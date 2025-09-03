Skip to content
Search

Latest Stories

NatSecEdge
cipherbrief

Welcome! Log in to stay connected and make the most of your experience.

Input clean

Cutting Cyber Intelligence Undermines National Security

Rear Adm. (Ret.) Mark MontgomeryIntelligenceTech/Cyber
Sophie McDowall
By Sophie McDowall
Research Associate, Center on Cyber and Technology Innovation, Foundation for Defense of Democracies
Sophie McDowall is a research associate at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, focusing on the cybersecurity of critical infrastructure, federal cybersecurity policy, emerging technologies, and influence operations. Sophie holds a B.S. in foreign service from Georgetown University and is pursuing her M.S. in data science and analytics.
Rear Adm. (Ret.) Mark Montgomery
By Rear Adm. (Ret.) Mark Montgomery
Senior Director at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies
Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies. He directs CSC 2.0, which works to implement the recommendations of the Cyberspace Solarium Commission.  Montgomery is a principal member of the Cyber Initiatives Group.

OPINION — America’s cyber intelligence capabilities are being eviscerated while the threats to national security emanating from cyber space are increasing. The latest cuts to the cyber capabilities within the Office of the Director of National Intelligence (ODNI) further undermine America’s ability to protect itself against the adversaries that use cyberspace to put American’s security at risk.

Russia, China, and Iran are targeting the United States through cyber means, attacking communications, energy, transportation, and water systems — putting the ability of Americans to access critical services at risk, not to mention raising questions about the Pentagon’s ability to quickly mobilize and transport military forces. And yet, since January, the executive branch has gutted critical defensive cyber and counter malign influence operations efforts across the government.

ODNI assets are now on the chopping block, with a plan to slash the intelligence processing and information sharing services that enable critical cyber capabilities and resiliency across public and private sectors. Last week, as part of an “ODNI 2.0” plan to “eliminate redundant missions, functions and personnel” Director of National Intelligence Tulsi Gabbard announced a downsizing of her staff by more than 40 percent by this October, including the termination of entire offices that are critical for coordination of cybersecurity intelligence.

Created after the September 11, 2001, attacks revealed what happens when intelligence is siloed across disparate agencies, ODNI is supposed to serve as the critical hub for coordination across the many agencies of the intelligence community, synthesizing and enriching the information. While the totality of ODNI 2.0 purports to save Americans $700 million annually, in the cyber realm, it threatens to send the nation back to pre-9/11 dysfunction.

The Cyber Initiatives Group Fall Summit on Wednesday, September 17 from 12p – 3p is convening experts to engage on the most pressing cybersecurity risks. Save your virtual seat now.

Specifically, the plan eliminates the Cyber Threat Intelligence Integration Center (CTIIC). In addition to collating America’s exquisite intelligence, CTIIC ensures all intelligence bodies and civilian federal agencies had access to commercial threat intelligence. Rather than each federal agency separately purchasing commercial information, CTIIC’s Sentinel Horizon program negotiated a single contract, efficiently and cost-effectively ensuring all federal agencies had access to timely threat information and analysis.

CTIIC also disseminates government cyber intelligence to the private sector, which owns and operates the vast majority of U.S. critical infrastructure. CTIIC serves as the “focal integration point” between federal cyber intelligence and industry partners who are defending America’s most critical systems against nation-state threats — connecting and disseminating information in real time not only across federal agencies but also to the private sector.

Through its CI3 initiative, for example, the CTIIC brought together the intelligence community and other government threat experts to provide actionable, classified cyber threat intelligence briefings to critical infrastructure owners and operators. Occurring monthly, these briefings were providers’ lifeline to federally monitored cyber threat information, enhancing situational awareness and increasing collaboration between on-the-ground providers and the intelligence community. The initiative’s goal is to take “all the great information we have in the IC [intelligence community] and get it out to those people who need it on a day-to-day basis,” says Lauren Goldman, CTIIC’s former head of analysis and analytic integration, who left the agency earlier this year.

At the very least, these programs will be scaled back if not terminated with the impending closure of CTIIC. The center was already operating with reduced expertise with the departure of three of its most senior leaders earlier this year.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

Five years ago, even before these latest successes in building public-private intelligence sharing, the Cyberspace Solarium Commission recognized the important role CTIIC plays in ensuring the government understands cyber threats and “providing analysis and coordination necessary for rapid and accurate attribution.” The congressionally mandated commission called on Congress to codify CTIIC in law and appropriate more funding to support its efforts. While doing the latter, Congress failed to codify the center, meaning lawmakers have fewer avenues to adjust Gabbard’s plan.

