Governance & Risk Management

White House Partly Lifts CNCI Secrecy

Schmidt Announces Declassification in RSA Keynote
White House Partly Lifts CNCI Secrecy
The Obama administration posted a declassified summary of the government's Comprehensive National Cybersecurity Initiative, or CNCI, a highly secret Bush-era program aimed at securing the nation's critical IT security assets.

White House Cybersecurity Coordinator Howard Schmidt announced the declassification in a keynote address at the RSA IT security conference in San Francisco Tuesday to thousands of IT security professionals assembled in the Mascone Center. The declassification document can be viewed at the White House website.

GovInfoSecurity.com first reported the administration's intent to issue a declassified summary of CNCI on Feb. 2.

In his speech and a simultaneous blog posting on the White House website that used nearly identical language, Schmidt said the government's partnership with the private sector and government transparency are key in developing solutions to secure critical government and national digital assets. "These two themes go hand-in-hand," Schmidt said. "You cannot have one without the other, and they form the foundation of nearly all of the action items outlined in the President's Cyberspace Policy Review.

"Transparency is particularly vital in areas, such as the CNCI, where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity. Transparency provides the American people with the ability to partner with government and participate meaningfully in the discussion about how we can use the extraordinary resources and expertise of the intelligence community with proper oversight for the protection of privacy and civil liberties."

Schmidt said to successfully battle cybersecurity threats, the government, private sector and citizens must seek out innovative partnerships. "Transparency improves our collective knowledge and helps bind our partnerships together to form the most powerful cyber tools that we have," he said. "We will not defeat our cyber adversaries because they are weakening, we will defeat them by becoming collectively stronger, through stronger technology, a stronger cadre of security professionals, and stronger partnerships."

According to the summary, the 12 initiatives are:

  1. Manage the federal enterprise network as a single network enterprise with Trusted Internet Connections to reduce access points to and from the Internet.

  2. Deploy an intrusion detection system of sensors, known as Einstein 2, across the federal enterprise.

  3. Pursue deployment of intrusion prevention systems, Einstein 3, across the federal enterprise.

  4. Coordinate and redirect cybersecurity research and development efforts.

  5. Connect current cyber ops centers to enhance situational awareness.

  6. Develop and implement a government-wide cyber counterintelligence plan.

  7. Increase the security of our classified networks.

  8. Expand cyber education.

  9. Define and develop enduring "leap-ahead" technology, strategies, and programs.

  10. Define and develop enduring deterrence strategies and programs.

  11. Develop a multi-pronged approach for global supply chain risk management.

  12. Define the federal role for extending cybersecurity into critical infrastructure domains.

President Bush in January 2008 signed a directive establishing the CNCI that's aimed at getting the government and private sector to work together to secure the nation's critical IT infrastructure. Some estimates put the five-year budget of CNCI as high as $40 billion. In February, GovInfoSecurity.com reported total budget request for the CNCI for fiscal year 2011, which begins Oct. 1, is about $3.6 billion.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.