President Obama Names Vivek Kundra Chief Information Officer

The White House
March 5, 2009

WASHINGTON, DC – Today, President Barack Obama named Vivek Kundra the Federal Chief Information Officer (CIO) at the White House.

The Federal Chief Information Officer directs the policy and strategic planning of federal information technology investments and is responsible for oversight of federal technology spending. The Federal CIO establishes and oversees enterprise architecture to ensure system interoperability and information sharing and ensure information security and privacy across the federal government. The CIO will also work closely with the Chief Technology Officer to advance the President’s technology agenda.

President Obama said, “Vivek Kundra will bring a depth of experience in the technology arena and a commitment to lowering the cost of government operations to this position. I have directed him to work to ensure that we are using the spirit of American innovation and the power of technology to improve performance and lower the cost of government operations. As Chief Information Officer, he will play a key role in making sure our government is running in the most secure, open, and efficient way possible.”

The following announcement was made today:

Vivek Kundra, Federal Chief Information Officer
Vivek Kundra formerly served in Mayor Fenty’s cabinet as the Chief Technology Officer (CTO) for the District of Columbia, responsible for technology operations and strategy for 86 agencies. He has been recognized among the top 25 CTO’s in the country and as the 2008 IT Executive of the Year for his pioneering work to drive transparency, engage citizens and lower the cost of government operations. Kundra is also recognized for his leadership in public safety communications, cyber security and IT portfolio management. Before Kundra came to the District, Governor Timothy M. Kaine appointed him Assistant Secretary of Commerce and Technology for the Commonwealth of Virginia, the first dual cabinet role in the state’s history. Kundra’s diverse record also includes technology and public policy experience in private industry and academia. He is a graduate of the University of Virginia’s Sorensen Institute for Political Leadership and holds a MS in Information Technology from the University of Maryland.

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, Training, War , American innovation, Assistant Secretary of Commerce and Technology, Chief Information Officer, chief technology officer, CIO, CTO, cyber security, District of Columbia, enterprise architecture, Federal CIO, federal government, federal information technology investments, federal technology spending, Federdal Chief Information Officer, government operations, information privacy, information security, information sharing, IT Executive of the Year, IT portfolio management, Mayor Fenty, Obama, Policy, safety communications, strategic planning, Strategy, system interoperability, Technology, technology agenda, technology arena, Timothy Kaine, transparency, US Governors, US Mayors, US president, Virginia, Vivek Kundra

The Highlighter: Securing Cyberspace for the 44th Presidency – Part V

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part V includes highlights of:

• Section 4 – Regulate for Cybersecurity
  

——————————————————————————————————————————————
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
——————————————————————————————————————————————

The Highlights:

4
Regulate for Cybersecurity

Recommendations

• The president should task the NOC to work with appropriate regulatory agencies to develop and issue standards and guidance for securing critical cyber infrastructure, which those agencies would then apply in their own regulations.

• The NOC should work with the appropriate regulatory agencies and with the National Institute of Standards and Technology (NIST) to develop regulations for industrial control systems (ICS). The government could reinforce regulation by making the development of secure control systems an element of any economic stimulus package…
• The NOC should immediately determine the extent to which government-owned critical infrastructures are secure from cyber attack…
• The president should direct the NOC and the federal Chief Information Officers Council, working with industry, to develop and implement security guidelines for the procurement of IT products (with software as the first priority).
• The president should task the National Security Agency (NSA) and NIST, working with international partners, to reform the National Information Assurance Partnership (NIAP).
• The president should take steps to increase the use of secure Internet protocols. The president should direct OMB and the NOC to develop mandatory requirements for agencies to contract only with telecommunications carriers that use secure Internet protocols.

Read the rest of this entry »

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, The Highlighter, Training, War , acquisition rules, Chief Information Officers Council, CSIS, cyber security, electric grid, energy, FDCC, federal acquisition, Federal Desktop Core Configuration, Federal Energy Regulatory Commission, Federal Power Act, FERC, finance, FISMA, government mandate, ICS, ICT, industrial control systems, information technology, internet protocols, IT, national defense, National Information Assurance Partnership, National Institute of Standards and Technology, National Security Agency, National Strategy to Secure Cyberspace, NERC, NIAP, NIST, NOC, North American Electric Reliability Corporation, NSA, OMB, regulate, regulation, SCADA, SEC, supervisory control and data acquisition, US Air Force, US president, Y2K

Cyber review underway

The White House Blog
March 2, 2009

John Brennan, Assistant to the President for Homeland Security and Counterterrorism, passed along this update about the ongoing review of our nation’s communications and information infrastructure.

In response to President Obama’s direction, the National Security Council and Homeland Security Council are presently conducting a 60-day review of the plans, programs, and activities underway throughout the government that address our communications and information infrastructure (i.e., cyberspace). The purpose of the review is to develop a strategic framework to ensure that our initiatives in this area are appropriately integrated, resourced and coordinated both within the Executive Branch and with Congress and the private sector.

Our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated. Safeguarding these important interests will require balanced decision making that integrates and harmonizes our national and economic security objectives with enduring respect for the rule of law. Guided by this principle, the review will build upon existing policies and structures to formulate a new vision for a national public-private partnership and an action plan to: enhance economic prosperity and facilitate market leadership for the U.S. information and communications industry; deter, prevent, detect, defend against, respond to, and remediate disruptions and damage to U.S. communications and information infrastructure; ensure U.S. capabilities to operate in cyberspace in support of national goals; and safeguard the privacy rights and civil liberties of our citizens.

The review will be completed by the end of April 2009. At that time, the review team will present its recommendations to the President regarding an optimal White House organizational construct to address issues related to U.S. and global information and communications infrastructure and capabilities. The recommendations also will include an action plan on identifying and prioritizing further work in this area.

