The Highlighter: Securing Cyberspace for the 44th Presidency – Part V

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part V includes highlights of:

• Section 4 – Regulate for Cybersecurity
  

——————————————————————————————————————————————
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
——————————————————————————————————————————————

The Highlights:

4
Regulate for Cybersecurity

Recommendations

• The president should task the NOC to work with appropriate regulatory agencies to develop and issue standards and guidance for securing critical cyber infrastructure, which those agencies would then apply in their own regulations.

• The NOC should work with the appropriate regulatory agencies and with the National Institute of Standards and Technology (NIST) to develop regulations for industrial control systems (ICS). The government could reinforce regulation by making the development of secure control systems an element of any economic stimulus package…
• The NOC should immediately determine the extent to which government-owned critical infrastructures are secure from cyber attack…
• The president should direct the NOC and the federal Chief Information Officers Council, working with industry, to develop and implement security guidelines for the procurement of IT products (with software as the first priority).
• The president should task the National Security Agency (NSA) and NIST, working with international partners, to reform the National Information Assurance Partnership (NIAP).
• The president should take steps to increase the use of secure Internet protocols. The president should direct OMB and the NOC to develop mandatory requirements for agencies to contract only with telecommunications carriers that use secure Internet protocols.

Read the rest of this entry »

Filed under: Analysis, Biography, Business, Doctrine, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Strategy, Technology, Terrorism, The Highlighter, Training, War, cyber security, cyber war, government , acquisition rules, Chief Information Officers Council, CSIS, cyber security, electric grid, energy, FDCC, federal acquisition, Federal Desktop Core Configuration, Federal Energy Regulatory Commission, Federal Power Act, FERC, finance, FISMA, government mandate, ICS, ICT, industrial control systems, information technology, internet protocols, IT, national defense, National Information Assurance Partnership, National Institute of Standards and Technology, National Security Agency, National Strategy to Secure Cyberspace, NERC, NIAP, NIST, NOC, North American Electric Reliability Corporation, NSA, OMB, regulate, regulation, SCADA, SEC, supervisory control and data acquisition, US Air Force, US president, Y2K

NSA Should Oversee Cybersecurity, Intel Chief Says

By Kim Zetter

February 26, 2009

Wired

Despite the fact that many Americans distrust the National Security Agency for its role in the Bush Administration’s warrantless wiretapping program, the agency should be entrusted with securing the nation’s telecommunications networks and other cyber infrastructures, President Obama’s director of national intelligence told Congress on Wednesday.

Director of National Intelligence Admiral Dennis Blair told the House intelligence committee (.pdf) that the NSA, rather than the Department of Homeland Security which currently oversees cybersecurity, has the smarts and the skills to secure cyberspace.

“The National Security Agency has the greatest repository of cyber talent,” Blair said. “[T]here are some wizards out there at Fort Meade who can do stuff.”

Blair added that “because of the offensive mission that they have, they’re the ones who know best about what’s coming back at us and it’s defenses against those sorts of things that we need to be able to build into wider and wider circles.”

He acknowledged that the agency had a trust handicap to overcome due to its role in the Bush Administration’s secret domestic spying program, and therefore asked Congress to help convince the public that it’s the right agency for the task.

“I think there is a great deal of distrust of the National Security Agency and the intelligence community in general playing a role outside of the very narrowly circumscribed role because of some of the history of the FISA issue in years past. . . . So I would like the help of people like you who have studied this closely and served on commissions, the leadership of the committee and finding a way that the American people will have confidence in the supervision, in the oversight of the role of NSA so that it can help protect these wider bodies. So, to me, that’s one of the keys things that we have to work on here in the next few months.”

Blair is not without support for his view. Paul Kurtz, who led the cybersecurity group on Obama’s transition team and was part of Bush’s White House National Security Council, recently told Forbes that he supports the NSA taking a prominent role in cybersecurity.

Continue reading…

Filed under: Biography, Business, Doctrine, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, The Highlighter, Training, War, cyber security, cyber war, government , Bush Administration, Congress, cyber security, Dennis Blair, DHS, DNI, domestic spying program, FISA, Fort Meade, George W. Bush, Homeland Security, IC, Intelligence Community, National Security Agency, National Security Council, NSA, NSC, Obama, offensive mission, Paul Kurtz, transition, transition team, US president, warrantless wiretapping program, White House

The Highlighter: Securing Cyberspace for the 44th Presidency – Part IV

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part IV includes highlights of:

• Section 3 – Rebuilding Partnership with the Private Sector
  

——————————————————————————————————————————————
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
——————————————————————————————————————————————

The Highlights:

