14 Jan 2016

Cyber Threat Intelligence Integration Center



Today, the President directed the Director of National Intelligence (DNI) to establish the Cyber Threat Intelligence Integration Center (CTIIC). The CTIIC will be a national intelligence center focused on “connecting the dots” regarding malicious foreign cyber threats to the nation and cyber incidents affecting U.S. national interests, and on providing all-source analysis of threats to U.S. policymakers. The CTIIC will also assist relevant departments and agencies in their efforts to identify, investigate, and mitigate those threats.

Purpose

Cyber threats are among the gravest national security dangers to the United States. Our citizens, our private sector, and our government are increasingly confronted by a range of actors attempting to do us harm through identity theft, cyber-enabled economic espionage, politically motivated cyber attacks, and other malicious activity. As with our counterterrorism efforts, the United States Government is taking a “whole-of-government” approach to defend against and respond to these threats. In creating the CTIIC, the Administration is applying some of the hard-won lessons from our counterterrorism efforts to augment that “whole-of-government” approach by providing policymakers with a cross-agency view of foreign cyber threats, their severity, and potential attribution.

The CTIIC will provide integrated all-source intelligence analysis related to foreign cyber threats and cyber incidents affecting U.S. national interests; support the U.S. government centers responsible for cybersecurity and network defense; and facilitate and support efforts by the government to counter foreign cyber threats. Once established, the CTIIC will join the National Cybersecurity and Communications Integration Center (NCCIC), the National Cyber Investigative Joint Task Force (NCIJTF), and U.S. Cyber Command as integral parts of the United States Government’s capability to protect our citizens, our companies, and our Nation from cyber threats.

Authority

The CTIIC is being established under authority granted to the DNI by the Intelligence Reform and Terrorism Prevention Act of 2004 to create intelligence centers. The creation of the CTIIC does not grant the Intelligence Community any additional authority to collect intelligence or conduct intelligence operations. Nor will the CTIIC directly engage U.S. private sector entities to provide, receive, or obtain any information about cyber threats.

Relationship to Other Cybersecurity Centers

The CTIIC will not be an operational center. It will not collect intelligence, manage incident response efforts, direct investigations, or replace other functions currently performed by existing departments, agencies, or government cyber centers. Instead, the CTIIC will support the NCCIC in its network defense and incident response mission; the NCIJTF in its mission to coordinate, integrate, and share information related to domestic cyber threat investigations; and U.S. Cyber Command in its mission to defend the nation from significant attacks in cyberspace. The CTIIC will provide these entities, as well as other departments and agencies, with intelligence needed to carry out their cybersecurity missions.

Organizational Structure

The President has directed the DNI, in cooperation with other government agencies, to refine the CTIIC’s mission, roles, and responsibilities, ensuring that those roles and responsibilities are appropriately aligned with other presidential policies as well as existing policy coordination mechanisms. For example, it is anticipated that the CTIIC will be a critical participant in the interagency Cyber Response Group, support the National Security Council in carrying out its cybersecurity responsibilities, and have a close partnership with all departments and agencies that perform cybersecurity functions in the government.

No decisions have been made regarding the CTIIC’s specific location, but the current plan is to locate the CTIIC in the Washington, DC metro area in an existing Intelligence Community facility. The DNI is in the process of developing the CTIIC’s organizational structure; we expect that it will be small, consisting of approximately 50 government personnel drawn from relevant departments and agencies.

Privacy and Civil Liberties

The CTIIC will perform its functions consistent with applicable policy and legal frameworks and in a manner that protects privacy and civil liberties. The CTIIC shall access, retain, use, and disseminate such information, in a manner that protects privacy and civil liberties and is consistent with applicable law, Executive Orders, Presidential directives, and guidelines, such as guidelines established under section 102A(b) of National Security Act of 1947, as amended, Executive Order 12333 of December 8, 1981 (United States Intelligence Activities), as amended, and Presidential Policy Directive-28; and that is consistent with the need to protect sources and methods. Agencies providing information to the CTIIC shall ensure that privacy and civil liberties protections are provided in the course of implementing the memorandum that the President issued today. Such protections shall be based upon the Fair Information Practice Principles or other privacy and civil liberties policies, principles, and frameworks as they apply to each agency’s activities.