RSA: US Cybersecurity Plan Declassified

At the RSA Conference, White House Cyber-Security Coordinator Howard Schmidt announced that an unclassified version of the Obama administration’s “Comprehensive National Cybersecurity Initiative” is now available online

The White House has made an unclassified version of a document describing the Obama administration’s Comprehensive National Cybersecurity Initiative (CNCI) available online.

The announcement was made on 2 March at the RSA Conference in San Francisco by recently appointed White House Cyber-Security Coordinator Howard Schmidt. In addition to describing the CNCI, the document also outlines 12 smaller initiatives for improving the nation’s security posture.

Here are the 12 elements of the CNCI as laid out in the document, which can be viewed here where they are described in greater detail:
•    Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections.
•    Deploy an intrusion detection system of sensors across the federal enterprise.
•    Pursue deployment of intrusion prevention systems across the federal enterprise.
•    Coordinate and redirect research and development efforts.
•    Connect current cyber ops centers to enhance situational awareness.
•    Develop and implement a governmentwide cyber-counterintelligence (CI) plan.
•    Increase the security of classified networks.
•    Expand cyber-education.
•    Define and develop enduring “leap-ahead” technology, strategies and programs.
•    Define and develop enduring deterrence strategies and programs.
•    Develop a multipronged approach for global supply chain risk management.
•    Define the federal role for extending cyber-security into critical infrastructure domains.

According to the document, the activities under way to implement the recommendations of the Cyberspace Policy Review build on the Comprehensive National Cybersecurity Initiative launched by former President George W. Bush in January 2008.

“President Obama determined that the CNCI and its associated activities should evolve to become key elements of a broader, updated national U.S. cybersecurity strategy,” the document reads. “These CNCI initiatives will play a key role in supporting the achievement of many of the key recommendations of President Obama’s Cyberspace Policy Review.”

Each of the goals, Schmidt explained, forms an important component of the government’s cyber-security efforts. “Transparency and partnerships are concepts that have to go hand in hand,” he told the audience. “We can’t ask industry to help the government, [and] the government can’t offer to help industry unless we have that transparency. So we believe this is particularly important in areas such as the CNCI, where there have been legitimate questions about sensitive topics and the role of the intelligence community in cyber-security, and how they can help us while still preserving civil liberties.

“In order to be successful against today’s cyber-security threats, we must continue to seek out new and innovative partnerships,” he continued, adding, “Our collective knowledge and our experience are probably the most powerful tool that we have.

“We’re not going to wind up beating our adversaries because they’re weak. … We’ll beat them because we will become stronger,” he said.

A clip of the speech can be seen here on ZDNet.com