3
Rebuilding Partnership with the Private Sector

Recommendation

The U.S. government should rebuild the public-private partnership on cybersecurity to focus on key infrastructures and coordinated preventive and responsive activities. We recommend the president direct the creation of three new groups for partnership that provide the bases for both trust and action:

• A presidential advisory committee organized under the Federal Advisory Committee Act (FACA), with senior representatives from the key cyber infrastructures. This new body would incorporate the National Security and Telecommunications Advisory Committee (NSTAC) and National Infrastructure Advisory Council (NIAC);

• A town hall style national stakeholders’ organization that provides a platform for education and discussion; and

• A new operational organization, the Center for Cybersecurity Operations (CCSO), where public- and private-sector entities can collaborate and share information on critical cybersecurity in a trusted environment.

Securing cyberspace requires government and the private sector to work together.

There is a bifurcation of responsibility (the government must protect national security) and control (it does not manage the asset or provide the function that must be protected).

…the United States has a perplexing array of advisory groups with overlapping interests, inadequate resources, varying capabilities, and a lack of clarity around roles and responsibilities. To achieve real partnership, we must simplify mission and organizational structure.

In many interviews, we found almost universal recognition that the status quo is not meeting the needs of either the government or the private sector with respect to trust and operational collaboration.

Another problem for securing cyberspace is a diffusion of effort. Currently DHS identifies 18 different sectors as critical.

For us, critical means that, if the function or service is disrupted, there is immediate and serious damage to key national functions such as U.S. military capabilities or economic performance.

To focus the defense of cyberspace, we have identified four critical cyber infrastructures: energy, finance, the converging information technology and communications sectors, and government services (including state and municipal governments).

We recommend concentrating on two key problems: how to build trust between the government and company executives and how to focus efforts on what is truly critical for cyberspace.

The primary goal of the new partnership organizations should be to build action-oriented relationships rather than to share information that is either already available or that companies are reluctant to provide. This can be done by creating a simplified structure that has three parts: a new presidential advisory committee that connects the White House to the private-sector entities most important for cyberspace; a national town-hall organization that provides a dialogue for education and discussion, and a new operational organization.

The intent behind the three groups is to provide an inclusive platform for national engagement, something the United States currently lacks.

Trust is the foundation of a successful partnership between government and the private sector.

Read the rest of this entry »

Filed under: Analysis, Business, Doctrine, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, The Highlighter, Training, War, cyber security, cyber war, government , CCSO, collaboration, convergence, converging technologies, CSIS, cyber security, cyber space, DHS, energy, FACA, finance, information technology, key infrastructures, National Security, NIAC, NSTAC, presidential advisory committee, private sector, recommendations, town hall, United States, US Government, US military, US president, White House

The Highlighter: Securing Cyberspace for the 44th Presidency – Part III

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part III includes highlights of:

• Section 2 – Organizing for Cybersecurity
  

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

2
Organizing for Cybersecurity

Recommendations

The president should appoint an assistant for cyberspace and establish a Cybersecurity Directorate in the NSC that absorbs existing Homeland Security Council (HSC) functions.

A new National office for Cyberspace (NOC) would support the work of the assistant for cyberspace and the new directorate in the NSC. The president can create this office by merging the existing National Cyber Security Center (NSCS) and the Joint Inter-Agency Cyber Task Force (JIACTF). The assistant to the president for cyberspace would direct the NOC.

The central problems in the current federal organization for cybersecurity are lack of a strategic focus, overlapping missions, poor coordination and collaboration, and diffuse responsibility.

The Commission considered many options for how best to organize for cybersecurity. We grew to understand the importance of bridging across the federal agencies in order to leverage the knowledge to provide the best security for our nation.

We also recognize the importance of involving the private sector—the federal government cannot do this alone.

Our thinking on organization tracks with our finding that cybersecurity is now a central problem for national security. Our recommendation is to create a new “enterprise” governance model for cyberspace using the NSC, a collaborative network among the key agencies, and a new cyberspace office in the EOP.

We based our recommendations in part on the intelligence community’s experience in implementing the Intelligence Reform and Terrorist Prevention Act (IRTPA). IRTPA imposed a new, more collaborative structure on the intelligence community. It mandated a distributed “intelligence enterprise.” Congressional mandates, however, are not enough. It took a director of national intelligence (DNI) with the appropriate authorities to build collaboration.

What about the Department of Homeland Security?

One of the first tasks for the new administration will be to strengthen DHS.

DHS is not the agency to lead in a conflict with foreign intelligence agencies or militaries or even well-organized international cyber criminals.

Cybersecurity is no longer (if it ever was) a domestic issue. It is an issue of international security in which the primary actors are the intelligence and military forces of other nations.

