Homeland Security Watch

News and analysis of critical issues in homeland security

March 5, 2010

Cybersecurity – Front and Center

Filed under: Cybersecurity — by Jessica Herrera-Flanigan on March 5, 2010

In my post on Monday, I wrote about this week’s big conferences relating to homeland security – the RSA Conference in San Francisco (Geeks) and the ABA Homeland Security Institute in DC (Lawyers).  I suggested that folks “stay tuned to any announcements or surprises that might come from” the conferences.

RSA has not disappointed, with a number of announcements and declarations coming out of the conference.  The biggest revelation was that the White House was, as many had been expecting for the last several months, declassifying information on the Comprehensive National Cybersecurity Initiative (CNCI).

The CNCI was initiated in January 2008 in NSPD 54/HSPD 23, a classified document that left many, even before its release, asking questions about the role of the intelligence agencies in the government’s cybersecurity plans.  Siobhan Gorman, then of the Baltimore Sun, did a great job in late 2007 covering the effort.

While the the HSPD 54/HSPD 23 has not itself been declassified, the President did release a five page summary of the CNCI this week, the first official document to describe the classified directive, which can be found on the White House’s website.

The summary notes the twelve initiative within the Initiative:

Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections

Initiative #2. Deploy an intrusion detection system of sensors across the Federal enterprise.

Initiative #3. Pursue deployment of intrusion prevention systems across the Federal enterprise.

Initiative #4: Coordinate and redirect research and development (R&D) efforts.

Initiative #5. Connect current cyber ops centers to enhance situational awareness.

Initiative #6. Develop and implement a government-wide cyber counterintelligence (CI) plan.

Initiative #7. Increase the security of our classified networks.

Initiative #8. Expand cyber education.

Initiative #9. Define and develop enduring “leap-ahead” technology, strategies, and programs.

Initiative #10. Define and develop enduring deterrence strategies and programs.

Initiative #11. Develop a multi-pronged approach for global supply chain risk management.

Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains.

In announcing the declassification, White House Cybersecurity Coordinator Howard Schmidt said “partnerships and transparency are concepts that have to go hand in hand” in the protection of the nation’s critical computer networks.

The declassification has come with mixed reviews. Many privacy advocates still would like to see the original NSPD/HSPD declassified, especially parts dealing with cyber offense capabilities.  The Washington Post also reported and Schmidt acknowledged that there remain a number of legal questions to be answered about parts of the initiative.  Personally, I believe that the declassification of information on the CNCI is an important first step that allows the private sector and the public to have a more open dialogue on how the government can be leading the way, with private sector input, on protecting government systems.

One of the biggest issues that came out of the CNCI was a concern that the government would move full-force ahead on the classified initiative without significant input from the numerous sectors of the private sector, many of whom have tackled some of the problems facing the government as it moved to protect its systems.  The added fear was that once the government put in place “solutions” for itself, it would move to migrate those solutions to the private sector through standards and mandates.  While some sectors with appropriate clearances have advised on parts of the initiative, there remained a gap in a transparent and full discussion.   Schmidt should be commended for taking on this effort and moving for a more open process for discussion.

I also question whether the NSPD/HSPD should be declassified in its entirety. While privacy and legal questions may arise out of any classified cyber offense capabilities discussed in the directive, we also should be careful about revealing too much about these efforts, especially if doing so would potentially reveal sources and methods to our technologically-savvy opponents, who are intent on compromising, sabotaging, or stealing information from our systems.  There needs to be a method to assure that classified information within the directive goes through appropriate checks and balances, but we also have to be prepared against a sophisticated enemy.

Also of note at the conference were Secretary Napolitano’s remarks.  In addition to encouraging industry to do better at security and recognize a “sense of urgency,” she announced a contest to the IT security community on how to develop a public education campaign on cyber-readiness.  Information on the contest and how to enter can be found at http://www.dhs.gov/files/cyber-awareness-campaign.shtm.

It is an interesting concept, though I wonder how it meshes with existing and past efforts to do public education campaigns on the cyber front.  In particular,  I wonder how this effort fits into the National Cyber Security Alliance, which was founded in 2001, as the pubic-private partnership for promoting cyber security awareness. That effort has worked with DHS and a number of tech companies, as well as the MS-ISAC for promoting cyberawareness and  “National Cybersecurity Awareness Month” in each of the past six Octobers.  There have also been numerous similar efforts through the years, including one I was involved with about 10 years ago, the “Cybercitizen Awareness Program,” that was intended to “establish a broad sense of responsibility and community in an effort to develop in young people smart, ethical, and socially conscious online behavior.”

