Cybersecurity initiative seen as good first step

Experts from an independent commission told two separate congressional panels last week that the Bush administration’s largely classified, multibillion-dollar Comprehensive National Cybersecurity Initiative (CNCI) represented a positive step in solving the nation’s cybersecurity challenge. However, they also said more work was urgently needed.Senior officials revealed Sept. 15 some additional details about the governmentwide cybersecurity initiative, which President Bush announced in a classified directive in January and which has since been cloaked in secrecy. Speaking at an Information Technology Association of America (ITAA) conference, officials from several agencies involved in overseeing parts of the CNCI discussed the scope and aims of various aspects of the program, including counterintelligence, supply chain security, intrusion prevention, a joint task force for investigations, recruitment, research and development, and a deterrence strategy.The activities of the program fall into three broad categories. They establish a frontline defense, defend against a full spectrum of threats and shape the future security environment, officials said. Neill Sciarrone, special assistant to the president and senior director for cybersecurity and information-sharing policy for the White House’s Homeland Security Council, said establishing a common operating picture across the military, civilian and intelligence communities was also critical to the effort.“This is not a short-term fix but rather a long-term framework for addressing cybersecurity,” she said.During the course of two separate hearings in the House last week, experts discussing the preliminary findings of the Center for Strategic and International Studies’ (CSIS) Commission on Cyber Security for the 44th Presidency brought up a series of additional issues that they believe the cybersecurity strategy needs to address. Experts told lawmakers that there must be an improvement of trust between the government and private sector, a fresh look at regulation and regulating authorities, and a reorganization of the leadership of the current government effort.Amit Yoran, a CSIS commissioner and a former director of the Homeland Security Department’s National Cyber Security Division and the U.S. Computer Emergency Readiness Team said that the CNCI was an important move forward. However, Yoran, who is chief executive officer of cybersecurity monitoring technology company NetWitness, said that the CNCI represents more of an execution plan than a comprehensive strategy.Many commissioners believe that the CNCI should not be taken in lieu of a comprehensive strategy, he said.