10 Facts About the New Cyber Threat Intelligence Center

The new Cyber Threat Intelligence Integration Center (CTIIC), established last month under the purview of the director of national intelligence (DNI), is expected to be fully operational by the end of fiscal year 2016.

Known as CTIIC for short, the center will be staffed by about “50 government personnel drawn from relevant departments and agencies,” according to a White House fact sheet. The DNI is creating an organizational structure for the center.

In a Feb. 25 memo announcing the center’s launch, President Barack Obama called for the DNI to provide a status report in three months on the CTIIC’s development. The report will be used to “further refine the CTIIC's mission, roles and responsibilities,” Obama said in the memo.

The White House fact sheet explains that the CTIIC will not collect intelligence or conduct intelligence operations. Its focus will be on producing cyberthreat assessments and sharing data already collected under existing authorities, Lisa Monaco, assistant to the president for homeland security and counterterrorism, said during a speech last month.

While there are many unknowns about the center’s specific roles and responsibilities and staffing structure, here are 10 takeaways from the White House that provide more details about the CTIIC.

1. The center will ensure that threat indicators of malicious cyber activity and, as appropriate, related threat reporting contained in intelligence channels are downgraded to the lowest classification possible for distribution to federal agencies and the private sector.

2. U.S. private-sector companies will not engage directly with the CTIIC to provide or receive cyberthreat data.

3. All departments and agencies that perform cybersecurity functions in government will work closely with the new center and receive intelligence for carrying out their missions. The CTIIC will also support the National Security Council and participate in the Cyber Response Group.

4. Part of the CTIIC’s mission includes connecting the dots about malicious foreign cyberthreats to the United States and cyber incidents affecting national interests.

5. The CTIIC will support the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) to carry out its network-defense and incident-response missions.

6. The new center will also work closely with U.S. Cyber Command and the National Cyber Investigative Joint Task Force to carry out their missions.

7. The CTIIC is not an operational center, meaning it will not collect intelligence, manage incident-response efforts, direct investigations, or replace other functions performed by existing departments, agencies or government cybercenters.

8. All CTIIC functions, which include accessing, retaining, using and disseminating intelligence data, are to align with privacy and civil liberties policies and frameworks.

9. The CTIIC does not have a permanent home yet. The plan is to place the center in an existing intelligence community facility in the Washington, D.C., area.

10. The 2004 Intelligence Reform and Terrorism Prevention Act gives the DNI authority to establish intelligence centers.