by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : August 30, 2016
14 August 30, 2016 FCW.COM Cyber BY SEAN LYNGAAS The Cyber Threat Intelligence Integration Center arose from a simple idea: As with terror- ism, the intelligence community needs to produce a holistic, rather than anecdotal, picture of cyberthreats. The absence of such a portal for cyberthreat intelligence came into stark relief in the aftermath of the 2014 cyberattack on Sony Pictures Entertainment, when White House officials had no single point of contact for deter- mining who was responsible for the hack. In an interview six months after being named CTIIC direc- tor, Tonya Ugoretz said her team is providing a much-needed pipeline of cyberthreat intel- ligence to policymakers. CTIIC produces a threat intel- ligence summary about twice a week to contextualize recent cyberthreat reporting from intel- ligence agencies. The report is designed to make sense to a nontechnical audience. “That product and other ana- lytic products that we produce are directly informing policy discussions [and] interagency meetings,” said Ugoretz, a career FBI intelligence analyst. She added that a big part of CTIIC’s mission is explaining a technical field to policymakers who “increasingly need to be cognizant of the role that cyber plays in regional and other issues.” To that end, CTIIC incorpo- rates the views of regional or sector-specific analysts, depend- ing on the context. “Attribution is as much an art as a science,” Ugoretz said. “Often it’s not the technical indi- cators that are going to solve the question for you.” For instance, the U.S. govern- ment has not publicly attributed last December’s cyberattack on the Ukrainian power grid to any group or sponsor, but Ugoretz said the lack of attribution was a function of the information avail- able and the level of confidence the intelligence community had in assigning blame. Ukraine’s state security service has blamed Russia. Ugoretz said CTIIC initiated a multi-agency exercise that explored different scenarios for who carried out the hack. Greasing the interagency wheels CTIIC had a messy begin- ning. House lawmakers were irked that they did not receive advance notice of its creation, and Department of Homeland Security officials were reportedly concerned that the new agency might encroach on their work. Many months later, however, Ugoretz said there is no notice- able interagency friction. “I can’t think of an instance where any of our personnel have been parochial,” she said. CTIIC’s structure seems designed to preclude turf wars. In addition to her FBI experi- ence, Ugoretz has also worked at the CIA, DHS and National Intelligence Council. Her deputy came from the National Security Agency, and CTIIC’s research chief is a CIA hand. CTIIC entered a federal space that includes multiple cyber centers. To avoid duplication, CTIIC’s advisory board includes the leaders of other cyber cen- ters, including DHS’ National Cybersecurity and Communica- tions Integration Center and U.S . Cyber Command’s Joint Opera- tions Center. Ugoretz said CTIIC’s success will hinge in part on being on the same wavelength as other cyber centers and added, “I don’t want CTIIC to be sitting here in a vacuum” at the Office of the Director of National Intelligence. She offered a maxim for establishing new bureaucratic entities, as ODNI was 11 short years ago: “You need to show value right away, and you need to keep showing it” in order to justify the allocated resources. n CTIIC chief: We’re up and running The nascent Cyber Threat Intelligence Integration Center provides a mechanism for attributing cyber breaches to threat actors Absent an expansion of CTIIC, there are other ways for the CIA and NSA to collaborate in cyberspace. Chris Inglis, a former deputy director at NSA, said the CIA is now sending more of its employees to NSA to better under- stand how it approaches cyberspace. “That’s a good thing,” he said. “That creates familiarity; that creates an interaction and a mutual dependence that is needed.” “I think between [NSA Director Adm. Michael] Rogers and Brennan, there’s a much stronger agreement to collaborate,” Inglis added. But cultural differences between the agencies might limit how much they can collaborate on some operations, he said. NSA officials often think about the trade-offs of deploying, say, a software exploit, while CIA officials’ overriding concern might be the physical safety of operatives in the field. “That drives a different response in terms of the degree of the willingness to share,” Inglis said. “I think culturally it’s difficult to get over.... You’ll never have them completely simpatico.” Although NSA’s cyber capabilities get more attention, both Inglis and Hayden said the CIA has plenty of expertise, too, and the agency is more than capable of contributing to joint missions. “I don’t think they are that dramatic,” Hayden said of the differences in the skills of the two agencies’ cyber special- ists. “What’s dramatically different is the scale of resources that NSA puts into this kind of effort as opposed to what CIA puts into it.” Given the shifting digital landscape in which the two spy agencies operate, their reorganizations could be anything but final. The transience of software and other IT building blocks suggests updates will be constantly needed. n 0830fcw_012-014.indd 14 8/9/16 1:33 PM
August 15, 2016
September 15, 2016