US cyber defense strategy details hit the Internet (Update)

Mar 02, 2010
"Cyber war!" flashes on the screen at an Internet security conference. The curtain was pulled back Tuesday on portions of a secret US cyber defense strategy crafted during the administration of former president George W. Bush.

The White House has pulled back the curtain on portions of a secret US cyber defense strategy crafted during the administration of former president George W. Bush.

White House Internet security coordinator Howard Schmidt described bits of the strategy at the RSA cybersecurity conference here, saying the revelation was part of a promise of transparency by President Barack Obama.

Parts of a Comprehensive National Cybersecurity Initiative (CNCI) declassified by Obama became available online Tuesday at whitehouse.gov/cybersecurity.

"We can't ask industry to help government and government can't help industry if we don't have transparency," Schmidt said while making the announcement.

"It gives the American people the ability to partner with their government."

Scott Charney, Microsoft corporate vice president of Trustworthy Computing, was among those that welcomed the idea of the government being more forthcoming with cyber defense information.

"The public-private partnership is in need of improvement; it always has been," said Charney, who was head of computer crime prosecution at the Justice Department from 1991 to 1999.

"It seems the government has moved from a phase of consideration to a phase of action, and that is a good thing."

Sharing cyberattack information between government and private business has been muted by national security concerns on one side and fears of tainting brand images on the other.

"It never really happened," Charney said. "The government didn't share and the industry didn't share."

Schmidt said he hoped releasing declassified versions of the strategy would drive alliances between government cyber warriors and security firms, academics and others skilled in the field.

"Our collective knowledge is our biggest strength," Schmidt said. "We will not beat our adversaries because they are weak; we will beat them because we become stronger."

CNCI was crafted as the result of a presidential directive signed by Bush in January of 2008. Its budget remains a mystery but is estimated to be in the tens of billions of dollars.

The declassified strategy includes consolidating the government computer network and deploying sensors to detect intrusions.

Government agencies must work together on research and link "cyber ops" centers to more astutely assess situations, according to the CNCI.

"There is a pressing need to ensure that government information security offices and strategic operations centers share data regarding malicious activities against federal systems," according to freshly declassified documents.

One of the initiatives calls for a government-wide cyber counterintelligence plan to "detect, deter, and mitigate the foreign-sponsored cyber intelligence threat" to US networks and private businesses.

The government must also figure out its role in the cyber defenses of power grids, financial markets and other computer infrastructure that have become critical to daily life in this country, according to the CNCI.

The US government will need to show it can be trusted to fairly balance cyber defense with respect for privacy of online information.

Some RSA attendees were skeptical, citing Bush-era shenanigans that evidently included snooping on email and other Internet communications without proper court orders.

"You lose trust, it gets harder to do the right thing," Charney said. "If you are Howard Schmidt, the NSA, or whoever, you need to explain what you want to accomplish and how you will execute on it while balancing privacy concerns."

Public-private partnership is imperative to cyber defenses, said Melissa Hathaway, who served as interim cyber chief for Obama before becoming a consultant to computer security firms such as Cisco.

"We are almost at epidemic levels of online fraud and crime; pillaging and looting on the Internet," she said at RSA.

Hathaway proposed the creation of a non-profit organization to act as a neutral party or "safe house" for inside information shared by businesses to alleviate fears of disclosing weaknesses to competitors.

Explore further: Music site SoundCloud to start paying artists

add to favorites email to friend print save as pdf

Related Stories

White House picks new cyber coordinator

Dec 22, 2009

(AP) -- The White House has tapped a corporate cyber security expert and former Bush administration official to lead the effort to shore up the country's computer networks and better coordinate with companies that operate ...

Homeland Security to hire up to 1K cyber experts

Oct 01, 2009

(AP) -- The Obama administration has given a green light to the Homeland Security Department to be more competitive and choosey as it hires up to 1,000 new cyber experts over the next three years, the first major personnel ...

Obama setting up better security for computers

May 29, 2009

(AP) -- America has for too long failed to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to take on the job.

Recommended for you

Should you be worried about paid editors on Wikipedia?

2 hours ago

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

Philippines makes arrests in online extortion ring

4 hours ago

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

16 hours ago

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

Music site SoundCloud to start paying artists

23 hours ago

SoundCloud said Thursday that it will start paying artists and record companies whose music is played on the popular streaming site, a move that will bring it in line with competitors such as YouTube and Spotify.

Facebook awards 'Internet Defense Prize'

Aug 21, 2014

Facebook awarded a $50,000 Internet Defense Prize to a pair of German researchers with a seemingly viable approach to detecting vulnerabilities in Web applications.

User comments : 0