SAN FRANCISCO - His speech centered around mutual efforts to secure data and systems, but White House Internet security adviser Howard A. Schmidt's biggest tidbit was a data revelation: he told attendees of the RSA Conference that the Obama administration would declassify the Comprehensive National Cybersecurity Initiative (CNCI).
The CNCI is a national plan to secure public and private sector computer networks first formulated under the Bush administration in early 2008. The plan, formally known as National Security Presidential Directive 54, or NSPD54, has remained classified, though members of both the Bush and Obama administrations have dropped hints as to its contents.
But now, the kimono is totally opened. "I'm pleased to announce that the administration has updated the classification guidance for the Comprehensive National Cybersecurity Initiative, or CNCI, which began in 2008 and forms an important component in our cybersecurity efforts within the federal government," said Schmidt in the last of five RSA keynotes Tuesday.
1) Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections.
2) Deploy an intrusion detection system of sensors across the Federal enterprise.
3) Pursue deployment of intrusion prevention systems across the Federal enterprise.
4) Coordinate and redirect research and development (R&D) efforts.
5) Connect current cyber ops centers to enhance situational awareness.
6) Develop and implement a government-wide cyber counterintelligence (CI) plan.
7) Increase the security of our classified networks.
8) Expand cyber education.
9) Define and develop enduring "leap-ahead" technology, strategies, and programs.
10) Define and develop enduring deterrence strategies and programs.
11) Develop a multi-pronged approach for global supply chain risk management.
12) Define the Federal role for extending cybersecurity into critical infrastructure domains.
Schmidt said it was part of an effort toward "working across all aspects of government to create a harmonized sense of security. We work with all departments to make sure we do what we need to, to be fast and efficient."
The need for built-in security at the start
Building secure systems, he said, requires thinking about cybersecurity in everything they do and not "bolting it on" later. When discussing the next generation of an application, software, or network, there needs to be a discussion about building security into it from the start, he said.
"We're not going to beat our adversaries because they get weak. They are strong, we know they're strong. We will beat them because we are stronger," said Schmidt.
He added "we can only do our part to strengthen cyberspace and that's what we're asking you all to do."