As the cyber security threat to the U.S. economy and national security has grown, U.S. states and businesses have taken increasing steps to prevent potential hacks from invading user privacy and U.S. intelligence activities. Most recently, New York’s attorney general, proposed new rules to help safeguard consumer privacy and provide businesses with incentives to work with government to prevent attacks and catch perpetrators. The proposed new rules were already being floated in December of last year, when financial institutions wary of consumers’ private information being used for unlawful purposes ramped up their spending on cyber security, and were estimated to spend an additional $2 billion in 2015 than in 2014. Now, after cyber attacks on companies such as Anthem Inc. and Sony Pictures Entertainment Inc., the White House wants to get in on the action.
In a press conference last month, the White House announced it was creating a new office to review cyber threats against the United States and companies with U.S. consumer information that will coordinate between the various intelligence agencies already involved with cyber security. On February 25,the President “directed the Director of National Intelligence to establish what will be known as the cyber Threat Intelligence Integration Center (CTIIC).” The White House explained that the new agency will use the “whole-of-government” to combat cyber security threats by using information from all the different agencies currently involved in combating foreign and domestic cyber threats so that the information is more effectively communicated and used to protect U.S. interests. It will work closely with all departments performing cyber security functions and “be a critical participant in the interagency Cyber Response Group.” The goal of the new agency is to better identify new cyber threats by using the power of intelligence from multiple agencies to protect United States interests and citizens at home and abroad.
Although the White House claims that the new agency will protect private information and civil liberties in line with applicable law, and Executive Orders, Presidential directives, and guidelines, the Wall Street Journal reported that some experts are concerned that privacy and civil liberties are at risk with the creation of this new agency because the privacy protections are still unknown. In addition, although the White House’s press release on Wednesday indicated that the CTIIC would not seek to use private companies to help it carry out its mission, White House aide Lisa Monaco, who announced the creation of the new entity earlier this month, made a specific plea to businesses to provide the agency with any information they have regarding potential cyber threats: “We want this flow of information to go both ways. The private sector has vital information we don’t always get unless they share it with us.”
The White House’s new agency aims to coordinate across government and private entities to create as much information sharing as possible, but after the White House was caught siphoning off data from private companies for its own use in 2013, it may have to win back those companies’ trust before it can expect any cooperation. That said, if companies want the help of the U.S. government to stop the onslaught of cyber attacks, they may not have a choice.