The CIA late last year raised the status of its elite cyber espionage division, providing it more resources to analyze and disrupt digital threats, as well as amp up the agency’s own technological innovation efforts.

The Center for Cyber Intelligence, which had resided within the CIA's Directorate of Digital Innovation since 2015, was promoted to a full-fledged mission center last October by Director John Ratcliffe as part of an internal reorganization. 

Ratcliffe elevated the center to “strengthen the Agency’s cyber operations in support of the president’s priorities,” Liz Lyons, a CIA spokeswoman, said in a statement.

The change “enhances CIA’s ability to deliver the best intelligence on foreign cyber threats to policymakers, ensure that no target is beyond the reach of our capabilities, and drive continued improvement of cyber tradecraft,” according to Lyons.

Meanwhile, the Transnational and Technology Mission Center, which was created during the Biden administration and sought to identify new technologies that could be utilized by the agency to help gather intelligence saw its functions folded into other offices performing similar work.

The CIA has informed Congress of the changes and the agency is working to update its official public web site. There was no immediate public announcement of the moves last fall, possibly owing to the prolonged government shutdown.

“A director elevates an organization to a mission center, either because something is so self-evidently important, or because the director determines, ‘No, this is a huge strategic priority for us,’” a former U.S. intelligence official told Recorded Future News, noting Ratcliffe previously created a hub to boost the administration’s fight against drug trafficking and cartel networks.

A key result of the promotion is that the center’s leadership, which traditionally is not publicly disclosed, now reports directly to Ratcliffe. It also grants the agency’s cyber mission priority access to resources and staffing.

“It is a big deal,” according to a former Trump administration official, who like others interviewed, spoke on the condition of anonymity. “It allows them to get some more money, allows them to be more of a player at the table.”

The designation reflects a broader policy across the Trump administration’s national security team to be more combative in cyberspace. The White House last month released its National Cyber Strategy that spelled out, in blunt terms, the administration’s desire to “deploy the full suite of U.S. government defensive and offensive cyber operations” against foreign adversaries and “raise the costs for their aggression.”

It also aligns with Ratcliffe’s vision to unshackle the spy agency. In his confirmation hearing last year, he promised he would make the CIA less averse to risk, including in cyberspace due to the increasing significance of foreign threats.

“The deterrent effect has to be that there are consequences to our adversaries when they” digitally assault the U.S., he said. 

“One of the things that I hope to do … is to work on the development of the types of tools that will be effective in allowing us to do those things,” Ratcliffe added. “The deployment of those capabilities, of course, would be a policy decision for others to make, but I would like to make sure that we have all of the tools necessary to go on offense against our adversaries in a cyber means.”

The center, which a former CIA official described as a “huge outfit with a huge budget,” would make sense to be the nexus for such activity. It is the agency’s mission manager for cyber, including strategic analysis and operations and all the technology that goes into espionage.

It is also known in the clandestine community for bespoke hacking that can, although not exclusively, require recruiting an asset or sending an officer into a perilous environment in order to gain access.

The largest public window into its activities came in 2017, when WikiLeaks published a data trove, dubbed “Vault 7,” that contained extensive documentation of secret CIA spying operations and hacking tools. The file exposed agency capabilities like unpatched iOS and Android vulnerabilities, bugs in Microsoft Windows and the ability to turn Samsung smart televisions into listening devices.

An agency software engineer, Joshua Schulte, was charged and eventually sentenced over the leak. Prosecutors said he worked within the CCI and had exfiltrated the classified tools.

The former CIA official said it is “fairly easy for them to flip that switch at the agency” to become more tenacious in the digital realm.

“The big question is going to be what happens when another organization, like U.S. Cyber Command, also wants to be more aggressive?” they speculated. “If they really are going to use cyber operations as a deterrent, that’s not going to be the CIA. That’s going to be the Pentagon.”