Cyber
Absent an expansion of CTIIC, there are other ways for the CIA and NSA to collaborate in cyberspace.
Chris Inglis, a former deputy director at NSA, said the CIA is now sending more of its employees to NSA to better under- stand how it approaches cyberspace. “That’s a good thing,” he said. “That creates familiarity; that creates an interaction and a mutual dependence that is needed.”
“I think between \\\[NSA Director Adm. Michael\\\] Rogers and Brennan, there’s a much stronger agreement to collaborate,” Inglis added.
But cultural differences between the agencies might limit how much they can collaborate on some operations, he said. NSA officials often think about the trade-offs of deploying, say, a software exploit, while CIA officials’ overriding concern might be the physical safety of operatives in the field.
“That drives a different response in terms of the degree of the willingness to share,” Inglis said. “I think culturally it’s difficult to get over.... You’ll never have them completely simpatico.”
Although NSA’s cyber capabilities get more attention, both Inglis and Hayden said the CIA has plenty of expertise, too, and the agency is more than capable of contributing to joint missions.
“I don’t think they are that dramatic,” Hayden said of the differences in the skills of the two agencies’ cyber special- ists. “What’s dramatically different is the scale of resources that NSA puts into this kind of effort as opposed to what CIA puts into it.”
Given the shifting digital landscape in which the two spy agencies operate, their reorganizations could be anything but final. The transience of software and other IT building blocks suggests updates will be constantly needed. n
CTIIC chief:
We’re up and running
The nascent CyberThreat Intelligence Integration Center provides a mechanism for attributing cyber breaches to threat actors
BY SEAN LYNGAAS
The CyberThreat Intelligence Integration Center arose from
a simple idea: As with terror- ism,theintelligencecommunity needs to produce a holistic, rather than anecdotal, picture of cyberthreats.
The absence of such a portal for cyberthreat intelligence came into stark relief in the aftermath of the 2014 cyberattack on Sony Pictures Entertainment, when White House officials had no single point of contact for deter- mining who was responsible for the hack.
In an interview six months after being named CTIIC direc- tor,Tonya Ugoretz said her team is providing a much-needed pipeline of cyberthreat intel- ligence to policymakers.
CTIIC produces a threat intel- ligence summary about twice
a week to contextualize recent cyberthreat reporting from intel- ligence agencies.The report is designed to make sense to a nontechnical audience.
the intelligence community had in assigning blame. Ukraine’s state security service has blamed Russia.
14 August 30, 2016 FCW.COM
“That product and other ana-
lytic products that we produce
are directly informing policy
discussions \\\[and\\\] interagency
meetings,”saidUgoretz,a UgoretzsaidCTIICinitiated
Intelligence Council. Her deputy came from the National Security Agency, and CTIIC’s research chief is a CIA hand.
CTIICenteredafederalspace that includes multiple cyber centers.To avoid duplication, CTIIC’s advisory board includes the leaders of other cyber cen- ters, including DHS’ National Cybersecurity and Communica- tions Integration Center and U.S. Cyber Command’s Joint Opera- tions Center.
Ugoretz said CTIIC’s success will hinge in part on being on the same wavelength as other cyber centers and added, “I don’t want CTIIC to be sitting here in a vacuum” at the Office of the Director of National Intelligence.
She offered a maxim for establishing new bureaucratic entities, as ODNI was 11 short years ago: “You need to show value right away, and you need to keep showing it” in order to justify the allocated resources. n
career FBI intelligence analyst. She added that a big part of CTIIC’s mission is explaining a technical field to policymakers who “increasingly need to be cognizant of the role that cyber plays in regional and other issues.”
To that end, CTIIC incorpo- rates the views of regional or sector-specific analysts, depend- ing on the context.
“Attribution is as much an art as a science,” Ugoretz said. “Often it’s not the technical indi- cators that are going to solve the question for you.”
For instance, the U.S. govern- ment has not publicly attributed last December’s cyberattack on the Ukrainian power grid to any group or sponsor, but Ugoretz said the lack of attribution was a function of the information avail- able and the level of confidence
a multi-agency exercise that explored different scenarios for who carried out the hack.
Greasing the interagency wheels
CTIIC had a messy begin-
ning. House lawmakers were irked that they did not receive advance notice of its creation, and Department of Homeland Security officials were reportedly concerned that the new agency might encroach on their work.
Many months later, however, Ugoretz said there is no notice- able interagency friction. “I can’t think of an instance where any of our personnel have been parochial,” she said.
CTIIC’s structure seems designed to preclude turf wars. In addition to her FBI experi- ence, Ugoretz has also worked at the CIA, DHS and National