US cyber defense strategy details hit the Internet (Update)

Mar 02, 2010
"Cyber war!" flashes on the screen at an Internet security conference. The curtain was pulled back Tuesday on portions of a secret US cyber defense strategy crafted during the administration of former president George W. Bush.

The White House has pulled back the curtain on portions of a secret US cyber defense strategy crafted during the administration of former president George W. Bush.

White House Internet security coordinator Howard Schmidt described bits of the strategy at the RSA cybersecurity conference here, saying the revelation was part of a promise of transparency by President Barack Obama.

Parts of a Comprehensive National Cybersecurity Initiative (CNCI) declassified by Obama became available online Tuesday at whitehouse.gov/cybersecurity.

"We can't ask industry to help government and government can't help industry if we don't have transparency," Schmidt said while making the announcement.

"It gives the American people the ability to partner with their government."

Scott Charney, Microsoft corporate vice president of Trustworthy Computing, was among those that welcomed the idea of the government being more forthcoming with cyber defense information.

"The public-private partnership is in need of improvement; it always has been," said Charney, who was head of computer crime prosecution at the Justice Department from 1991 to 1999.

"It seems the government has moved from a phase of consideration to a phase of action, and that is a good thing."

Sharing cyberattack information between government and private business has been muted by national security concerns on one side and fears of tainting brand images on the other.

"It never really happened," Charney said. "The government didn't share and the industry didn't share."

Schmidt said he hoped releasing declassified versions of the strategy would drive alliances between government cyber warriors and security firms, academics and others skilled in the field.

"Our collective knowledge is our biggest strength," Schmidt said. "We will not beat our adversaries because they are weak; we will beat them because we become stronger."

CNCI was crafted as the result of a presidential directive signed by Bush in January of 2008. Its budget remains a mystery but is estimated to be in the tens of billions of dollars.

The declassified strategy includes consolidating the government computer network and deploying sensors to detect intrusions.

Government agencies must work together on research and link "cyber ops" centers to more astutely assess situations, according to the CNCI.

"There is a pressing need to ensure that government information security offices and strategic operations centers share data regarding malicious activities against federal systems," according to freshly declassified documents.

One of the initiatives calls for a government-wide cyber counterintelligence plan to "detect, deter, and mitigate the foreign-sponsored cyber intelligence threat" to US networks and private businesses.

The government must also figure out its role in the cyber defenses of power grids, financial markets and other computer infrastructure that have become critical to daily life in this country, according to the CNCI.

The US government will need to show it can be trusted to fairly balance cyber defense with respect for privacy of online information.

Some RSA attendees were skeptical, citing Bush-era shenanigans that evidently included snooping on email and other Internet communications without proper court orders.

"You lose trust, it gets harder to do the right thing," Charney said. "If you are Howard Schmidt, the NSA, or whoever, you need to explain what you want to accomplish and how you will execute on it while balancing privacy concerns."

Public-private partnership is imperative to cyber defenses, said Melissa Hathaway, who served as interim cyber chief for Obama before becoming a consultant to computer security firms such as Cisco.

"We are almost at epidemic levels of online fraud and crime; pillaging and looting on the Internet," she said at RSA.

Hathaway proposed the creation of a non-profit organization to act as a neutral party or "safe house" for inside information shared by businesses to alleviate fears of disclosing weaknesses to competitors.

Explore further: Belarus tightens control over online media

add to favorites email to friend print save as pdf

Related Stories

White House picks new cyber coordinator

Dec 22, 2009

(AP) -- The White House has tapped a corporate cyber security expert and former Bush administration official to lead the effort to shore up the country's computer networks and better coordinate with companies that operate ...

Homeland Security to hire up to 1K cyber experts

Oct 01, 2009

(AP) -- The Obama administration has given a green light to the Homeland Security Department to be more competitive and choosey as it hires up to 1,000 new cyber experts over the next three years, the first major personnel ...

Obama setting up better security for computers

May 29, 2009

(AP) -- America has for too long failed to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to take on the job.

Recommended for you

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

Brazil: Google fined in Petrobras probe

Dec 15, 2014

A Brazilian court says it has fined Google around $200,000 for refusing to intercept emails needed in a corruption investigation at state-run oil company Petrobras.

Microsoft builds support over Ireland email case

Dec 15, 2014

Microsoft said Monday it had secured broad support from a coalition of influential technology and media firms as it seeks to challenge a US ruling ordering it to hand over emails stored on a server in Ireland.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.