Despite these questions, I think the idea is an interesting one.  In past posts, I have advocated for DHS to take more of a DARPA approach to solving problems, including potentially duplicating efforts like the DARPA Grand Challenge.  I have also written about DHS’ increasing use of social media and the need for it to integrate the public into those efforts.  In many ways, this contest takes both of those concepts and creates a mini-Grand Challenge web 2.0 awareness campaign. I look forward to seeing the results.

Those were the big government announcements coming out of RSA.  Overall, the conference seems to focus on a few themes : cloud computing, offensive cybersecurity efforts (including warfare), a call to action, and collaboration.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

6 Comments »

Comment by William R. Cumming

March 5, 2010 @ 8:57 am

Wonderful post Jessica and very helpful! Couple of quick questions and more follow up comments later!
First, in declassifying the document why NO real statement of position by the administration on whether they agree, disagree, have under review actively the intiative or whatever? This pinpoints the Administrations lack of governance skills.
Second, cyber security identified as the new universe in fall 1997 by the President’s Commission on Critical Infrastructure Protection [actually a Congressional mandated commission]! This report split physical security and cyber security for all time. Cyber security one of principal rationales for formation of DHS but I guess with three lawyers with limited IT knowledge running DHS so far they just did not get “it”! And what is this Secretary DHS initative to have a contest in the IT/cyber Security community? Is this still amatuer night again. By my count since its formation, DHS has spent about $100 Billion on IT issues and programs, cyber security, computer security and has nothing to show for it. Hey could be wrong! Always wondered by the CIOs (Chief Information Officers) were not made directly accountable by statute for computer security issues. The key statute was 1992 but hey has been amended since then. Also required CIO’s to report to the head of the department or agency–so what happened to that requirement? Also get OMB out of the A-130 process fast and cyber/computer security. There should be a statutory mandate for combination of computer and cyber security in all the civil agencies.

But hey the most interesting thing about the conference I found so far was NSA announcing that “Cloud Computing” was a direct threat to national security and could not be protected from terrorist activity.

So thanks again for a great post!

Comment by William R. Cumming

March 5, 2010 @ 9:28 am

The statute I referred to in the comment above was I believe the so-called Clinger-Cohen Act. Congress was ahead of the game and the Executive Branch never has caught up. Also Senators Bennett and Kyle were instrumental in the PCCIP mandate.
It might be of utility as a calibration point and documentation of the failures on cyber security generally ti review PD-63 issued to respond to the Commission Report!

WOW why is there never a tracking back to document repetitive efforts to accomplish something in the Executive Branch. I am probably too linear in my thinking because I do know technological change has been a “slowing” factor in developing cyber security. And like Jessica, don’t believe anything about offensive cyber capability should be declassified. Jessica’s DARPA like suggestion is also excellent. By the way new DARPA HQs under construction in N.VA. I thought HARPA in DHS was to be the civilian equivalent “Skunk Works”?

Comment by William R. Cumming

March 5, 2010 @ 9:30 am

And also with respect to the ABA conference–how many law schools have IT law courses including cyber security and computer security? TBD?

Comment by christopher tingus

March 6, 2010 @ 8:15 am

What we need is someone to truly look at our school failings in so many ways and especially in promoting science, engineering and mathematics based discipline and to understand that this lack of in Washington and other global capitals has positioned us into a time of great peril!

With the present composition of those entrusted to serve the public and instead have raped the USA, attorneys and businessmen, especially bankers whose discipline and mentality rests in litigation even acknowledging guilt and more often than not, this self-serving corruption remains….

We have been bankrupted not only by the void in leadership at the local, state and national level by those we “entrust” to serve the public and sworn to oath to safeguard the founding principles of a Judeo-Christian background.

We have foresaken the Bible as a Book of Knowledge and replaced it with the crafty ways of those whose ambition is only to stroke their own ego.

Now that the road is so riddled with the corrupt ways of special interest groups and other, the beltway gridlocked and the trillions in “fiat” dollars printed and spent by Hank Paulson et al as well as the central bankers, isn’t it interesting to see so many not seeking reelection and choosing to cash in on their golden parachute. Check the facts, government payraises this year for the top dogs, while unemployment ruins families…

Cybersecurity is a no. 1 issue affecting each and every one of us. Our electric grid is exposed. our way of Life so computer driven at risk. The fabric of the 21st century threatened each and every day.

We have failed in our schools as we have seen a dwindling of graduates in the science and engineering discipline compared with China and India. From what we see here on Main Street USA and hear atrocious stories of what is taking place in our schools and listen intently to national and state leadership overseeing school systems, the bureaucrat stealing salarie monies in excess of $100k to $200k with their performance and their school and student performance not tied into their compensation….