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, Training, War , activities, Assistant to the President for Homeland Security and Counterterrorism, communications, cyber, cyber review, cyberspace, Executive Branch, Homeland Security Council, HSC, information infrastructure, John Brennan, National Security Council, NSC, Obama, plans, private sector, programs, strategic framework, US Congress, US Government, US president, White House

National Intelligence Program Budget for 2010

Funding Highlights:

• Strengthens the capabilities of the Nation’s intelligence agencies to furnish timely, accurate, and
insightful intelligence on the capabilities and intentions of foreign powers, including international
terrorist groups.
• Enhances Federal cybersecurity capabilities.
• Prioritizes resources to support a U.S. Government-wide counterterrorism action plan.
• Improves the sharing of terrorist-related information with Federal, State, local, tribal and foreign
partners.
• Increases collection capabilities and continues transforming intelligence analysis.

The National Intelligence Program (NIP) funds intelligence activities in several Departments and the Central Intelligence Agency (CIA). NIP’s budget is classified, so the 2010 Budget does not publicly disclose funding requests for intelligence activities. However, since NIP supports key elements of America’s national security,
this chapter highlights some NIP-funded activities without detailing funding information.

To protect America’s national security, the Intelligence Community (IC) provides effective intelligence collection, the analysis of that intelligence, and the production of finished intelligence products. IC is responsible for ensuring timely and effective dissemination of intelligence to those who need it, ranging from the President, to heads of Executive Departments, military forces, and law enforcement agencies. To meet this country’s national security challenges, IC is strengthening its components’ abilities to collect intelligence, increasing the security of Federal cyber networks, and protecting against the threat of international terrorism in the United States.

The 2010 budget for NIP will support the Administration’s national security objectives. The Director of National Intelligence, the Director of the CIA, and Department Secretaries with intelligence organizations will use 2010 NIP funds to defeat terrorist networks, prevent the spread of weapons of mass destruction, penetrate and
analyze the most difficult targets of U.S. foreign policy, and anticipate developments of strategic concern.

The Administration will request funding for IC for the remainder of 2009 and for 2010 to cover the costs of global intelligence operations. The details of the 2009 supplemental appropriations request will be provided to the Congress in the next few weeks while the detailed 2010 request will be transmitted with the President’s 2010
Budget request.

Increases funding for Cybersecurity. The threat to Federal information technology networks is real, serious, and growing. To address this threat, the President’s 2010 Budget includes substantial funding for cybersecurity efforts; such activities will take an integrated and holistic approach to address current cybersecurity threats, anticipate future threats, and continue innovative public-private partnerships. These
efforts encompass the homeland security, intelligence, law enforcement, military and diplomatic mission areas of the U.S. Government.

Implements Counterterrorism Plan. The National Counterterrorism Center (NCTC) has developed a U.S. Government-wide counterterrorism action plan. This plan lays out broad strategic objectives aligned with policy objectives to guide the overall implementation of this national strategy on counterterrorism. The Administration will work with NCTC, IC, and relevant Departments such as Defense, State, and Homeland Security to direct resources in support of counterterrorism implementation objectives.

Facilitates information Sharing. The President’s 2010 Budget will support initiatives to improve the sharing of intelligence, including terrorist-related information, with Federal, State, local, tribal and foreign partners. These efforts include advancing the National Suspicious Activity reporting Initiative; establishing agency-based, outcome-oriented performance targets for information sharing; and institutionalizing the use of
effective business practices.

Improves Collection and Analysis Capabilities. The 2010 Budget provides funding to improve mission performance by increasing intelligence collection capabilities and continuing to transform intelligence analysis in IC.

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, Training, War , action plan, America, Analysis, budget, Budget for 2010, CIA, counterterrorism, cyber networks, cyber security, diplomatic mission areas, dissemination of intelligence, finished intelligence products, future threats, Homeland Security, IC, information technology, intelligence, Intelligence Agencies, intelligence collection, Intelligence Community, intelligence products, international terrorism, IT, law enforcement, law enforcement agencies, Military, military forces, National Counterterrorism Center, National Intelligence Program, National Security, national security challenges, national security objectives, NCTC, NIP, Obama, US Congress, US Government

NSA Should Oversee Cybersecurity, Intel Chief Says

By Kim Zetter

February 26, 2009

Wired

Despite the fact that many Americans distrust the National Security Agency for its role in the Bush Administration’s warrantless wiretapping program, the agency should be entrusted with securing the nation’s telecommunications networks and other cyber infrastructures, President Obama’s director of national intelligence told Congress on Wednesday.

Director of National Intelligence Admiral Dennis Blair told the House intelligence committee (.pdf) that the NSA, rather than the Department of Homeland Security which currently oversees cybersecurity, has the smarts and the skills to secure cyberspace.

“The National Security Agency has the greatest repository of cyber talent,” Blair said. “[T]here are some wizards out there at Fort Meade who can do stuff.”

Blair added that “because of the offensive mission that they have, they’re the ones who know best about what’s coming back at us and it’s defenses against those sorts of things that we need to be able to build into wider and wider circles.”

He acknowledged that the agency had a trust handicap to overcome due to its role in the Bush Administration’s secret domestic spying program, and therefore asked Congress to help convince the public that it’s the right agency for the task.

“I think there is a great deal of distrust of the National Security Agency and the intelligence community in general playing a role outside of the very narrowly circumscribed role because of some of the history of the FISA issue in years past. . . . So I would like the help of people like you who have studied this closely and served on commissions, the leadership of the committee and finding a way that the American people will have confidence in the supervision, in the oversight of the role of NSA so that it can help protect these wider bodies. So, to me, that’s one of the keys things that we have to work on here in the next few months.”

Blair is not without support for his view. Paul Kurtz, who led the cybersecurity group on Obama’s transition team and was part of Bush’s White House National Security Council, recently told Forbes that he supports the NSA taking a prominent role in cybersecurity.

