Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Trump Issues Threat Sharing Directive to Intelligence Community

President Trump issued a memorandum on Oct. 5 requiring the intelligence community to establish an inter-agency information sharing network. Agency heads are required to submit a plan within 270 days. Missing from the memorandum is any mention of existing projects such as the Cyber Threat Intelligence Center (CTIC) or the Intelligence Community IT Enterprise (IC ITE, pronounced ‘eyesight’).

President Trump issued a memorandum on Oct. 5 requiring the intelligence community to establish an inter-agency information sharing network. Agency heads are required to submit a plan within 270 days. Missing from the memorandum is any mention of existing projects such as the Cyber Threat Intelligence Center (CTIC) or the Intelligence Community IT Enterprise (IC ITE, pronounced ‘eyesight’).

Inter-agency information sharing has been a pressing issue and problem since 9/11 when it was suggested that different agencies had partial information about the terrorist plot, but there was no way to ‘connect the dots’ and see the overall picture. Since then there have been numerous initiatives to improve information sharing — such as the Cybersecurity Information Sharing Act (CISA) and the CTIC and IC ITE projects.

IC ITE is a long-term intelligence community initiative to provide what this new memorandum seems to require. The current strategy document, produced by the Office of the Director of National Intelligence (at that time, James Clapper) states (PDF): “The IC ITE represents a strategic shift from agency-centric information technology (IT) to a common enterprise platform where the Intelligence Community (IC) can easily and securely share technology, information, and capabilities across the Community.” However, the timeframe covered by this document is 2016 to 2020 — and it may be that the new Trump memorandum is seeking to speed the process.

Trump has been a critic of the intelligence community since before his election. It is not clear whether this memorandum is designed to replace the existing projects or merely to hasten their completion. Memoranda are used by presidents in a manner similar to executive orders, and place a similar legal requirement on government agencies. They have been described as ‘an executive order by another name’.

The gist of the memorandum is that the intelligence community must establish a ‘threat actor’ information sharing architecture under guidance from NIST, and present their plan to the president within 270 days. “The Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, in coordination with the Secretary of State, the Secretary of the Treasury, and the Secretary of Energy, shall, through the Assistant to the President for Homeland Security and Counterterrorism, submit to the President a plan to implement this memorandum.”

There is no indication on how the threat sharing is to be implemented; and of course no guarantee that the president will accept the plans. There is, however, a strong concentration on the need to share personal information of potential threat actors. “National security threat actor information,” states the memorandum, “comprises identity attributes and associated information about individuals, organizations, groups, or networks assessed to be a threat to the safety, security, or national interests of the United States that fall into one or more of the categories listed in the annex to this memorandum.”

‘Identity attributes’ are then defined as “Information (including biometric and biographic data) that can be used independently or in combination with other data to identify a specific individual.”

Advertisement. Scroll to continue reading.

It is the lack of detail that is most worrying. The devil is always in the detail, comments Christopher Bray, SVP at Cylance Inc. The big question, he suggests, is how this can be translated into policy while respecting applicable laws, civil liberties and individual privacy. “These are extremely important questions that need to be crisply defined and addressed within established legal and constitutional frameworks,” he told SecurityWeek. “You only need to think about the clumsy implementation of the ‘no fly list’ and the examples of completely innocent people arbitrarily getting placed on it in error — with lack of a clear process for recourse or getting removed, to see what a minefield this could become if not thought through well.”  Will this be implemented into anything meaningful at all, he wonders, or just become ‘policy shelf-ware’ that someone can point to later as having ‘done something’.

Nathan Wenzler, chief security strategist at AsTech, sees nothing that addresses the long-standing problems for information sharing. “The challenge previously is that each of the agencies involved tends to collect information that is very specific to their purposes and it is in that specificity that there is fear that others who possess the data will be able to discern how that data was obtained and collected. This has caused many in the intelligence community to fear the compromise of those data gathering sources, whether human or technological, and has made previous efforts to integrate and share such data nearly impossible.”

Like Bray, he is also concerned about the privacy impact of the memorandum. “The potential for compromise to intelligence sources, the vast privacy concerns that will exist should any U.S. citizen wrongly be targeted in these profiling efforts, and the fact that effectively locating multiple copies of the same data sets in different places means that cyber attackers have more potential targets in which to steal this information means this memorandum creates far more questions than it begins to answer.”

Ross Rustici, senior director, intelligence services at Cybereason, wonders if the memorandum is designed to increase the capability of the CTIC, “which was stood up in the twilight of Obama’s administration. The idea behind the CTIC,” he told SecurityWeek, “was to create a new cyber threat center for cyber. However, because the initial operating capacity was being built as the administration was packing up it never got the full capability or support necessary to be effective.”

However, he also suggests that the memorandum is indicative of the slow progress made to date. It “shows how little the creation of the Director of National Intelligence and the 9/11 Commission has impacted business as usual in the intelligence community. In addition, the focus on ‘threat actors and their networks’ speaks to something beyond sharing data for defending networks. This directive is about increasing the intelligence community’s ability to share all the dots they already have to connect them better.”

Related: Industry Reactions to Trump’s Cybersecurity Executive Order 

Related: Is the Trump Administration Serious About Cybersecurity? 

Related: U.S. Intelligence Chief James Clapper Resigns 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...