We are bankrupt. Very bankrupt. Shortly, we, too will not meet our international debt obligation and reneg on payments. We are already a third world country for such designation is only a moment away.

We are soon to renew the thrust in downward spiral in our economy. Unfortunately, many wonderful fellow human beings will not survive. Folks like the Massachusetts State Legislature and the illustrious Massachusetts Department of Revenue raise fess and taxes, fees and taxes and while people are losing homes, cars and family, self-imposed “incestuous” accolades and payhikes are adopted and Registry of Motor Vehicle Registration and other departments are raised…why because just like the King we fled to come to these shores, thievery is the way of politics, politicans who must be stopped by term limits!

A leadership in local, state and national governance based on lawyers will never work out for we need as China portrays, leadership roles, decision-makers with a scientific/engineering discipline. We are not longer competitive and the narrowness in perspective is very clear when we here on Main Street USA hear that the trillion we have invested in the exploration of space, the universe, the benefits already recognized, well…the attorneys have decided to give away our leadership above our atmoshere. The country has no vision.

As an international new business development consultant striving to raise substantial capital to fund – profitable – and substantial wastewater and water purification projects throughout Africa and to the Middle East and to India where so many do not have even a clean glass of water to drink from, China is everwhere I visit. Building a railroad from the west coast to east coast of Africa and giving billion in aid and development to Africa, while taking precious metals and resources out of Africa and storing the goods in Chinese coffers to assure its population and culture another reign…a China led by scientists, engineers, “geeks” – not well dressed litigators. China who we have you, Mr. President, bow down to for you and your treasurer and staffers have no guts to take a real stance on Taiwan or in Tibet!

Cybersecurity? Even you Madame DHS Secretary underscored recently the necessity that we ramp up our efforts in this sector. Well folks, unless someone listens attentively to William Cumming in these viewpoints he is willing to share with us with the While House staffers reading William Cumming with intent, the “change” we really need will never happen. From my perspective acknowledged in India as Chris Uncle and throughout Africa as “Mr. Chris” – you Mr. President are a one-term President who chose to follow the good ‘ol boys who packaged you and presented you to be elected to serve their own agenda.

We have no time. Hackers are everwhere hitting us from the organized and well greased backrooms in China snd Russia. Government sponsored “geeks” seeking to disrupt our way of Life! How really secure is our electric grid? How secure are we as the litigators, the special interest groups, the lack of policy as well as the cheek turning when its comes to immigration and other for there is no foundation in discipline, to a real understanding of what our forefathers structured and why..what it really takes to make it work!

William Cumming, your viewpoints here in and every contribution is read my many here on Main Street USA and you are the Churchill we miss so much today for news on the street shows our Arabic speaking supposed friends and allies in the Middle East, where we have a large strategic air force base and presence, these fellas signing agreements with the “Brutes of Tehran” –

America needs “geeks” and it is our advice here on Main Street USA to take the 200 WMDs out of Europe and let the Germans and Belgians who snub us at every opportunity and asked that we remove our WMDs from their soil, to stop sending social security checks to those who may have earned it here, however do not reside here. To take these monies and other and redefine Amrica’s schools in the obsesity it offers in any lack of discipline, transparency, accountability from your education Czar down the ranks. A revamp of our schools emphasizing to the youth the vision, the scope of achievement and fulfillment the sciences offer – maintain NASA’s grasp on our mission in space, not turn it over to self-indulgent and greedy business types who will milk every dollar possible –

We are not only at war with Islam and its fundametalists who portray no tolerance of another’s choice, only their own perspective with no tolerance or compassion for any of God’s creation, the individual, promising others “virgins” to murder in cold blood innocent people, good people, yes, who may be different and hold other values, however their Right to hold other values, however we will again see shortly the “recession” – really a depression both economically and in the represention of good people who will again as in history, suffer the anguish as a result of greed, the lust of power, the prowess of special interest groups who seduce and deceive the foundation in principles which so many have given their Life for to enable us during this our watch to protect the Blessings and hope that America has reached out as a beacon of hope to those in despair these past generations, to give the Europeans for insance the Life they have today…the history like so many others which has been placed in the draw and missing the relevance of what history teaches us!

Unfortunately, I think we have lost. The clock is ticking and time will tell, yet it is not because of the caveman’s attitude in the mountais of Pakistan, the militant attitude of those ongoing grudges, generation after generation in the Middle East, stonewalls which will never be broken as men are too hardheaded and too biligerant in nsture gto reach beyond their limitations and attentively listen and discuss differing perspectives, our failure in a country we Love so dearly, our beloved nation, comprised of the most charitable people, we failed ourselves for it has been greed, the lack of compassion for neighbor, the selfishness to seek false identities, a credit card created mentality affording these banking thieves such broad theft playing into our lack of discipline unwilling to pursue the science and engineering, the mathematics courses to use our creativity, our imagination which unfortunately books on statutes have such little context.