Continue reading…

Filed under: Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, The Highlighter, Training, War , Bush Administration, Congress, cyber security, Dennis Blair, DHS, DNI, domestic spying program, FISA, Fort Meade, George W. Bush, Homeland Security, IC, Intelligence Community, National Security Agency, National Security Council, NSA, NSC, Obama, offensive mission, Paul Kurtz, transition, transition team, US president, warrantless wiretapping program, White House

Obama Budget Eyes Boost to Cybersecurity Funds

By Andrea Shalal-Esa
Reuters

WASHINGTON (Reuters) – The budget proposed by President Barack Obama includes funding aimed at improving the security of U.S. private and public computer networks.

“The threat to federal information technology networks is real, serious and growing,” said an outline of the budget proposal for fiscal 2010 that begins October 1 and released by the Obama administration on Thursday.

The document called for $355 million in funding for the Department of Homeland Security to make private and public sector cyber infrastructure more resilient and secure.

The money would help support the operations of the National Cyber Security Division, as well as initiatives under the Comprehensive National Cybersecurity Initiative, according to the document.

In addition, the administration said it would put “substantial” funding for cybersecurity efforts into the national intelligence program, but gave no details since that funding is kept secret.

That money would be used for “an integrated and holistic approach to address current cybersecurity threats, anticipate future threats, and continue innovative public-private partnerships,” it said.

Continue…

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, Training, War , budget proposal, CNCI, computer networks, Cybersecurity, federal information technology, funding, future threats, Home, Homeland Security, National Intelligence Program, Obama, public-private partnerships, US president

U.S. must craft cyberwarfare battle strategy

By William Jackson
February 18, 2009
Government Computer News

America has to face up to the realities of cyberwarfare with tactical and strategic planning, Kurtz says

The intelligence community and the military have crucial roles to play in protecting cyber space, former presidential adviser Paul E. Kurtz said Wednesday, and a clear command and control structure is needed to ensure that our information infrastructure can survive and recover from major disruptions.

In his opening address at the Black Hat Federal security conference being held in Arlington, Va., Kurtz, who served on the National and Homeland Security councils under presidents Bill Clinton and George W. Bush, said the nation has been reluctant to consider the proper role of government in regulating and defending cyberspace. He said it is important that these decisions be made openly after public discussion rather than allowed to happen behind closed doors.

“To those who object to the militarization of cyberspace, I would say, it’s too late: We’re already there,” Kurtz said.

Kurtz, who recently served as cybersecurity adviser on President Barack Obama’s transition team, steered clear of discussing his advice to the new administration. But he praised the 60-day review of federal cybersecurity initiatives announced by the president on Feb. 9 and called Melissa Hathaway, the Bush administration official tapped to conduct it, “exceptionally capable.”

He said the United States should apply some of the lessons learned during the Cold War to cyber conflicts now simmering online. Cyber warfare is not as simple as the bipolar confrontation between the Western democracies and the Soviet bloc, Kurtz said. It is multilateral standoff involving multiple nations, shadowy organizations, and individual hackers and criminals.

“But I do think a number of concepts from the Cold War may apply, and one of these is deterrence,” he added.

A clear policy of deterrence by the United States and its allies helped to avoid the use of nuclear weapons. But no similar policy has been established for battles fought over networks. There is no definition of cyberwarfare, no policy on how and when cyber weapons should be deployed and used, and we do not have a clear idea of who our enemies are.

“We must begin by addressing the question of attribution,” Kurtz said. The ability to collect, share and analyze data in order to tailor responses to a threat is “the beginning of a deterrence policy.”

That ability will require the efforts of the intelligence community, in cooperation with law enforcement and the private sector, he said. Each of these sectors now collects large amounts of data, but the same inability to share and “connect the dots” that led to the 2001 terrorist attacks still plague our cybersecurity, he said.

Continue reading…

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, Training, War , battle strategy, Bill Clinton, Black Hat, Cold War, connect the dots, control structure, cyber conflicts, cyber security, cyber space, cyber warfare, cyber weapons, cyberwar, deterrence policy, enemies, George W. Bush, information infrastructure, Intelligence Community, major disruptions, Melissa Hathaway, militarization, multilateral standoff, networks, nuclear weapons, Obama, Paul Kurtz, private sector, strategic planning, tactical, terrorist attacks, United States, US president

Cyber Threats 101

By Kim Hart
February 16, 2009
The Washington Post

An Army lieutenant may be an expert at securing borders and warding off enemies in a war zone. But when it comes to making sure hackers cannot break into the military’s communications network, officers may feel pretty defenseless.

To get a better grasp on technological threats, military officers, agency heads and government contracting executives have found one of the Defense Department’s best-kept secrets: the National Defense University.

NDU is made up of four graduate-level colleges, including the National War College, the Industrial College of the Armed Forces, and the Joint Forces Staff College. But the largest college — the Information Resources Management College — has grown the fastest over the past few years because the skills it teaches are in such high demand.

Located on the District waterfront, at Fort Lesley J. McNair, the college trains mid-career workers, in the public and private sectors, how to leverage the newest consumer technologies as well as how to protect vital information. This expertise used to be reserved for an agency’s chief information officer. But as tools like thumb drives, Facebook, Twitter and voice over Internet Protocol phone services creep into offices and bases, secure digital networks are becoming essential for all employees.

“Web 2.0 and information assurance are such big deals these days, but they are in conflict,” said Robert Childs, senior director of the college. The courses are tailored for people responsible for safeguarding the networks at the National Security Administration and the Department of Homeland Security, for example. The Defense Department is the college’s primary source of funding.

