Tonya Ugoretz, the director of the Cyber Threat Intelligence Integration Center, said the CTIIC focused on maturing its three lines of business over the last ye...
Tonya Ugoretz will join Federal News Radio on Oct. 25 at 1 p.m. for a special Ask the CIO online chat to answer your questions. Please register today.
The Cyber Threat Intelligence Integration Center has been in place now for a little more than a year.
The center now is building on its three business lines toward reaching full operational capability in the coming year.
Tonya Ugoretz, the director of the Cyber Threat Intelligence Integration Center (CTIIC), said the center is maturing to meet the assorted needs of government from senior executives to chief information security officers to program and mission leaders.
“As an integration center, everything we’re doing is in partnership with the rest of the community and that includes our analyses. We are not adding another voice to the many agencies who may publish analyses on cyber threat issues. What we are integrating is the intelligence community’s coordinated assessment of cyber threat issues,” Ugoretz said on Ask the CIO. “Analytically, when decision makers want to know what do we collectively assess is going on, who do we collectively assess is behind something, CTIIC is the one who brings together the community on cyber threat issues to provide that integrated assessment. That doesn’t mean we are watering it down to a lowest common denominator that everyone can agree on. What it means is we bring the community together and we are very clear and transparent about what we can agree on and with what level of confidence. But also importantly what we disagree on and why, and what are the gaps in our understanding that collectively as a community we can address to help us increase our confidence in what we assess.”
Ugoretz said the first year of the CTIIC focused on filling the gaps in the sharing of cyber threat intelligence and building the relationships across government.
President Barack Obama created the CTIIC in February 2015. By September, the center launched its initial efforts with Ugoretz as director and a host of detailees from across the intelligence, Defense and civilian agency communities.
Ugoretz said the CTIIC has been building capacity across its three lines of business:
As the CTIIC enters its second year, Ugoretz said she has several goals, including ensuring the staff is documenting its processes and they are as effective and efficient as possible.
“We are already thinking ahead because we are a multi-agency center and we do have a proportion of detailees so how do we do succession planning, how do we pass down institutional knowledge and how do we clearly document our processes, and even some of these things that we do and don’t do that we’ve all internalized here, but may not be written down on a piece of paper?” she said. “Another is expanding our ability to reach more customers with our work. Right now as we’ve been growing, we’ve been focusing on doing a version of a product and trying to put that out. But as we build capacity and have more resources in terms of personnel and production and the whole tail that helps support all the important pieces of producing quality analytic products, we want to look at how do we reach other parts of the community who may not have access at their desktops to highly classified information or who work other functional or regional missions that aren’t specifically cyber, but who would benefit from knowing this activity that maybe the actor they follow in another context is doing.”
Ugoretz said the CTIIC did a lot of outreach in year one and will do even more in year 2 to reach that broader community.
Another second year priority relates back to PPD 41 and information sharing to make sure the right agencies have the right data to make cyber related decisions.
Ugoretz said the center also will continue to work on a common taxonomy called the cyber threat framework, and metrics.
“We want to ensure we in the community and hopefully outside the community aren’t using different terminology when we are describing different types of activity by threat actors. Hopefully what that will enable us to do is compare apples to apples and do some meaningful trend analysis over time so that we can see when we do get questions about whether activity is increasing or decreasing or if things are moving in a certain way, we can give really well informed answers to those questions,” she said. “We have counterparts in the Office of the National Intelligence Manager for cyber here at ODNI who have really been the lead within the community and with partners in pushing this concept forward. They are developing a framework that will be available publicly at the unclassified level that hopefully folks can use and I don’t think there’s any assumption that it’s one size fits all.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Jason Miller is executive editor of Federal News Network and directs news coverage on the people, policy and programs of the federal government.
Follow @jmillerWFED