Gabbard is also closing the Foreign Malign Influence Center (FMIC). While CTIIC focuses on cyber-specific intelligence integration, FMIC synthesizes intelligence related to both cyber and non-cyber efforts by foreign actors to influence the perspectives of the American public. FMIC played a critical role in uncovering online influence operations against the United States from Iranian, Russian, and Chinese threats throughout the 2024 election cycle. It worked with the FBI and the Cybersecurity and Infrastructure Security Agency to release regular public updates debunking malign content circulated by adversaries. The director falsely equates FMIC’s work with censorship of American citizens. Instead, cuts to the center will reduce Washington’s ability to protect American citizens from the state-sponsored influence operations running rampant on the internet.

The ODNI was created to integrate and make sense of the massive amounts of threat information gathered by the U.S. intelligence community. There is no doubt value in some of the “ODNI 2.0” effort, but gutting the national cyber threat and foreign malign influence integration efforts is not where the savings should be harvested. America’s nation-state adversaries are moving into these mission areas; our intelligence community should not be moving out.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Rear Adm. (Ret.) Mark MontgomeryIntelligenceTech/Cyber
intelligencecybersecurityodnicyber

The Latest

The Math of Moscow’s War: Five Thousand Kilometers, One Million Dead and Wounded

Walter Pincus

The Math of Moscow’s War: Five Thousand Kilometers, One Million Dead and Wounded

OPINION -- “Since January 2024, Russian forces have seized approximately 5,000 square kilometers [1,931 square miles] of additional Ukrainian [...] More

RussiaUkraineWalter PincusEurope

The Cybersecurity Law that’s Quietly Keeping America Safe is About to Expire

Cynthia Kaiser

The Cybersecurity Law that’s Quietly Keeping America Safe is About to Expire

OPINION / EXPERT PERSPECTIVE — The clock is ticking toward September 30, 2025, when one of America's most vital cybersecurity protections will expire [...] More

Tech/Cyber

Ex-NATO Commander Warns Western Inaction Built “Sanctuary” for Russia

General Philip M. Breedlove

Ex-NATO Commander Warns Western Inaction Built “Sanctuary” for Russia

EXPERT Q&A — Russia’s massive drone attack overnight on six Ukrainian regions, which hit energy and gas transport infrastructure and cut off power to [...] More

RussiaChinaUkraineMiddle EastEuropeAsia
Dead Drop
NatSecEdge
Save Your Seat

Related Articles

Expert Q&A: Undersea Cables Under Attack, from Outside and Within

Rear Adm. (Ret.) Mike Studeman

Expert Q&A: Undersea Cables Under Attack, from Outside and Within

EXPERT Q&A — Reports of damage to undersea cables across the world are on the rise, with suspected foul play in many of these incidents. These cables [...] More

ChinaIntelligenceTech/CyberRear Adm. (Ret.) Mike StudemanAsia
Here’s How Russia’s Covert War Could Undermine its Own Goals

Here’s How Russia’s Covert War Could Undermine its Own Goals

EXPERT PERSPECTIVE / OPINION — The July 2025 sanctioning and indictment by the United Kingdom of three units and 18 individuals affiliated with the [...] More

RussiaEuropeIntelligence

Expert Q&A: The Silent Chinese Spy Threat Under the Waves

Beth Sanner

Expert Q&A: The Silent Chinese Spy Threat Under the Waves

EXPERT Q&A — There is increasing focus on the vulnerability of undersea cables — a critical infrastructure which is key to much of global [...] More

ChinaTech/CyberBeth SannerAsia

I Sat Across the Table from China’s Spies. Here’s How They Operate in Fragile States

Masoud Andarabi

I Sat Across the Table from China’s Spies. Here’s How They Operate in Fragile States

OPINION — In 2016, I sat across the table from China’s Director of Operations for the Ministry of State Security (MSS). Their visit to Kabul was [...] More

ChinaAfghanistanIntelligenceAsia
Are Undersea Cables a “Backdoor for Espionage” Against the U.S.?

Are Undersea Cables a “Backdoor for Espionage” Against the U.S.?

CIPHER BRIEF REPORTING — The Federal Communications Commission (FCC) and members of Congress are warning that China may be engaged in underwater [...] More

ChinaIntelligenceTech/CyberAsia

When Truths Are Classified and Falsehoods Are Free

Mark Kelton

When Truths Are Classified and Falsehoods Are Free

OPINION -- What happens when an intelligence officer who has sworn to protect classified information can’t refute an erroneous news report or a [...] More

Intelligence