Continue reading…

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, Training, War , agency heads, college, cyber threats, Defense Department, DHS, Facebook, Fort Lesley J. McNair, government contracting executives, hackers, Industrial College of the Armed Forces, information assurance, Information Resources Management College, Joint Forces Staff College, military communications network, military officers, National Defense University, National War College, NDU, NSA, technological threats, Twitter, US Army, VOIP, war zone, Web 2.0

Biography – Dennis C. Blair

Director of National Intelligence

Dennis C. Blair became the nation’s third Director of National Intelligence on January 29, 2009.

Prior to retiring in 2002, Admiral Blair served as Commander in Chief, U.S. Pacific Command, the largest of the combatant commands. During his 34-year Navy career, Admiral Blair served on guided missile destroyers in both the Atlantic and Pacific fleets and commanded the Kitty Hawk Battle Group. Ashore, he served as Director of the Joint Staff and as the first Associate Director of Central Intelligence for Military Support at the CIA. He has also served in budget and policy positions on the National Security Council and several major Navy staffs.

From 2003 to 2006, Blair was President and CEO of the Institute for Defense Analyses — one of the nation’s foremost national security analysis centers. Most recently, he served as the John M. Shalikashvili Chair in National Security Studies at the National Bureau of Asian Research, and the Deputy Director of the Project on National Security Reform, an organization that analyzes the U.S. national security structure and develops recommendations to improve its effectiveness.

A 1968 graduate of the U.S. Naval Academy, Blair earned a master’s degree in History and Languages from Oxford University as a Rhodes Scholar, and served as a White House Fellow at the Department of Housing and Urban Development. He has been awarded four Defense Distinguished Service Medals and has received decorations from the governments of Japan, Thailand, the Republic of Korea and Australia.

Filed under: Analysis, Biography, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, Training, War , Australia, Central Intelligence for Military Support, CIA, Dennis Blair, DNI, guided missile destroyer, HUD, Institute for Defense Analyses, Japan, John Shalikashvili, National Bureau of Asian Research, National Security, National Security Studies, Oxford University, Project on National Security Reform, Republic of Korea, Rhodes Scholar, Thailand, US Naval Academy, US Navy, US Navy admiral, White House Fellow

U.S. Interests Face Challenges in Europe, Intelligence Chief Says

By Jim Garamone
American Forces Press Service

WASHINGTON, Feb. 16, 2009 – (This is the third in a series on the intelligence community’s annual threat assessment.)

Russia’s perceived strengths and its policies, tensions in Eurasia, Caucasus and Central Asia, and instability in the Balkans all pose challenges to U.S. interests in Europe, the director of national intelligence said Feb. 12.

Dennis C. Blair, a retired Navy admiral, told the Senate Select Committee on Intelligence that Russia continues to rebuild its military and, as events in Georgia last year show, use those forces to impress on the world that the nation is still relevant.

“Russian challenges to US interests now spring more from Moscow’s perceived strengths than from the state weaknesses characteristic of the 1990s,” Blair said in prepared testimony.

“U.S. involvement in Iraq and Afghanistan and general anti-Americanism have created openings for Russia to build alternative arrangements to the US-led international political and economic institutional order,” he said.

Russia is attempting to increase its ability to influence events, he said, by “actively cultivating relations with regional powers, including China, Iran, and Venezuela.”

Blair said Russia’s energy policy is aimed at increasing the country’s importance on the European continent.

“Moscow also is trying to maintain control over energy supply and transportation networks to Europe to East Asia, and protect and further enhance its market share in Europe through new bilateral energy partnerships and organizing a gas cartel with other major exporters,” he said.

Read the rest of this entry »

Filed under: Analysis, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, Training, War , Afghanistan, Armenia, Azerbaijan, Balkans, Belarus, Bosnia-Herzigovina, Caucasus, Central Asia, China, Dennis Blair, DNI, East Asia, energy supply, Eurasia, Europe, Georgia, Intelligence Community, Iran, Iraq, Kazakhstan, Kosovo, Kyrgyzstan, Moscow, Muslim extremism, Nato, Russia, Russian energy policy, Senate Select, Tajikistan, Turkmenistan, Ukraine, US Navy admiral, US Senate Select Committee on Intelligence, Uzbekistan, Venezuela

The Highlighter: Securing Cyberspace for the 44th Presidency – Part IV

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part IV includes highlights of:

• Section 3 – Rebuilding Partnership with the Private Sector
  

——————————————————————————————————————————————
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
——————————————————————————————————————————————

The Highlights:

3
Rebuilding Partnership with the Private Sector

Recommendation

The U.S. government should rebuild the public-private partnership on cybersecurity to focus on key infrastructures and coordinated preventive and responsive activities. We recommend the president direct the creation of three new groups for partnership that provide the bases for both trust and action:

• A presidential advisory committee organized under the Federal Advisory Committee Act (FACA), with senior representatives from the key cyber infrastructures. This new body would incorporate the National Security and Telecommunications Advisory Committee (NSTAC) and National Infrastructure Advisory Council (NIAC);

• A town hall style national stakeholders’ organization that provides a platform for education and discussion; and

• A new operational organization, the Center for Cybersecurity Operations (CCSO), where public- and private-sector entities can collaborate and share information on critical cybersecurity in a trusted environment.

Securing cyberspace requires government and the private sector to work together.

There is a bifurcation of responsibility (the government must protect national security) and control (it does not manage the asset or provide the function that must be protected).

…the United States has a perplexing array of advisory groups with overlapping interests, inadequate resources, varying capabilities, and a lack of clarity around roles and responsibilities. To achieve real partnership, we must simplify mission and organizational structure.

In many interviews, we found almost universal recognition that the status quo is not meeting the needs of either the government or the private sector with respect to trust and operational collaboration.

Another problem for securing cyberspace is a diffusion of effort. Currently DHS identifies 18 different sectors as critical.

For us, critical means that, if the function or service is disrupted, there is immediate and serious damage to key national functions such as U.S. military capabilities or economic performance.

