Details emerge about President's Cyber Plan 11/21/08 By Wyatt Kash http://www.gcn.com/online/vol1_no1/47639-1.html?topic=Communications_Networking&CMP=OTC-RSS
A new layer of details surrounding President Bush's Comprehensive National Cyber Security Initiative emerged from a speech delivered by a senior federal official in Washington yesterday. Steven Chabinksy, deputy director for the Joint Interagency Cyber Task Force, Office of the Director of National Intelligence, shed new light on 12 core initiatives that are part of the president's cyber security plan. Much of the security plan, introduced last January under National Security Presidential Directive 54/Homeland Security Presidential Directive 23, has remained classified. And only limited amounts of information about the initiative have been made public. Reciting concerns that new vulnerabilities, strong adversaries, and weak situational awareness were resulting in "untrusted systems," Chabinsky outlined the objectives and rationale behind 12 "discreet initiatives" in the CNCI plan: 1. Move towards managing a single federal enterprise network. The cornerstone to this effort is the Trusted Internet Connections program, initiated by the Office of Management and Budget in November 2007 that aims to reduce the number of connections from federal agencies to external computer networks to 100 or fewer, from more than 4,300 connections identified in January of this year. But it would also rely heavily on Federal Desktop Core Configuration standards, initiated by OMB, which prescribe specific requirements to access and use federal networks. 2. Deploy intrinsic detection systems. These systems would build on current software tools—notably a program called Einstein, and an enhanced version called Einstein 2, developed by the Department of Homeland Security. These tools monitor and identify information streams at network access points, but currently lack the ability to do more than report potential problems. 3. Develop and deploy intrusion prevention tools. DHS teams are now working on the development of Einstein 3, which would be designed to block and mitigate malicious patterns in the code surrounding information in transit, before they can do harm on federal networks. 4. Review and potentially redirect research and funding. Efforts are underway to take stock of cyber research and related programs and to look for overlaps and gaps, in order to channel resources more effectively. 5. Connect current government cyber operation centers. In particular, increase the effectiveness these centers by standardizing operating procedures and improving shared awareness of threats. 6. Develop a government-wide cyber intelligence plan. Because several civilian, intelligence and defense agencies have varying responsibilities to address cyber threats, the government has had a difficult time crafting a single, coherent approach. 7. Increase the security of classified networks. The escalating volume of attacks, and the increasing penetration into supposedly secure networks makes it imperative that work be done to further security classified networks and the information on them. 8. Expand cyber education. There is a significant need for creating a career pipeline to train cyber security experts—with offensive as well as defensive skills--and to institutionalize the knowledge surrounding security threats. Cyber education needs to include developing a broader base of candidates with scientific knowledge and a cyber-savvy workforce, as well as network specialists who can work in law enforcement, military, homeland security, health and other specialty areas. 9. Define enduring leap-ahead technologies. The government needs to provide direction for "game-changing" technologies that would provide a more stable environment and supplant some of the fundamental design of existing technologies--and the current patchwork approach to fixing them. 10. Define enduring deterrent technologies and programs. The government has an opportunity to tap broader groups of scientists, strategists and policy makers – similar to the way it did a half-century ago in crafting a nuclear weapons deterrent strategy—to develop new and lasting approaches to address cyber threats in this century. 11. Develop multi-pronged approaches to supply chain risk management. The reality of global supply chains presents significant challenges in thwarting counterfeit--or maliciously designed—hardware and software products which must be addressed. 12. Define the role of cyber security in private sector domains. Experts agree, the government must do more to get its cyber security house in order. But with so much of the nation's infrastructure in the hands of the private sector, more must be done to quantify the financial and economic risks associated with cyber security threats in order to provide better investment direction. Chabinsky said these initiatives represented an integrated portfolio that was unique—"it's the first attempt to implement a totality approach" to improve the nation's cyber security posture, he said. He noted that these initiatives were intended to support four broad goals: Establish the front lines of defense capabilities to manage a single federal enterprise network; Defend against a full spectrum of threats. Shape the future environment, through research and education, to define new technologies and deterrent strategies to protect the nation's infrastructure. Develop tools to enable key departments and agencies neutralize, mitigate, and disrupt domestic illegal computer activity; increase information assurance; increase strategic analysis of intrusion activities and threats; and monitor and coordinate the implementation of the CNCI. Chabinsky spoke at a information technology security conference produced by 1105 Government Information Group. _______________________________________________ Infowarrior mailing list [email protected] https://attrition.org/mailman/listinfo/infowarrior
