When the administration announced the creation of a new Cyber Threat Intelligence Integration Center (CTIIC), not everyone in government was happy about the news.

"When the idea for a new cyber center began circulating in earnest in late 2014, some of the existing centers and their home agencies had some questions," CTIIC Director Tonya Ugoretz said during a talk at the 2016 Department of Defense Intelligence Information Systems (DoDIIS) Worldwide conference in Atlanta, Georgia. "What were we going to do that they weren't already doing and what were they already doing that we would try to nudge our way in on?"

The key was defining a very specific scope for the new group, which was created to act as a clearinghouse for cyber threat information within the intelligence community.

Ugoretz said — tongue-in-cheek but with more than a little truth — as a rule, if an organization has five or more letters in its acronym, "Chances are there was a fair bit of consternation and negotiation that went into identifying exactly what its role would be."

As Lisa Monaco, assistant to the president for homeland security and counterterrorism, said when announcing the new unit in February 2015, CTIIC is not intended to collect intelligence but rather to process information gathered by other sources into a coherent, digestible format.

While there are six other intelligence integration centers stood up before CTIIC, "There was a growing realization that there was no one, single entity responsible for producing coordinated assessments across this community," Ugoretz said.

So the CTIIC was created to bring all that intelligence together to keep policy- and decision-makers informed of the ever-changing threat landscape.

"Think of CTIIC as operating behind the scenes, working across the intelligence community and the federal government, integrating information into a common picture, helping to ensure information is flowing where it needs to go across that federal cyber community and asking questions to spur thinking on the threats we're starting to see," Ugoretz said.

CTIIC analysts bring together information from a wide variety of sources, frame the issues in plain language and present officials with a hierarchy of threats based on the most immanent and potentially disruptive and destructive.

"The best intel or analysis in the world doesn't mean squat if you can't communicate it effectively to the people who need it and need to act on it," Ugoretz said. "So building an understanding of cyber threats for our customers means we not only have to build meaningful analysis of threat activity, we need to be able to explain it and present it in a way that's comprehensible and accessible to more than just the cyber community."

Even if they get past the "jargon barrier," the director admitted there is still a lot of confusion out there around the center's role, particularly as it relates to other similar groups, but that's partially on purpose.

"There's not much information available about us publicly yet and that's for good reason," she said. "It's partly because we are so new. But it's also because it's really not in our remit to be a public-facing organization."

Unlike many of the other groups, outreach is not part of CTIIC's mission — the center is meant to advise high-level officials within the intelligence and homeland security communities and does not share information with the private sector or other groups.

"Our role is to support those agencies in supporting their non-federal partners," Ugoretz said.

About Aaron Boyd

Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.

Share:
In Other News
Load More