To focus the defense of cyberspace, we have identified four critical cyber infrastructures: energy, finance, the converging information technology and communications sectors, and government services (including state and municipal governments).

We recommend concentrating on two key problems: how to build trust between the government and company executives and how to focus efforts on what is truly critical for cyberspace.

The primary goal of the new partnership organizations should be to build action-oriented relationships rather than to share information that is either already available or that companies are reluctant to provide. This can be done by creating a simplified structure that has three parts: a new presidential advisory committee that connects the White House to the private-sector entities most important for cyberspace; a national town-hall organization that provides a dialogue for education and discussion, and a new operational organization.

The intent behind the three groups is to provide an inclusive platform for national engagement, something the United States currently lacks.

Trust is the foundation of a successful partnership between government and the private sector.

Read the rest of this entry »

Filed under: Technology, cyber war, News, Life, Business, cyber security, War, Terrorism, Internet, History, Military, Analysis, Training, Intelligence Community, Polls, Politics, Strategy, Doctrine, Policy, The Highlighter, government , CCSO, collaboration, convergence, converging technologies, CSIS, cyber security, cyber space, DHS, energy, FACA, finance, information technology, key infrastructures, National Security, NIAC, NSTAC, presidential advisory committee, private sector, recommendations, town hall, United States, US Government, US military, US president, White House

Intelligence Community Sees Asia Rising

By Jim Garamone
American Forces Press Service

WASHINGTON, Feb. 15, 2009 – (This is the second in a three-part series on the intelligence community’s annual threat assessment.)

U.S. intelligence planners predict the 21st century will be the time for the rise of Asia, the director of national intelligence said Feb. 12.

Dennis C. Blair told the U.S. Senate Select Committee on Intelligence that “China and India are restoring positions they held in the 18th century when China produced approximately 30 percent and India 15 percent of the world’s wealth.”

While the current global economic crisis will slow growth in China and India, the two countries are likely to become the world’s third and fourth largest economies by 2025. China’s emergence as a world power is affecting the regional balance of power in Asia, Blair said in a prepared statement.

While the communist rulers of China have been successful in transforming the direction of the country, the government’s international behavior is driven by the need to maintain power. Leaders see their main missions as continuing prosperity and maintaining domestic stability, he said.

“Chinese leaders view preserving domestic stability as one of their most important internal security challenges,” Blair said.

Roughly 300 million Chinese have benefited from the current economic success, leaving 1 billion still in poverty.

Tibet and Taiwan remain problems internationally for the Chinese, but the election of a new government in Taiwan has tamped down tensions between the United States and the People’s Republic, Blair said.

From a military standpoint, China continues its modernization programs and operationally Chinese forces are prepared to move beyond the region, the admiral said. For example, a Chinese ship is cooperating with anti-pirate patrols in the Gulf of Aden, and Chinese troops may soon take part in United Nations peacekeeping operations.

On the equipment side, China continues to develop new, increasingly accurate missile capabilities that can reach U.S. forces throughout the region.

China is developing a robust anti-satellite capability, and Blair said this is among the nation’s highest military priorities. The Chinese also are modernizing their nuclear weapons capabilities.

Blair also spoke of India, which is harnessing the power of free markets after decades of trying to manage the economy.

“Like China, India’s expanding economy will lead New Delhi to pursue new trade partners, gain access to vital energy markets, and generate the other resources required to sustain rapid economic growth,” he said.

From a foreign policy and intelligence standpoint, relations with Pakistan dominate. The terror attack on Mumbai in November chilled relations between the two powers. Pakistan has vowed to crack down on extremists who used Pakistan to plan and train for the attack that crippled India’s major financial center and killed more than 130 people.

In Asia, North Korea is the odd-man out. In a region that reaped the benefits of economic growth, North Koreans are starving, and the government is pouring money into the military.

Blair said the U.S. intelligence community believes North Korea is operating a covert uranium enrichment program. While the country has nuclear weapons, Blair said he did not think North Korea would use them unless faced with a military defeat or loss of control.

North Korea continues to participate in the Six Party Talks — with South Korea, Japan, Russia, China and the United States — but progress is slow, Blair said. North Korea continues to proliferate nuclear weapons and missile technology, most notably to Iran and Syria.

“We remain concerned North Korea could again export nuclear technology,” he said.

Filed under: Analysis, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, Training, War , anti-satellite capability, Asia, China, Chinese forces, communism, Dennis Blair, DNI, global economic crisis, Gulf of Aden, India, Intelligence Community, intelligence planners, modernization programs, Mumbai, North Korea, nuclear weapons capabilities, Pakistan, starvation, Taiwan, threat assessment, Tibet, US Senate Select Committee on Intelligence

Economic Crisis Overlays all Threats Facing U.S., Intel Chief Says

By Jim Garamone
American Forces Press Service

WASHINGTON, Feb. 14, 2009 – (Editor’s note: This is the first in a three-part series on the intelligence community’s annual threat assessment.)

The global economic crisis colors all other threats confronting the United States, the new director of national intelligence told the U.S. Senate Select Committee on Intelligence on Feb. 12.

Dennis C. Blair said the crisis raises the level of uncertainty in the world and places new areas of the globe in danger. Analysts are trying to understand the geopolitical implications of the crisis.

“The crisis has been ongoing for about a year, and economists are divided over whether and when we could hit bottom,” Blair said in prepared testimony. “Time is probably our greatest threat. The longer it takes for recovery to begin, the greater the likelihood of serious damage to U.S. strategic interests.”

The longer the crisis continues, the more likely the risk of instability in many areas of the world including Latin America, Central Asia and Africa. “Statistical modeling shows that economic crises increase the risk of regime-threatening instability if they persist over a one- to two-year period,” he said.

