A new cyber threat intelligence center: Is legislation needed?
One issue left unclear by the announcement yesterday of a new Cyber Threat Intelligence Integration Center (CTIIC) is whether the Administration intends to seek legislation as part of its proposal to establish the Center. The President’s Homeland Security Advisor Lisa Monaco addressed this obliquely in her remarks at the Wilson Center, when she referenced authority that the Director of National Intelligence has in Sec. 102A(f)(2) of the National Security Act, which says that the DNI “may establish such other national intelligence centers as the Director determines necessary,” and indicated that the CTIIC would be established pursuant to this authority.
But that is a weak statutory basis for establishing such a center, especially in comparison with the authorities in law given to the National Counterterrorism Center (NCTC), as codified in Sec. 119 of the National Security Act. NCTC’s statutory language provides it with a clear set of missions and responsibilities, and clarifies its role (at least in part) with respect to its key interagency partners. Notably, it clarifies that the head of the NCTC is the principal advisor to the DNI on “intelligence operations related to counterterrorism”, has “primary responsibility within the United States for conducting net assessments of terrorist threats”, and assists the DNI in “establishing requirements for the intelligence community for the collection of terrorism information.”
Sec. 119 also gives the DNI the authority to resolve any disputes between the NCTC and the head of any other agency on matters pertaining to the NCTC’s responsibilities. And the section states clearly that the Directorate of Intelligence within the NCTC “shall have primary responsibility within the United States government for analysis of terrorism and terrorist organizations (except for purely domestic terrorism and domestic terrorist organizations) from all sources of intelligence, whether collected inside or outside of the United States.”
These are generally solid authorities, and while they have on occasion been circumscribed by other agencies’ conflicting authorities, they have been a basis for NCTC to establish a strong position within the interagency community on counterterrorism issues.
If the new CTIIC does not have similarly clear authority in law (but different in certain respects, based on the distinctions between CT-related intelligence and cyber threat intelligence), and instead relies only on an executive order or presidential memorandum for its authority, then it will be hobbled at the start from fulfilling the ambitious mandate that has been defined for it. For that reason, it would be warranted for the Administration to request formal establishment of the CTIIC in law, perhaps as part of annual intelligence authorization legislation.