New Federal Cybersecurity Organization Popping Up Everywhere

The White House & Office of the Director of National Intelligence (ODNI)

Recently, the White House announced the creation within the ODNI of the Cybersecurity Threat Intelligence Integration Center (CTIIC) (or CTIC, if you leave out the “integration,” as I have seen in some press stories) to fill a void by collecting and integrating cyber-threat intelligence and producing coordinated cyber-threat assessments for network operators and policy makers. Subsequently, Suzanne Spaulding, the Department of Homeland Security (DHS) undersecretary for the National Protection and Programs Directorate (NPPD) added that the center’s scope will go beyond cybersecurity to integrating broader intelligence information in a form that can be declassified and then sharing the information across relevant government and industry sectors. The $35 million agency was the latest news in federal cybersecurity, even to those in Congress.

The Department of Defense’s (DoD)

Back in January, the Defense Information Systems Agency (DISA) announced that it is launching a new cyber defense organization – the Joint Task Force-DoD Information Networks (JTF-DoDIN) – as part of the broader DISA reorganization. The new cyber organization is taking over all operational defensive activities from the U.S. Cyber Command (USCYBERCOM) to free it up to focus on cyber- policy and strategy in the face of fast growing threats.

The Office of Management and Budget (OMB)

In addition to working on guidance for the 2014 update to the Federal Information Security Management Act (FISMA) as well as several cybersecurity policy directives, OMB has established an E-Government Cyber unit under the existing Office of E-Government and Information Technology to lead their cyber- initiatives. The result of legislation passed late last Congress, the new unit has $15 million in new funding included in the FY 2016 budget request. E-Gov Cyber will expand OMB’s reach within the .gov cyber- realm beyond Cyberstat’s data-driven, risk-based framework and issuing cybersecurity-related guidance to include coordinating agency responses to cyber- incidents and vulnerabilities.

Central Intelligence Agency (CIA)

Although a new organization at the CIA has not been created there, yet . . . it appears that the possibility has more than crossed the minds of agency leadership. The CIA is expanding its cyber-espionage capabilities to overcome its increasingly obsolete approach to espionage due to the rapid proliferation of technologies like smartphones and social media. CIA Director John Brennan is calling for greater use of cyber capabilities in nearly every facet of agency operations, even considering the creation of a new cyber-directorate that would elevate the agency’s technology experts to be on par with CIA’s operations and analysis units.

Implications

According to the FY 2016 federal budget request release a few weeks ago, the president has proposed $14 billion in cybersecurity funding for cybersecurity initiatives and research. The proposal underscores the growing prominence that information resources and technologies play in our nation and the heightened sense that we should be doing more to protect these resources.

Yet, the fiscal climate for IT programs over the last few years has been uncertain, and with few exceptions notwithstanding, that pressure does not seem to be letting up just yet. However, given some of the high profile cybersecurity failures that have made the news in recent months it may be that the “cybersecurity card” is one of the few things that will ensure funding from Congress for needed IT investments at an agency.