US creates new cyber security agency

The US White House has created a new intelligence unit to coordinate analysis of cyberthreats, modeled on similar US government efforts to fight terrorism.

Lisa Monaco, President Barack Obama's homeland security and counterterrorism adviser, said the new agency will rapidly pool and disseminate data on IT breaches to US agencies.

"Currently, no single government entity is responsible for producing coordinated cyber threat assessments" and sharing the information rapidly, Monaco said today.

The new agency, the Cyber Threat Intelligence Integration Centre, "is intended to fill these gaps," she said.

Obama has moved cybersecurity to the top of his 2015 agenda after recent hacking attacks against Sony, Home Depot, Anthem and Target as well as the federal government itself.

US officials have described the Sony attack as particularly worrying because hackers stole data, debilitated computers and pressured the studio to halt release of a satirical film about North Korean leader Kim Jong-un. The FBI took the unusual step of publicly accusing North Korea of being behind the cyberattack.

Obama will host a "cyber summit" with industry and government leaders at Stanford University in California on Friday.

Industry executives lauded Obama's increased focus on cybersecurity, but some questioned whether a new government agency is the answer, and whether it should be part of the secretive US intelligence community.

Responsibility for cybersecurity is already spread across the US government, including the National Security Agency, Department of Homeland Security, FBI, and the US military's Cyber Command.

"Is this going to be effective? Is it another reorg(anisation)?" said Amit Yoran, president of security firm RSA.

Still, Yoran said, the series of high-profile attacks showed that change was needed. "We aren't getting the cyber job done," he said.

"I do think it is redundant," said Tom Kellermann, chief cybersecurity officer at Trend Micro.

"You don't necessarily need a new centre," he said, noting the existence of a similar Homeland Security unit that shares cyberthreat information with the private sector.

Monaco rejected the criticism. She said the new unit, which is expected to be relatively small, will not overlap existing agencies that have operations that investigate and disrupt cyberattacks. Instead it will rapidly feed them timely intelligence.

"This is filling a critical gap," she said.

Monaco renewed a White House plea for Congress to pass legislation encouraging companies to share data from cyber attacks with the government and with each other.

Past efforts were stymied by liability issues and privacy concerns. Last month, Obama proposed legislation to strike a balance, offering liability protection to companies that provide information in near real time to the government, while requiring them to delete personal data.