Details emerge about President's Cyber Plan

A new layer of details surrounding President Bush's
Comprehensive National Cyber Security Initiative emerged from a
speech delivered by a senior federal official in Washington
yesterday.

Steven Chabinksy, deputy director for the Joint Interagency
Cyber Task Force, Office of the Director of National Intelligence,
shed new light on 12 core initiatives that are part of the
president's cyber security plan. Much of the security plan,
introduced last January under National Security Presidential
Directive 54/Homeland Security Presidential Directive 23, has
remained classified. And only limited amounts of information about
the initiative have been made public.

Reciting concerns that new vulnerabilities, strong adversaries,
and weak situational awareness were resulting in 'untrusted
systems,' Chabinsky outlined the objectives and rationale
behind 12 'discreet initiatives' in the CNCI plan:

1. Move towards managing a single federal enterprise
network. The cornerstone to this effort is the Trusted Internet
Connections program, initiated by the Office of Management and
Budget in November 2007 that aims to reduce the number of
connections from federal agencies to external computer networks to
100 or fewer, from more than 4,300 connections identified in
January of this year. But it would also rely heavily on Federal
Desktop Core Configuration standards, initiated by OMB, which
prescribe specific requirements to access and use federal
networks.

2. Deploy intrinsic detection systems. These systems
would build on current software tools'notably a program
called Einstein, and an enhanced version called Einstein 2,
developed by the Department of Homeland Security. These tools
monitor and identify information streams at network access points,
but currently lack the ability to do more than report potential
problems.

3. Develop and deploy intrusion prevention tools. DHS
teams are now working on the development of Einstein 3, which would
be designed to block and mitigate malicious patterns in the code
surrounding information in transit, before they can do harm on
federal networks.

4. Review and potentially redirect research and funding.
Efforts are underway to take stock of cyber research and related
programs and to look for overlaps and gaps, in order to channel
resources more effectively.

5. Connect current government cyber operation centers. In
particular, increase the effectiveness these centers by
standardizing operating procedures and improving shared awareness
of threats.

6. Develop a government-wide cyber intelligence plan.
Because several civilian, intelligence and defense agencies have
varying responsibilities to address cyber threats, the government
has had a difficult time crafting a single, coherent approach.

7. Increase the security of classified networks. The
escalating volume of attacks, and the increasing penetration into
supposedly secure networks makes it imperative that work be done to
further security classified networks and the information on
them.

8. Expand cyber education. There is a significant need
for creating a career pipeline to train cyber security
experts'with offensive as well as defensive skills--and to
institutionalize the knowledge surrounding security threats. Cyber
education needs to include developing a broader base of candidates
with scientific knowledge and a cyber-savvy workforce, as well as
network specialists who can work in law enforcement, military,
homeland security, health and other specialty areas.

9. Define enduring leap-ahead
technologies. The government needs to provide direction for
'game-changing' technologies that would provide a more
stable environment and supplant some of the fundamental design of
existing technologies--and the current patchwork approach to fixing
them.

10. Define enduring deterrent technologies and programs.
The government has an opportunity to tap broader groups of
scientists, strategists and policy makers ' similar to the
way it did a half-century ago in crafting a nuclear weapons
deterrent strategy'to develop new and lasting approaches to
address cyber threats in this century.

11. Develop multi-pronged approaches to supply chain risk
management. The reality of global supply chains presents
significant challenges in thwarting counterfeit--or maliciously
designed'hardware and software products which must be
addressed.

12. Define the role of cyber security in private sector
domains. Experts agree, the government must do more to get its
cyber security house in order. But with so much of the
nation's infrastructure in the hands of the private sector,
more must be done to quantify the financial and economic risks
associated with cyber security threats in order to provide better
investment direction.

Chabinsky said these initiatives represented
an integrated portfolio that was unique''it's the
first attempt to implement a totality approach' to improve
the nation's cyber security posture, he said. He noted that
these initiatives were intended to support four broad goals:

• Establish the front lines of defense capabilities to manage a
  single federal enterprise network;


• Defend against a full spectrum of threats.


• Shape the future environment, through research and education,
  to define new technologies and deterrent strategies to protect the
  nation's infrastructure.


• Develop tools to enable key departments and agencies
  neutralize, mitigate, and disrupt domestic illegal computer
  activity; increase information assurance; increase strategic
  analysis of intrusion activities and threats; and monitor and
  coordinate the implementation of the CNCI.

Chabinsky spoke at a information technology security conference produced by 1105 Government Information Group.