National Cyber Security Initiative will have a dozen parts

DHS official provides a glimpse at the components of the multi-billion-dollar effort.

President Bush's largely classified governmentwide cybersecurity initiative will have a dozen components designed to better protect computer networks and systems, and to improve information technology processes and policies, a Homeland Security Department official said on Thursday.

Comment on this article in The Forum.President Bush signed National Security Presidential Directive 54/Homeland Security Presidential Directive 23 - more commonly known as the Comprehensive National Cyber Security Initiative - in January, but few details have been made public. Work already is underway on some of the initiative's 12 components, said Steven Chabinsky, deputy director of the Joint Interagency Cyber Task Force, during a panel discussion at the Symantec Government Symposium.

"We had to do what no one likes to do - make a plan to make a plan," Chabinsky said. "Some [pieces of the initiative] fall under the category of 'You mean we're not already doing that?' These are not [all] eureka moments," but formalize processes for agencies to follow.

Some analysts estimate that it will cost as much as $40 billion to implement the cybersecurity plan.

The Trusted Internet Connections program is the most established piece of the initiative. The Office of Management and Budget developed the program in November 2007 with the goal of decreasing the number of connections from federal agencies to external computer networks to 100 or fewer. Agencies made a 39 percent reduction in the first four months of 2008, from more than 4,300 connections in January to 2,758 in May, according to OMB.

The idea is that the fewer connections agencies have, the easier it will be to monitor them and detect security incidents. TIC requires agencies to use the Einstein system to monitor the connections. The automated system, developed by DHS, collects computer security information and then sends it to the U.S. Computer Emergency Readiness Team.

"Einstein is not optional - it's mandatory for anyone [managing] an access point," said Karen Evans, OMB's administrator for e-government and information technology. "If someone is not [properly] managing a connection, DHS has the authority to shut it down." In those cases, she said, network activities will automatically switch over to another connection, so that operations won't be affected.

Chabinsky offered fewer specifics about the other 11 components, which are aimed at making improvements in the following areas:

• Intrusion detection

• Intrusion prevention

• Research and development

• Situational awareness, specifically through the National Cyber Security Center, which will coordinate information from all agencies to help secure cyber networks and systems and foster collaboration

• Cyber counter intelligence

• Classified network security

• Cyber education and training

• Implementation of information security technologies

• Deterrence strategies

• Global supply chain security

• Public/private collaboration

DHS has started to improve collaboration with the private sector, dubbed "Project 12."Department officials have met with executives from the banking, telecommunications and energy industries, among others.

"We want to establish a baseline [of best practices in information security]; what some crudely call, ''stopping the bleeding,'" Chabinsky said.

The 12 projects will allow the federal government to take a broad view of cybersecurity. Traffic sensors, for example, will eventually be implemented in all agencies to detect malicious software and alert DHS to security breaches in real time.

"Initially, [the cybersecurity division] will determine that the [Comprehensive National Cyber Security Initiative] is being fully and successfully executed by measuring the percent of planned Einstein sensors deployed on time throughout the federal government," DHS Secretary Michael Chertoff wrote in a July 18 response to inquiries from the Senate Homeland Security and Governmental Affairs Committee. The committee, which requested clarification about procurement and staffing, private industry involvement, and the classified status of the initiative, released the responses on Thursday. Much of the content was deemed classified and therefore blacked out.

Full implementation of sensors, Chertoff wrote, would provide visibility throughout the federal cyberspace. "The sensors will provide more comprehensive situational awareness information to help us better understand the current environment and identify vulnerabilities, risks, and mitigation actions," he wrote.