Although the department’s performance has improved in recent years, our view is that any improvement to the nation’s cybersecurity must go outside of DHS to be effective. For that reason, we recommend that the White House, rather than any single agency, lead the new strategic and coordination functions required for cybersecurity.

Read the rest of this entry »

Filed under: The Highlighter , CNCI, commission, Comprehensive National Cyb, Comprehensive National Cybersecurity Initiative, CSIS, cyber security, cyber space, EOP, Executive Office of the President, Homeland Security Council, HSC, Intelligence Reform and Terrorist Prevention Act, IRTPA, JIACTF, Joint Inter-Ag, National Office for Cyberspace, NOC, NSC, organization, US president

The Highlighter: Securing Cyberspace for the 44th Presidency – Part II

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part II includes highlights of:

• Section 1 – Create a Comprehensive National Security Strategy for Cyberspace

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

1
Create a Comprehensive National Security Strategy for Cyberspace

The president should state as a fundamental principle that cyberspace is a vital asset for the nation and that the United States will protect it using all instruments of national power, in order to ensure national security, public safety, economic prosperity, and the delivery of critical services to the American public.

Our influence as a nation is at its lowest point in decades.

Years of underinvestment have weakened both government and our scientific establishment (and, in the case of government, scorn from those who sought to shrink it). The reputation of the United States has been badly tarnished, and our failure to defend cyberspace, despite huge informational losses, has encouraged our opponents to increase their attacks.

Strategies articulate goals and identify the means to achieve them. The United States has clear goals—to defend itself and its allies from threats and intimidation, increase openness to trade and to ideas, and expand the rule of law and democracy.

…we recommend a clear articulation of the importance of cyberspace of the nation.

To some extent expressing principles for cyberspace is more difficult than expressing a military doctrine designed to protect our physical territory.

Cyber attack joins terrorism and weapons of mass destruction (WMD) as one of the new, asymmetric threats that put the United States and its allies at risk.

A comprehensive cybersecurity strategy must engage all elements of U. S. power—economic, diplomatic, and law enforcement as well as military and intelligence.

As with the larger national security strategy, we identify four principal instruments—international engagement, military and defense actions, economic tools, and the coherent use of intelligence and law enforcement capabilities—to achieve this.

One model for the new approach, which we recommend for the next president, can be found in the U. S. experience with nonproliferation and WMD.

Read the rest of this entry »

Filed under: The Highlighter , asymmetric threats, China, CNCI, Comprehensive National Cybersecurity Initiative, Comprehensive National Security Strategy for Cyberspace, Council of Europe Convention on Cybercrime, critical services, CSIS, CSIS Commission, cyber crime, cyber security, cyber space, deterrence, economic policy, economic prosperity, escalation, G-8 Subgroup on High-Tech Crime, Intelligence Community, military doctrine, national power, National Security, national supply chain, offensive information warfare capabilities, public safety, symmetry, thresholds, United States, US Department of Justice, US president, weapons of mass destruction, WMD

The Highlighter: Securing Cyberspace for the 44th Presidency – Part I

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part I includes highlights of the:

• Executive Summary

• Summary of Recommendations

• Introduction

————————————————————————————————–
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
————————————————————————————————–

The Highlights:

This report makes use of a broad definition of cyberspace that goes beyond the Internet to include all forms of networked, digital activities.

Executive Summary

(1) cybersecurity is now a major national security problem
(2) decisions and actions must respect privacy and civil liberties
(3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure

We were encouraged in our work by senior officials in the Department of Defense, the intelligence community, and other agencies who told us that cybersecurity was one of the greatest security challenges the United States faces in a new and more competitive international environment.

Major agencies play key roles set by presidential directives and coordinated by the White House.

We propose creating a new office for cyberspace in the Executive Office of the President. This office would combine existing entities and also work with the National Security Council in managing the many aspects of securing our national networks while protecting privacy and civil liberties.

Government must recast its relationship with the private sector as well as redesign the public-private partnership to promote better cybersecurity.

The Bush administration took a major step toward improving federal cybersecurity with its Comprehensive National Cybersecurity Initiative.

…we face a long-term challenge in cyberspace from foreign intelligence agencies and militaries, criminals, and others, and that losing this struggle will wreak serious damage on the economic health and national security of the United States.

Read the rest of this entry »

Filed under: Analysis, Doctrine, Policy, Politics, Strategy, The Highlighter, cyber security , CNCI, criminals, CSIS, cyber sapce, cyber security, cyber strategy, FACA, foreign intelligence, highlights, Internet, Military, NIAC, NIAP, NIST, NOC, NSA, NSC, NSTAC, US president