The overlay of the crisis makes known threats — such as al-Qaida — even more dangerous, he said. Extremist Muslim groups retain the greatest capability to threaten the United States and its interests.

Still, there has been progress countering al-Qaida, in particular. Blair said the indiscriminate attacks on fellow Muslims in Iraq and North Africa have caused many moderate Muslims to condemn the group.

Al-Qaida remains a threat in Afghanistan and Pakistan. The group portrays itself as aiding Taliban insurgents who are fighting Western imperialism, Blair said.

In Pakistan’s tribal areas, the terror group lost many of its leaders in 2008, he said. While this has weakened the group in the area, the group in Pakistan remains the most dangerous and continues to plot against the United States and U.S. interests from havens in the region.

In Iraq, al-Qaida has been severely weakened, but still retains the ability to launch occasional attacks, he said.

The terror group is re-emerging in Yemen. A terror cell launched an attack on the U.S. embassy in Sanaa in September and has launched 19 attacks on Western targets in the country in 2008.

Blair forecasts more al-Qaida activity in East Africa, specifically in Kenya and Somalia.

Al-Qaida cells may grow in the United States, Blair said. “We remain concerned about the potential for homegrown extremists inspired by the al-Qaida militant ideology to plan attacks in the United States, Europe and elsewhere without operational direction from the group itself,” he said. U.S. agencies will focus on identifying ties between U.S.-based individuals and extremist networks overseas.

There are terror groups beyond al-Qaida. Hezbollah in Lebanon remains a dangerous terrorist foe, Blair said. The group could attack U.S. targets if it perceives the United States is threatening its survival, leadership or infrastructure. Due to the terror group’s sponsorship by Iran, should Hezbollah’s leaders think the United States is a threat to its benefactor, the terror group may launch attacks on U.S. interests in the Middle East.

Iran is at the heart of what Blair calls an “arc of instability” running from the Middle East to South Asia. Blair said Iran’s goal to be a regional power drives its efforts in Iraq, Lebanon, Syria, North Africa, the Persian Gulf and beyond. It also is at the heart of the Iranian drive to develop nuclear weapons, he said.

Filed under: Analysis, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Strategy, Technology, Terrorism, Training, War , al-Qaida, annual threat assessment, Dennis Blair, DNI, economic crisis, geopolitical, global economic crisis, Hezbollah, Intelligence Community, Iran, Lebanon, Middle East, South Asia, terrorists, United States, US Senate Select Committee on Intelligence

CSWW Recommends – IntelFusion

If you have even the slightest of interest in intelligence matters, particularly those pertaining to cyber warfare, you should plug Jeffrey Carr’s site IntelFusion into your RSS reader.

Some very exciting work is being done there regarding open source intelligence and some very exciting opportunities and anxious times are occurring for Mr. Carr.

CSWW wishes him the best of luck and success!

Filed under: Analysis, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, Training, War , cyber warfare, IntelFusion, intelligence matters, Jeffrey Carr, open source, Project Grey Goose, recommendations

The Highlighter: Securing Cyberspace for the 44th Presidency – Part III

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part III includes highlights of:

• Section 2 – Organizing for Cybersecurity
  

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

2
Organizing for Cybersecurity

Recommendations

The president should appoint an assistant for cyberspace and establish a Cybersecurity Directorate in the NSC that absorbs existing Homeland Security Council (HSC) functions.

A new National office for Cyberspace (NOC) would support the work of the assistant for cyberspace and the new directorate in the NSC. The president can create this office by merging the existing National Cyber Security Center (NSCS) and the Joint Inter-Agency Cyber Task Force (JIACTF). The assistant to the president for cyberspace would direct the NOC.

The central problems in the current federal organization for cybersecurity are lack of a strategic focus, overlapping missions, poor coordination and collaboration, and diffuse responsibility.

The Commission considered many options for how best to organize for cybersecurity. We grew to understand the importance of bridging across the federal agencies in order to leverage the knowledge to provide the best security for our nation.

We also recognize the importance of involving the private sector—the federal government cannot do this alone.

Our thinking on organization tracks with our finding that cybersecurity is now a central problem for national security. Our recommendation is to create a new “enterprise” governance model for cyberspace using the NSC, a collaborative network among the key agencies, and a new cyberspace office in the EOP.

We based our recommendations in part on the intelligence community’s experience in implementing the Intelligence Reform and Terrorist Prevention Act (IRTPA). IRTPA imposed a new, more collaborative structure on the intelligence community. It mandated a distributed “intelligence enterprise.” Congressional mandates, however, are not enough. It took a director of national intelligence (DNI) with the appropriate authorities to build collaboration.

What about the Department of Homeland Security?

One of the first tasks for the new administration will be to strengthen DHS.

DHS is not the agency to lead in a conflict with foreign intelligence agencies or militaries or even well-organized international cyber criminals.

Cybersecurity is no longer (if it ever was) a domestic issue. It is an issue of international security in which the primary actors are the intelligence and military forces of other nations.

Although the department’s performance has improved in recent years, our view is that any improvement to the nation’s cybersecurity must go outside of DHS to be effective. For that reason, we recommend that the White House, rather than any single agency, lead the new strategic and coordination functions required for cybersecurity.

Read the rest of this entry »

Filed under: The Highlighter , CNCI, commission, Comprehensive National Cyb, Comprehensive National Cybersecurity Initiative, CSIS, cyber security, cyber space, EOP, Executive Office of the President, Homeland Security Council, HSC, Intelligence Reform and Terrorist Prevention Act, IRTPA, JIACTF, Joint Inter-Ag, National Office for Cyberspace, NOC, NSC, organization, US president

GLOBAL TRENDS 2025: THE NATIONAL INTELLIGENCE COUNCIL’S 2025 PROJECT

From the Chairman of the National Intelligence Council

“Global Trends 2025: A Transformed World” is the fourth unclassified report prepared by the National Intelligence Council (NIC) in recent years that takes a long-term view of the future. It offers a fresh look at how key global trends might develop over the next 15 years to influence world events. Our report is not meant to be an exercise in prediction or crystal ball-gazing. Mindful that there are many possible “futures,” we offer a range of possibilities and potential discontinuities, as a way of opening our minds to developments we might otherwise miss.

