President Barack Obama’s plan to create a new agency to combat hackers may improve information sharing between government and industry, although it adds to a security bureaucracy that some have warned has already grown unwieldy.
The Cyber Threat Intelligence Integration Center announced Tuesday comes in response to increasingly damaging online attacks against American banks, retailers and other industries – – including an attack last year on Sony Corp.’s Hollywood studio.
“State and non state actors, terrorists, hackers and criminals are probing our networks every day seeking to steal, to spy, to manipulate and to destroy” U.S. computer networks. said Lisa Monaco, assistant to the president for homeland security and counterterrorism. “Currently, no single government entity is responsible for producing a coordinated cyber threat assessment.”
U.S. companies have been clamoring for more aggressive response to cyber-attacks on companies by China, Iran, North Korea and other nation states. Financial institutions, including JPMorgan Chase & Co., have repeatedly asked U.S. officials to do more to halt the attacks rather than expect banks just to fight them off.
Advocates for smaller government have said the growing bureaucracy has led to an uncoordinated amalgam of agencies and initiatives and has hampered cybersecurity efforts.
Multiple Agencies
A unit to integrate cyber intelligence already exists within the Department of Homeland Security, called the National Cybersecurity and Communications Integration Center. The U.S. Cyber Command operates under the Pentagon and defends military networks as well as preparing potential counteroffensive moves.
“If you put another layer into this area you’re creating some problems,” Shawn Henry, president of cybersecurity company CrowdStrike Services, said in an interview with Bloomberg Television.
“Quite frankly, there are multiple centers now where there’s a lot of coordination happening across the entire U.S. intelligence community,” he said. “The real key here is to see exactly how this is to be utilized and what the White House’s goal is.”
The new center will coordinate efforts and perform a function that no other agency is currently performing, Monaco said.
“This is filling a critical gap,” Monaco said in a speech Tuesday at the Woodrow Wilson International Center for Scholars in Washington.
Integrated Analysis
Monaco disputed claims that the new center is redundant, saying it will serve to provide valuable data to intelligence and law enforcement centers that carry out operations. The agency fills a gap in providing “critical, rapid, coordinated intelligence to feed those operational centers,” she said.
“It’s not duplicative at all.”
The agency’s mission will be similar in nature to the National Counterterrorism Center, which was established to foster better information sharing after the Sept. 11, 2001, terrorist attacks. The agency will provide integrated analysis of foreign cyberthreats, ensure government agencies have access to the latest intelligence, and support efforts to counter foreign cyberthreats, Monaco said.
The agency also will help improve efforts to share data about hacking threats between the government and companies — a long-time goal that has been plagued by setbacks and legislative stalemate.
“Pre-9/11”
“The feeling is that we’re in a position similar to the one we were in pre-9/11,” said James Lewis, senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington. “You can see all the indicators that something big is coming but we haven’t got our act together to do something about it. This is an effort to get ahead of it.”
Congress hasn’t passed legislation that would give companies legal protections for sharing threat data with each other and the government. In his 2016 budget request, Obama proposed spending $14 billion to combat online threats.
Turf wars, duplication and communication gaps have worsened as the federal government’s intelligence infrastructure has grown to include the Department of Homeland Security, the National Security Agency, the Department of Justice, the Defense Department and other agencies, according to a 2011 report from the Heritage Foundation, a Washington-based policy group that advocates limited government.
Bureaucratic Expansion
The bureaucratic expansion, which began under President George W. Bush, has hampered the cybersecurity response effort, the report found. It said the Obama administration “is faring no better.”
“The National Security Agency and the DHS apparently remain locked in a battle over who will lead the cybersecurity effort,” according to the report.
Monaco said the federal government won’t leave the private sector to fend for itself against hackers.
On Friday, Obama plans to travel to Stanford University in Palo Alto, California and speak to government and industry officials at a cybersecurity summit on Friday.
The debate over the U.S. government’s role broke into the open after the computer banks of Sony Entertainment Pictures were destroyed in an attack attributed to North Korea. Since then, lawmakers have been pushing the administration to disable attacks before they occur, which requires offensive actions by U.S. Cyber Command as well as authorization by the president.
Forbes Hacked
Monaco said the center will create “a two-way street” in which data from attacks on individual companies can be paired with U.S. intelligence and spread across industry sectors.
A hacking attack on the website of Forbes.com Inc. demonstrates the need for the new center, she said.
Hackers infected the website of Forbes.com from Nov. 28 to Dec. 1 with malware that could provide remote access to a user’s computer, according to details about the attack released Tuesday by cybersecurity companies iSight Partners Inc. and Invincea Inc.
The attack potentially put at risk millions of visitors to Forbes.com, although there isn’t any evidence that successful intrusions were accomplished, according to the companies.
Known as a watering-hole attack, the hackers appeared to be targeting U.S defense contractors and financial service organizations, said John Hultquist, senior cyber espionage practice lead at Dallas-based iSight Partners.
Forbes discovered a file had been modified on a system related to its website on Dec. 1 and “took immediate actions to remediate the incident,” company spokeswoman Mia Carbonell said in an e-mail.