US cyber defense strategy details hit the Internet (Update)

Mar 02, 2010
"Cyber war!" flashes on the screen at an Internet security conference. The curtain was pulled back Tuesday on portions of a secret US cyber defense strategy crafted during the administration of former president George W. Bush.

The White House has pulled back the curtain on portions of a secret US cyber defense strategy crafted during the administration of former president George W. Bush.

White House Internet security coordinator Howard Schmidt described bits of the strategy at the RSA cybersecurity conference here, saying the revelation was part of a promise of transparency by President Barack Obama.

Parts of a Comprehensive National Cybersecurity Initiative (CNCI) declassified by Obama became available online Tuesday at whitehouse.gov/cybersecurity.

"We can't ask industry to help government and government can't help industry if we don't have transparency," Schmidt said while making the announcement.

"It gives the American people the ability to partner with their government."

Scott Charney, Microsoft corporate vice president of Trustworthy Computing, was among those that welcomed the idea of the government being more forthcoming with cyber defense information.

"The public-private partnership is in need of improvement; it always has been," said Charney, who was head of computer crime prosecution at the Justice Department from 1991 to 1999.

"It seems the government has moved from a phase of consideration to a phase of action, and that is a good thing."

Sharing cyberattack information between government and private business has been muted by national security concerns on one side and fears of tainting brand images on the other.

"It never really happened," Charney said. "The government didn't share and the industry didn't share."

Schmidt said he hoped releasing declassified versions of the strategy would drive alliances between government cyber warriors and security firms, academics and others skilled in the field.

"Our collective knowledge is our biggest strength," Schmidt said. "We will not beat our adversaries because they are weak; we will beat them because we become stronger."

CNCI was crafted as the result of a presidential directive signed by Bush in January of 2008. Its budget remains a mystery but is estimated to be in the tens of billions of dollars.

The declassified strategy includes consolidating the government computer network and deploying sensors to detect intrusions.

Government agencies must work together on research and link "cyber ops" centers to more astutely assess situations, according to the CNCI.

"There is a pressing need to ensure that government information security offices and strategic operations centers share data regarding malicious activities against federal systems," according to freshly declassified documents.

One of the initiatives calls for a government-wide cyber counterintelligence plan to "detect, deter, and mitigate the foreign-sponsored cyber intelligence threat" to US networks and private businesses.

The government must also figure out its role in the cyber defenses of power grids, financial markets and other computer infrastructure that have become critical to daily life in this country, according to the CNCI.

The US government will need to show it can be trusted to fairly balance cyber defense with respect for privacy of online information.

Some RSA attendees were skeptical, citing Bush-era shenanigans that evidently included snooping on email and other Internet communications without proper court orders.

"You lose trust, it gets harder to do the right thing," Charney said. "If you are Howard Schmidt, the NSA, or whoever, you need to explain what you want to accomplish and how you will execute on it while balancing privacy concerns."

Public-private partnership is imperative to cyber defenses, said Melissa Hathaway, who served as interim cyber chief for Obama before becoming a consultant to computer security firms such as Cisco.

"We are almost at epidemic levels of online fraud and crime; pillaging and looting on the Internet," she said at RSA.

Hathaway proposed the creation of a non-profit organization to act as a neutral party or "safe house" for inside information shared by businesses to alleviate fears of disclosing weaknesses to competitors.

Explore further: Putin signs law seen as crimping social media

add to favorites email to friend print save as pdf

Related Stories

White House picks new cyber coordinator

Dec 22, 2009

(AP) -- The White House has tapped a corporate cyber security expert and former Bush administration official to lead the effort to shore up the country's computer networks and better coordinate with companies that operate ...

Homeland Security to hire up to 1K cyber experts

Oct 01, 2009

(AP) -- The Obama administration has given a green light to the Homeland Security Department to be more competitive and choosey as it hires up to 1,000 new cyber experts over the next three years, the first major personnel ...

Obama setting up better security for computers

May 29, 2009

(AP) -- America has for too long failed to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to take on the job.

Recommended for you

Google made failed bid for Spotify

4 hours ago

Internet titan Google tried last year to buy streaming music service Spotify but backed off for reasons including a whopping price tag, the Wall Street Journal reported on Tuesday.

Thieves got into 1K StubHub accounts

4 hours ago

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said Tuesday.

Putin signs law seen as crimping social media

16 hours ago

President Vladimir Putin on Tuesday signed a law requiring Internet companies to store all personal data of Russian users at data centres in Russia, a move which could chill criticism on foreign social networking ...

User comments : 0