[Infowarrior] - Details emerge about President's Cyber Plan

[Richard Forno]

Details emerge about President's Cyber Plan
11/21/08
By Wyatt Kash
http://www.gcn.com/online/vol1_no1/47639-1.html?topic=Communications_Networking&CMP=OTC-RSS

A new layer of details surrounding President Bush's Comprehensive
National Cyber Security Initiative emerged from a speech delivered by
a senior federal official in Washington yesterday.

Steven Chabinksy, deputy director for the Joint Interagency Cyber Task
Force, Office of the Director of National Intelligence, shed new light
on 12 core initiatives that are part of the president's cyber security
plan. Much of the security plan, introduced last January under
National Security Presidential Directive 54/Homeland Security
Presidential Directive 23, has remained classified. And only limited
amounts of information about the initiative have been made public.

Reciting concerns that new vulnerabilities, strong adversaries, and
weak situational awareness were resulting in "untrusted systems,"
Chabinsky outlined the objectives and rationale behind 12 "discreet
initiatives" in the CNCI plan:

1. Move towards managing a single federal enterprise network. The
cornerstone to this effort is the Trusted Internet Connections
program, initiated by the Office of Management and Budget in November
2007 that aims to reduce the number of connections from federal
agencies to external computer networks to 100 or fewer, from more than
4,300 connections identified in January of this year. But it would
also rely heavily on Federal Desktop Core Configuration standards,
initiated by OMB, which prescribe specific requirements to access and
use federal networks.

2. Deploy intrinsic detection systems. These systems would build on
current software tools—notably a program called Einstein, and an
enhanced version called Einstein 2, developed by the Department of
Homeland Security. These tools monitor and identify information
streams at network access points, but currently lack the ability to do
more than report potential problems.

3. Develop and deploy intrusion prevention tools. DHS teams are now
working on the development of Einstein 3, which would be designed to
block and mitigate malicious patterns in the code surrounding
information in transit, before they can do harm on federal networks.

4. Review and potentially redirect research and funding. Efforts are
underway to take stock of cyber research and related programs and to
look for overlaps and gaps, in order to channel resources more
effectively.

5. Connect current government cyber operation centers. In particular,
increase the effectiveness these centers by standardizing operating
procedures and improving shared awareness of threats.

6. Develop a government-wide cyber intelligence plan. Because several
civilian, intelligence and defense agencies have varying
responsibilities to address cyber threats, the government has had a
difficult time crafting a single, coherent approach.

7. Increase the security of classified networks. The escalating volume
of attacks, and the increasing penetration into supposedly secure
networks makes it imperative that work be done to further security
classified networks and the information on them.

8. Expand cyber education. There is a significant need for creating a
career pipeline to train cyber security experts—with offensive as well
as defensive skills--and to institutionalize the knowledge surrounding
security threats. Cyber education needs to include developing a
broader base of candidates with scientific knowledge and a cyber-savvy
workforce, as well as network specialists who can work in law
enforcement, military, homeland security, health and other specialty
areas.

9. Define enduring leap-ahead technologies. The government needs to
provide direction for "game-changing" technologies that would provide
a more stable environment and supplant some of the fundamental design
of existing technologies--and the current patchwork approach to fixing
them.

10. Define enduring deterrent technologies and programs. The
government has an opportunity to tap broader groups of scientists,
strategists and policy makers – similar to the way it did a
half-century ago in crafting a nuclear weapons deterrent strategy—to
develop new and lasting approaches to address cyber threats in this
century.

11. Develop multi-pronged approaches to supply chain risk management.
The reality of global supply chains presents significant challenges in
thwarting counterfeit--or maliciously designed—hardware and software
products which must be addressed.

12. Define the role of cyber security in private sector domains.
Experts agree, the government must do more to get its cyber security
house in order. But with so much of the nation's infrastructure in the
hands of the private sector, more must be done to quantify the
financial and economic risks associated with cyber security threats in
order to provide better investment direction.

Chabinsky said these initiatives represented an integrated portfolio
that was unique—"it's the first attempt to implement a totality
approach" to improve the nation's cyber security posture, he said. He
noted that these initiatives were intended to support four broad
goals:

Establish the front lines of defense capabilities to manage a single
federal enterprise network;
Defend against a full spectrum of threats.
Shape the future environment, through research and education, to
define new technologies and deterrent strategies to protect the
nation's infrastructure.
Develop tools to enable key departments and agencies neutralize,
mitigate, and disrupt domestic illegal computer activity; increase
information assurance; increase strategic analysis of intrusion
activities and threats; and monitor and coordinate the implementation
of the CNCI.

Chabinsky spoke at a information technology security conference
produced by 1105 Government Information Group.