New U.S. agency to fight cyberthreats

'We're in an intellectual arms race, so we can't stand still,' says a former FBI cybercrime investigator

Spurred in large part by North Korea's destructive digital hack at Sony Pictures, the Obama administration announced plans Tuesday to create a cyberintelligence center to better respond to digital breaches and threats to federal agencies and private industry.

Officials said the operation is being fashioned after the National Counterterrorism Center, which was created after the Sept. 11, 2001, attacks to address criticism that U.S. law enforcement and intelligence agencies failed to stop the Al Qaeda plot partly because they failed to share clues about the hijackers.

"We need to develop the same muscle memory in the government response to cyberthreats as we have for terrorist incidents," Lisa Monaco, White House advisor for homeland security and counterterrorism, said in a speech Tuesday.

President Obama is expected to seek industry support for the effort when he addresses Silicon Valley executives Friday at a cybersecurity and consumer protection summit at Stanford University.

Critics said the federal focus on computer intrusions is long overdue. They said the administration's response has been uneven and poorly coordinated even as the pace of digital attacks shot up fivefold since 2009.

The methods of attack, the kinds of targets, the number of victims and the costs of protecting data and repairing networks have also risen dramatically, experts said.

"It's hard to call [recent hacks] a wake-up call because the alarm has been going off for so long," said Michael Allen, a former staff director of the House Intelligence Committee who now works at Beacon Global Strategies, a Washington firm that advises multinational corporations on cybersecurity.

"We're in an intellectual arms race, so we can't stand still," said Scott Larson, a former FBI cybercrime investigator who runs a cybersecurity company in Minnesota. "It's definitely time to act."

Although federal task forces already investigate criminal hacking networks, no single entity coordinates digital threat data collected by the National Security Agency, the Pentagon, Homeland Security, the FBI and other government agencies. Recent attacks apparently have been launched from servers in China, Russia, Iran, Syria and elsewhere.

The new Cyber Threat Intelligence Integration Center is supposed to fix that gap. Under the auspices of the Director of National Intelligence, it will be charged with combining and analyzing intelligence from across the government as well as from corporations and consumer groups. The goal is to put out warnings when a threat appears likely or a breach is spreading.

"We're not going to bottle up our intelligence," Monaco said at the Woodrow Wilson International Center for Scholars, a think tank in Washington. "If we have information about a significant threat to a business, we're going to share it."

Many technology and telecommunications companies remain deeply suspicious of federal involvement because of disclosures by former NSA contractor Edward Snowden showing that the government had copied large amounts of consumer data and had secretly used U.S. companies to help spy around the world.

Monaco said the cyberthreat center will not collect intelligence but would help analyze data already collected by the NSA and other agencies.

"Inside the U.S. government, we know that state and non-state actors, terrorists, hackers and criminals are probing our networks every day — seeking to steal, spy, manipulate and destroy data," she said.

Some lawmakers have urged the government to launch counterattacks to disable online systems or networks used by hackers. White House officials and some technology experts warn both of the risks and the difficulties in targeting specific hackers without causing widespread spillover.

After the Sony hack, the Obama administration announced new economic sanctions on several North Korean officials but denied allegations that it temporarily disabled the country's limited Internet in retaliation.

Some outside experts warned Tuesday that the new cyberthreat center also could step on privacy rights.

"My hope would be that this cybersecurity center isn't another cloak-and-dagger thing where any surveillance is justified," said Nat Kausik, chief executive of Bitglass, which helps companies lock down data. "That's quite distasteful as a citizen."

But Kausik said he welcomed the chance to interact with what he hopes becomes an "agency with real resources and clout" and not just "an empty-throne czarship."

Monaco said the White House was spurred to action by evidence showing North Korea had destroyed computer systems and released private emails and employee data at Sony Pictures Entertainment last November in apparent reaction to the then-pending release of "The Interview," a film that mocked the country's leader, Kim Jong Un.

She also cited the theft of personal data from tens of millions of health insurance customers at Anthem Inc., as well as hacks at Home Depot, Target, JP Morgan Chase and other companies and institutions.

But the attack on Sony, she said, "was a game-changer because it wasn't about profit. It was about a dictator trying to impose censorship and prevent the exercise of free expression."

Monaco sought to counter complaints that the administration has been slow to share information that could warn businesses about malware, viruses or other digital dangers. Within 24 hours of learning of the Sony attack, the government "pushed out information and malware signatures to the private sector to update their cyberdefenses," she said.

"When Sony happened, they wanted one place you could call, rather than call three or four different agencies," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a nonpartisan think tank in Washington. "There was a sense that a lot of people had lots of pieces of stuff, but it wasn't clear we had our hand on putting it all together."

Persuading corporate executives to share sensitive internal information that could affect their stock price also will be a challenge.

Companies have been reluctant to give the source code of malicious attacks to the federal government or other businesses for fear they may be sued for not protecting customer data.

In response, the White House has proposed cybersecurity legislation that includes a provision that would provide legal protection to companies if they share information about computer breaches with the government.

Chad Fulgham, who served as the FBI's chief information officer from 2008 to 2012, said the new center must consolidate the security alerts produced by a dozen agencies and organizations into something businesses can quickly comprehend and routinely rely on.

"The easier we make it for industry to take action, the better we are going to be collectively," said Fulgham, now chief strategy officer at security start-up Tanium Inc.

"The government is responsible for protecting our borders, be they physical or cyber," agreed Igor Baikalov, chief scientist at Los Angeles cybersecurity software maker Securonix. "In protecting cyberspace, government has to create a safe, secure environment for legitimate business."

Bennett reported from Washington; Dave from Los Angeles

Copyright © 2016, Los Angeles Times