work.

We are independent, non-profit, advertising-free and 100% reader supported.

Subscribe to our newsletter.

Quality journalism. Progressive values.
Direct to your inbox.

Subscribe to our Newsletter.

Common Dreams, Inc. Founded 1997. Registered 501(c3) Non-Profit | Privacy Policy
Common Dreams Logo