Cybersecurity, yes…Kudos to the men and women who serve the LAPD, the NYPD, folks at NSA and so many others who are committed to thwarting the efforts of those that seek our demise, however we must use this next election to send clarity and demand a reorganization of our government and our national objectives.

The axis of the earth shifted when Chile was again struck as history repeats itself in Chile.

We are tracking debris and more substantial substances in direct course with our atmosphere. Space exploration and its benefits to improving the quality of human Life should be conveyed to mankind. Mankind’s evil ambition to control power will not be altered beacuse America is broke not only monetarily, but in vision and will cut back space exploration as it has already been dictated by the attorneys of the day who have very little aptitude for science and mathematics which are the physics of Life.

Without question, we are spiraling towards another global confrontation. The rampant corruption, the disrespect to others, the coldness in indifference even as we have seen within the great Persians, a people rich in culture allowing a regime who I refer to as the “Brutes of Tehran” – thugs….to kill their own and spill precious blood on the street before the world…

….a reminder of so many in the past and present discarded so willingly as we watched with horror the bulldozing of people killed by earthquake in Haiti and an international community, including the German-led EU and the Vatican who allowed bodies to be buried with no dignity for God individual creation, with only 25% of Haitians being addressed afetr all these weeks, another Katrina? God’s wrath will be felt more and more for we have learned little as every man made govermemnt, no matter its compositon, since Babylon, all have failed for power, lust and this self-serving mentality foretells the future unless we become disciplined, respectful of the other, listen attentively and cut the credit card, buying only with cash.

Cybersecurity and new weapons being designed to explode in the skies above offering a shock and awe which will truly move this world even further from it axis in the principles which all human beings must abide by and given as basic law, reasonableness, simplicity in Life as many of us still prefer the awesome transition from Winter to Spring and the blossom of Life, not convincing another to strap a bomb on one’s back or around the waist and kill themselves and innocent people. What cowardness, what evil, how contrary to the evolving universe(s) and wonder which awaits mankind, yet his stubborness in narow perspective repeats itself in history time and time again!

God Bless America!

Christopher Tingus
Harwich (Cape Cod), MA 02645 USA
chris.tingus@gmail.com

Comment by Beth Randolph

March 8, 2010 @ 1:44 am

As Mr. Cumming and Mr. Tingus have touched points regarding Germany snubbing us every chance they get and a mandate on federal civilian systems for protection – who runs most of the BSM (Business System Modernization) EBS which replaced our SAMMA legacy system – SAP developed, rather enhanced their commercial COTS software, for a desk procurement (aka e-procurement initiative) as Accenture is the implementation team. SAP is located where? Germay – so when asking why would the federal government pay and allow a Germany based company develop a product, well sell the federal government, their product which tells our deployments, supplies, requirements, procurements, financial, etc.? I was told stop being so paranoid by my superiors as being the liaison between a profit center and HQ DLA.
These contractors hire, pay very well, allow access to our systems and ironically are the ones permitting federal employees access to our own systems.
As contractors working IT help desks have the same access, without a security check/clearance, as a 25 year worker has waited over two years for his promotion to go through due to the backup for security checks! These contractors not only have access, but manage, train, develop, implement, decide what processes we need and each upgrade costs millions as our legacy system was owned and maintained by federal employees.
BTW, my husband, WTC federal clean up responder, lung cancer, brain tumor and Vietnam Veteran who has been “left off the DHS WTC fatality list” with not one person taking responsibility – as I still wait for replies to my letters sent to DHS and Congress, no response to emails to heads of each DHS department and no return phone calls as promised. I know have something in writing that states it is my responsibility to provide a picture of my husband at the WTC site as proof he was there – but wouldn’t a plaque with my husband’s name thanking him for his efforts stemming from 9/11/2001 with the FPS logo on the top of this “trophy” like item – given to him by DHS/ICE/FPS – as the Commander of Region 3 has denied being the one to leave his name off the WTC catastrophy fatality list.

Thank you both again for your much respected opinions, caring efforts and most of all comments to each and every post.

Beth Randolph
Philadelphia, PA area

Comment by Beth Randolph

March 8, 2010 @ 1:50 am

Sorry for the poor spelling especially Germany -hope it got my point across – late, tired and hit the submit comment button before hitting the delete as I have deleted many other comments on a lot of posts – but this time I just had to share just in case you didn’t know – but probably you do – you both know a lot without telling it all.

God Bless
Beth

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>