Some of our preliminary assessments are highlighted below:

• The whole international system—as constructed following WWII—will be revolutionized. Not only will new players—Brazil, Russia, India and China— have a seat at the international high table, they will bring new stakes and rules of the game.
• The unprecedented transfer of wealth roughly from West to East now under way will continue for the foreseeable future.
• Unprecedented economic growth, coupled with 1.5 billion more people, will put pressure on resources—particularly energy, food, and water—raising the specter of scarcities emerging as demand outstrips supply.
• The potential for conflict will increase owing partly to political turbulence in parts of the greater Middle East.

As with the earlier NIC efforts—such as Mapping The Global Future 2020—the project’s primary goal is to provide US policymakers with a view of how world developments could evolve, identifying opportunities and potentially negative developments that might warrant policy action. We also hope this paper stimulates a broader discussion of value to educational and policy institutions at home and abroad.

Continue reading…

Filed under: Doctrine, government, Intelligence Community, Policy, Politics, Strategy , global trends, IC, Intelligence Community, National Intelligence Council, NIC

AFCEA Conference on Cyberspace and National Security

Wednesday, December 10, 2008
CSPAN.org

Homeland Security Sec. Michael Chertoff delivers one of the keynote speeches at a conference on Cyberspace and National Security. Other speakers include Deputy Sec. of Defense Gordon England; NSA’s Central Security Service head Army Lt. Gen. Keith Alexander; and Provisional Air Force Cyber Command head Maj. Gen. Bill Lord. The Armed Forces Communications and Electronics Assn. hosts this conference examining cybersecurity.

Watch the video…

Filed under: Business, cyber security, government, Intelligence Community, Military, News , AFCEA, Chertoff, conference, CSPAN, cyber space, DIRNSA, Gordon England, Homeland Security, keynote speech, National Security, NSA

The Highlighter: Securing Cyberspace for the 44th Presidency – Part II

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part II includes highlights of:

• Section 1 – Create a Comprehensive National Security Strategy for Cyberspace

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

1
Create a Comprehensive National Security Strategy for Cyberspace

The president should state as a fundamental principle that cyberspace is a vital asset for the nation and that the United States will protect it using all instruments of national power, in order to ensure national security, public safety, economic prosperity, and the delivery of critical services to the American public.

Our influence as a nation is at its lowest point in decades.

Years of underinvestment have weakened both government and our scientific establishment (and, in the case of government, scorn from those who sought to shrink it). The reputation of the United States has been badly tarnished, and our failure to defend cyberspace, despite huge informational losses, has encouraged our opponents to increase their attacks.

Strategies articulate goals and identify the means to achieve them. The United States has clear goals—to defend itself and its allies from threats and intimidation, increase openness to trade and to ideas, and expand the rule of law and democracy.

…we recommend a clear articulation of the importance of cyberspace of the nation.

To some extent expressing principles for cyberspace is more difficult than expressing a military doctrine designed to protect our physical territory.

Cyber attack joins terrorism and weapons of mass destruction (WMD) as one of the new, asymmetric threats that put the United States and its allies at risk.

A comprehensive cybersecurity strategy must engage all elements of U. S. power—economic, diplomatic, and law enforcement as well as military and intelligence.

As with the larger national security strategy, we identify four principal instruments—international engagement, military and defense actions, economic tools, and the coherent use of intelligence and law enforcement capabilities—to achieve this.

One model for the new approach, which we recommend for the next president, can be found in the U. S. experience with nonproliferation and WMD.

Read the rest of this entry »

Filed under: The Highlighter , asymmetric threats, China, CNCI, Comprehensive National Cybersecurity Initiative, Comprehensive National Security Strategy for Cyberspace, Council of Europe Convention on Cybercrime, critical services, CSIS, CSIS Commission, cyber crime, cyber security, cyber space, deterrence, economic policy, economic prosperity, escalation, G-8 Subgroup on High-Tech Crime, Intelligence Community, military doctrine, national power, National Security, national supply chain, offensive information warfare capabilities, public safety, symmetry, thresholds, United States, US Department of Justice, US president, weapons of mass destruction, WMD

VA settlement demonstrates just how costly lax security can be

By William Jackson
February 02, 2009
GCN

If you want another good reason to make sure your sensitive data is adequately locked down, look no farther than the Veterans Affairs Department, which last week agreed to pay $20 million to settle a class action lawsuit over the 2006 loss of a laptop containing records with personal information about up to 26.5 million veterans and active duty personnel.

That’s a lot of money, and it will be paid from taxpayers’ dollars, but VA got off lucky. The suit originally asked for $1,000 for each person whose data was exposed, which could have been more than $26 billion. That’s nearly enough to bail out a good-sized bank.

The settlement demonstrates that the repercussions of exposing data can be long-lasting and that the cost can go far beyond the immediate expense of cleaning up the breach. For companies it has long been known that negative publicity resulting from public notification of a data breach can quickly translate into millions of dollars of lost shareholder value as stock prices tumble. Agencies do not have to worry about stock prices, but the threat of other costs is real. The VA agreed to the settlement even though the department has said there is no evidence that the information on the stolen laptop was used or than any person involved was harmed by it.

Continue reading…

Filed under: cyber security, government, News , active duty personnel, class action lawsuit, cyber security, hackers, laptop, lax security, personal information, sensitive data, settlement, VA, Veterans Affairs

As NMCI ends, Navy shifts net strategy

By David Perera
Feb 04, 2009
Defense Systems

NGEN will break from the total outsource model

The Navy Marine Corps Intranet contract comes to an end September 2010. Although details about NMCI’s replacement remain unclear, the Navy has indicated that it will take a more active role in the ownership of its successor, the Next-Generation Enterprise Network (NGEN).

