SAN FRANCISCO -- The Obama administration is declassifying part of its Comprehensive National Cybersecurity Initiative (CNCI), giving the public access to a summary of the $40 billion classified cybersecurity plan.
The announcement was made Tuesday by security luminary Howard Schmidt at the 2010 RSA Conference. Schmidt was appointed by President Obama in December 2009 to serve as the cybersecurity coordinator, a role that is the first of its kind instated by the White House.
In his keynote address, Schmidt told attendees the Obama administration's goal for more open government required the document be made available to the public and said it would help improve security despite its sensitivity.
"Transparency and partnerships have to go hand in hand," Schmidt said. "The openness gives the American people the ability to partner with government ... because cybersecurity is a shared responsibility for all of us."
The summary description of the CNCI initiatives is available for download at the White House website. The plan has 12 components, including the Trusted Internet Connections (TIC) program. The TIC's goal is to trim the number of connections from federal computer systems to outside networks from more than 4,000 to fewer than 100.
The document briefly explains the Einstein system, one of the key components of the CNCI. "Einstein 2" and "Einstein 3" represent the signature-based intrusion detection systems and network monitoring capabilities used by the Department of Homeland Security (DHS) to monitor and analyze traffic moving through federal networks.
In addition, the document outlines a government-wide cyber counterintelligence plan designed to detect, deter and mitigate "foreign-sponsored cyber intelligence threats to U.S. and private sector information systems." It explains the need to bolster research and development and calls for expansion of cybersecurity training for government employees as well as the funding of cybersecurity education at colleges and universities.
One of the CNCI initiatives also calls for better security of the supply chain, specifically to find ways to reduce disruption of goods and services. It also outlines the requirement for improved warning capabilities and better communication with the private sector, as well as the need for foreign governments to develop appropriate responses to ongoing cyberattacks.
"President Obama said America's economic prosperity will depend on cybersecurity; that is not a light statement," Schmidt said. "In this role, which I think is an important role, I'll be coordinating development of a harmonized and systemized cybersecurity policy ... harmonized, effective and efficient."
In his keynote address, Schmidt said the federal government has made progress on many of the initiatives identified by a 60-day review of the nation's cybersecurity readiness. The review looked at all facets of government cybersecurity defenses from counterintelligence and law enforcement investigations to network security and critical infrastructure protection.
The Federal Information Security Management Act (FISMA), which requires government agencies to meet security standards, is being improved, Schmidt said. Next month, the Obama administration will also release performance metrics to better track the progress agencies are making in their security