Raduege: Why New Cyber Agency MattersEx-DISA Director on Cyber Threat Intelligence Integration Center
A new federal cyberthreat intelligence center could help the government build more resilient networks and better identify cyber-attackers, leading to arrests and punishments, a former top Defense Department IT executive says.
"Those three areas could really go a long way in providing much-needed deterrence to bad cyber-activity on the networks today," says Harry Raduege, a retired Air Force lieutenant general who was the longest serving director of the Defense Information Systems Agency.
Raduege, in an interview with Information Security Media Group, praises the Obama administration's standing up of the Cyber Threat Intelligence Integration Center, announced Feb. 10. The center, known as CTIIC (pronounced see-tick), would cull cyberthreat intelligence from other government agencies to try to identify rapidly responses to protect critical IT systems in government and business (see White House Creates Cybersecurity Agency and New Cyber Agency: The Challenges Ahead ).
"I welcome any attempt by our government to improve speed of collaboration and information sharing among government activities and the industry, and also think that this CTIIC can be helpful in more effectively providing fused cyberthreat intelligence and information from across the entire intelligence community in a more timely manner," says Raduege, chairman of the Deloitte Center for Cyber Innovation.
Private Sector Benefits Without Direct Ties
Raduege says he doesn't see the private sector working directly with CTIIC, but says it should benefit from the center's work. He explains that cyberthreat intelligence will be fed to CTIIC from other governmental cybersecurity organizations such as the Department of Homeland Security's National Cybersecurity and Communications Integration Center, a 24x7 cyber-situational awareness, incident response and management center known as NCCIC (pronounced n-kick). NCCIC, which works with the private sector, will forward to CTIIC cyberthreat information from the business community.
When CTIIC comes up with a plan to defend against or respond to attacks, it alerts the other centers, including NCCIC, to execute it. If private sector systems are threatened, NCCIC will work with affected businesses using the CTIIC plan. Through partnerships and the government cybersecurity framework, Raduege says, a trust has developed between DHS and industry in combating cyberthreats.
In the interview, Raduege discusses the:
- Importance of fusing cyber-intelligence to be analyzed by one agency;
- Benefits of drawing cybersecurity experts from various agencies to work at CTIIC; the initial team of 50 employees at CTIIC will come from other intelligence agencies;
- Efforts by DHS to build a strong relationship with the private sector in promoting cyberthreat information sharing.
Raduege, who retired from the Air Force in 2005 after a 35-year career, heads the Deloitte Center for Cyber Innovation, which focuses on developing cyber solutions for organizations grappling with the need to secure interoperable information systems. In the lead up to the 2008 presidential election, Raduege co-chaired the Commission on Cybersecurity for the 44th Presidency, a group of top governmental, military and cybersecurity thought-leaders and practitioners, that presented the new president with an action plan to address IT security challenges.
Since September, he's been a member of DHS's Science and Technology Advisory Committee. For the past five years, he's been a member of the President's Advisory Council at the EastWest Institute, a think tank.