NMCI, the $9.9 billion information technology seat management contract awarded in 2000 to EDS — now a division of Hewlett-Packard — was a colossus even amid a decade’s worth of massive Defense Department outsourcing to the private sector.

With NMCI, the Navy gave EDS a mandate to supply IT services to 700,000 onshore users, mostly in the United States, governing the contract by measuring the contractor’s performance.

It was a hands-off approach, and the contractor shouldered the burden of rationalizing a continent’s worth of disparate networks and unequal technology maturity levels into a centralized whole.

But as information assurance and the threat of cyber warfare (see Page 14) become more prevalent concerns, the Navy’s NGEN program office is examining ways to improve the service’s control over the network. The Navy estimates it will have an acquisition strategy for NGEN no later than the early summer, and the service is still far from issuing implementation details.

Despite the ambiguity enshrouding NGEN, one sentiment is clear: NGEN won’t be an NMCI clone. NMCI’s results have been mixed, with user satisfaction levels rising in the last couple of years.

Bumper stickers declaring that “NMCI Sucks” don’t appear as popular as they once were, and blogs and forums detailing user unhappiness are quieter. At least, no one has recently repeated one blogger’s Nov. 30, 2006, assertion that NMCI is an al Qaeda plot to cripple the Navy.

Anonymous authors of the blog, “NMCIstinks.com,” grudgingly admit NMCI has improved. In an e-mail message, they wrote that the contract is now tolerable but added that “we are succeeding in spite of NMCI, not because of it.” In December 2006, the Government Accountability Office lambasted NMCI for having “yet to produce expected results,” and the contract has recently showed signs of aging awkwardly in an era of network-centric operations.

At the time of NMCI’s creation, the Navy thought it could separate commandand- control functions from administrative IT, said Patricia Tracey, an EDS vice president and retired Navy admiral who works on the company’s NGEN strategy.

That proved to be untrue as command-and-control messages increasingly depend on IT networks. The emergence of cybersecurity as a warfare domain also disproved that idea.

With the NMCI model, “we don’t have sufficient command and control of our shore networks,” said Rear Adm. David Simpson, director of Navy networks and deputy chief of Naval operations for communications networks.

“With NMCI, the operations relationship is through a program manager to the vendor, and that doesn’t provide the direct support and supporting relationships that commanders in the naval operations environment expect and deserve,” Simpson added.

As a result, the Navy is constructing a new acquisition approach that promises to give the government more operational control.

Even EDS officials say NMCI went too far in the direction of outsourcing.

Oversight is an inherently governmental function, Tracey said. “We believe that NMCI put some of that responsibility on the contractor that should have been retained on the Navy/Marine side,” she said.

A SEGMENT OF THE ACTION

During a Sept. 8, 2008, industry briefing, the Navy gave details about what it called a segmented approach to NGEN. The service identified eight self-contained functional areas of network management. The Navy won’t award a separate contract for each of the eight functions, but there’s no inherent reason why the hardware and software vendor must also provide help-desk services, Simpson said. “We are working through a process of determining if there is a smart grouping that would suggest a number of segments or a single segment covering all those functions. That trade space is still out there,” he added.

To date, the largest proposed division of functional areas into segments amounts to five separate contracts, Simpson said.

“Their segmentation strategy is pretty much aligned to the way in which industry is aligned,” Tracey said. It’s a way for the Navy to win back control over its networks and vendors, analysts said.

“They want to limit the number of years that these contracts are awarded for and also compete them among a larger number of contractors,” said Alex Rossini, a senior analyst of federal operations at market analysis firm Input.

Congressional dissatisfaction with private-sector companies taking a lead systems integration role in military projects would have caused the Navy to change its procurement approach anyway, said Alan Chvotkin, executive vice president of the Professional Services Council, a contractor association.

Reflecting unhappiness caused by delays in the Army Future Combat Systems effort, the 2008 Defense Authorization bill put a halt to deals whereby vendors oversee projects and decide what equipment the project needs — which is the way NCMI operates.

Segmentation is not without its challenges.

For one, the Navy lacks in-house staff to effectively be its own lead systems integrator, said Warren Suss, president of Suss Consulting, a consulting firm based in Jenkintown, Pa. “It’s going to need to bring in some pretty sophisticated skill areas that will allow the government to do what it used to outsource,” he said.

Also, the more segments it creates, the harder integration will become, Suss added.

The Navy should keep cybersecurity as an independently contracted function because the service would gain the benefit of an independent view on its network defense, Chvotkin said. But he also warned against too much segmentation. “The more hands you have in it, the greater the integration and coordination responsibilities,” he said.

“There are some things you can’t divide.” The Navy said it will apply a management framework called the Information Technology Infrastructure Library (ITIL) to keep the interfaces between functional areas well connected.

“We’ve spoken to chief information officers from several large corporations that have successfully balanced an insource/outsource segmentation and really believe that there’s an industry best practice out there,” Simpson said.

ITIL is a registered trademark of the United Kingdom’s Office of Government Commerce and has roots in management theories percolating for decades throughout the business world.

DOES PERFORMANCE BASED REALLY PERFORM?

Continue reading…

Filed under: Business, cyber security, Military, News , 2008 Defense Authorization Bill, acquisition strategy, Army Future Combat Systems, chief information officers, CIO, cyber warfare, EDS, GAO, Government Accountability Office, Information Technology Infrastructure Library (ITIL), IT, Navy Marine Corps Intranet, Next-Generation Enterprise Network, NGEN, NMCI, NMCIstinks.com, total outsource model, US Navy