U.S. to Establish New Cybersecurity Agency

February 10, 2015

The U.S. government is creating a new agency to monitor cybersecurity threats, pooling and analyzing information on a spectrum of risks.

The Cyber Threat Intelligence Integration Center (CTIIC) will be an "intelligence center that will 'connect the dots' between various cyber threats to the nation so that relevant departments and agencies are aware of these threats in as close to real time as possible," Reuters reported.

The CTIIC will aim for "seamless intelligence flows among centers, including those responsible for sharing with the private sector,” Reuters reported.

"Fundamentally, it sounds like this agency is supposed to coordinate response in “near real time” when there is an attack," Jeff Williams, CTO of Contrast Security told Security magazine. "But I can’t imagine how they could possibly gather enough data from private companies, even agencies, to effectively do this. I’m not convinced that the proposed liability protection wouldn’t be enough incentive to participate. And if they did figure out how to gather the data, the privacy implications are staggering. I’d like to see government focus less on being a cybermilitary, ready to respond in case of attack, and much more like the cyberworldbank, or cyberredcross, or cyberuniversity. What cybersecurity really needs is a focus on fixing the software market so that it makes financial sense to build secure software. Ultimately, I’m not very optimistic that this will do anything to make software better, reduce the number of attackers, lower the number of breaches, or protect people’s sensitive information. I’m pretty sure that it will endanger privacy, and create even more confusion.”

“The Devil is in the Details," added Sol Cates, CSO of Vormetric. "To be effective CTIIC has to have both a tactical and strategic mission. Tactically is has to distribute immediate timely, actionable information, and strategically provide longer term guidance to help mitigate risks," he told Security magazine. "Will there be web-APIs and interfaces to get the information out quickly? Will intelligence come in the form of simple email that is less timely? How effective will the center be at reducing the “noise” of false positive information so that only real threats come through? All these questions will need answers to be sure that the center is effective.”

http://www.reuters.com/article/2015/02/10/us-cybersecurity-agency-idUSKBN0LE1EX20150210

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

U.S. to Establish New Cybersecurity Agency

Related Articles

Related Products

Report Abusive Comment