The massive Sony Pictures hack attributed to North Korea has become a wake-up call for the Obama administration, which is creating a new cyberterrorism agency designed to consolidate intelligence about cyberthreats and cyberattacks gathered from multiple sources.
Lisa Monaco, presidential adviser for homeland security and counterterrorism, said in a speech at the Woodrow Wilson International Center for Scholars on Tuesday that the new agency's goal is to send out warnings to both the public and private sectors when a cyberattack is imminent. Called the Cyber Threat Intelligence Integration Center (CTIIC), the new agency will share new information about cyberthreats based on intelligence gathered from government agencies, private companies, and consumer groups.
"The cyberthreat is one of the greatest threats we face, and policymakers and operators will benefit from having a rapid source of intelligence," says Monaco in an interview with the Washington Post. "It will help ensure that we have the same integrated, all-tools approach to the cyberthreat that we have developed to combat terrorism."
Monaco is referring to the National Counterterrorism Center, which was created in the wake of the Sept. 11 attacks in 2001 to centralize all intelligence coming in from various government agencies about terrorist plots. She says the government needs to develop the same "muscle memory" for responding to online attacks as it does to physical threats.
Several agencies already operate within the realm of cyberwarfare, including the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Homeland Security (DHS), and the U.S. Cyber Command. However, none of these agencies are tasked with the responsibility to centralize the intelligence and distribute it among the other agencies. This is where the CTIIC is needed, says Monaco.
The move was largely influenced by the massive digital hack of Sony Pictures' entire computer network; an attack that the U.S. government has attributed to North Korea, which it believes is retaliating for "The Interview," a movie that's based on the assassination of North Korean leader Kim Jong-un. Monaco says when U.S. President Barack Obama wanted details about the hack, six different agencies gave six different views - all pointing to North Korea but with varying degrees of confidence in their conclusion.
"The CTIIC is intended to fill these gaps," Monaco said.
She also pointed out several high-profile organizations that have become the target of cyberattacks in recent months, including the U.S. Postal Service, CENTCOM, JP Morgan, Home Depot, and most recently, Anthem, but said that the Sony Pictures hack was the "game-changer because it wasn't about profit" but it was about "a dictator trying to impose censorship and prevent the exercise of free expression."
Critics point out that the new agency can just as easily slow down government responses to cyberthreats. As former White House cybersecurity coordinator Melissa Hathaway says, both the FBI and the NSA already have their own cyber-operations centers, and creating more agencies could clog up the intelligence pathway.
"We should not be creating more organizations and bureaucracy," Hathaway, who is now president of Hathaway Global Strategies, says. "We need to be forcing the existing organizations to become more effective - hold them accountable."
However, Monaco turned down such arguments, saying that the new agency will not overlap with the tasks of other agencies. Instead, the CTIIC will work alongside other agencies to help them focus on their core responsibilities - investigations for the FBI, coordinating with the private sector for DHS, etc. - while the new agency provides each agency a useful analysis of existing and impending threats.