Experts welcome new US cyber security agency, but warn of challenges ahead

The Cyber Threat Intelligence Integration Center to pool all information about online threats

Security experts have welcomed the decision by the US government to create an agency dedicated to fighting computer hackers and cyber attacks.

The Cyber Threat Intelligence Integration Center (CTIIC) was announced in Washington on Tuesday and will pool and assess data about cyber attacks and malicious data breaches that is currently being examined by a range of agencies including the CIA and NSA.

"Currently, no single government entity is responsible for producing coordinated cyber threat assessments," said Lisa Monaco, President Barack Obama's homeland security and counterterrorism adviser.

Monaco said the centre "is intended to fill these gaps" as the threat from cyber attacks becomes "more diverse, more sophisticated and more dangerous".

US authorities have been particularly shaken up by the recent cyber attacks on Sony Entertainment Pictures. The attacks prompted the FBI to issue a warning to US businesses that computer hackers or other cyber criminals have used malicious software to launch what it called "destructive" attacks against American organisations.

And just last week hackers stole personal details of up to 80 million people from US health insurer Anthem in what could be the biggest cyber security breach to hit a healthcare provider.

The setting up of the Cyber Threat Intelligence Integration Center is another sign that President Obama wants to seriously clamp down on cyber crime, and the move has been welcomed by experts in online security. Michele Borovac, VP at HyTrust, said it is "an important and necessary move".

"Attackers are getting smarter, and breaches are increasing in frequency, damage and cost. Bringing disparate organisations together is critical so that information can be shared more easily among ‘the good guys'," he said.

"This organisation will be successful if it can tap the brains of leading cyber security experts, as well as those leading companies and government organisations to reduce the knowledge gap between them."

Dr Mike Lloyd, CTO at security analytics company RedSeal, also welcomed the move, stating "the idea of a cyber-intelligence hub is a good and timely one".

"Modern cyber security still has a lot to learn from traditional military strategists, including the central role of a ‘war room' - a single location where complex flows of data about the fight can be centralised, filtered, compared, mapped out, and acted upon.

"This is the main way to cut through the fog of war," Lloyd continued, before recommending "all organisations should follow this model for their cyber defences".

However, Lance Cottrell, chief scientist at cyber security firm Ntrepid, warned that the centre "must be very carefully crafted for it to have a real effect on cyber security for American businesses".

"Right now the responsibility for cyber security is distributed between the NSA, CIA, FBI, and DHS, among others," he said.

"When we see five different organisations with overlapping and conflicting responsibility for an issue, we often respond by saying that there should be one new organisation which can take control and coordinate the others.

"The unfortunate reality is that you often then have six different organisations with overlapping and conflicting responsibilities. This new organisation has quite a challenge before it," he added.