Obama to update Bush-era cybersecurity directive

The Obama administration is working on an update to a classified presidential directive signed during the George W. Bush administration that guides the government’s overall cybersecurity efforts.

The White House’s National Security Staff is developing the update to the directive that established the Comprehensive National Cybersecurity Initiative (CNCI), according to a document released July 14. The resulting changes to the government’s national strategy will incorporate aspects of the President Barack Obama’s Comprehensive Cyberspace Policy Review, released in May 2009, the document said.

The administration described plans to update the directive in a document it released to highlight progress it said has been made since the release of that review during a speech by Obama on cybersecurity. The Obama administration released an unclassified outline of the CNCI earlier this year. The actual Bush-era directive remains a government secret.

“Since the president’s speech last year and the release of the President’s Cyberspace Policy Review, the administration has taken concrete steps to make cyberspace more secure,” White House Cybersecurity Coordinator Howard Schmidt said in a post on the White House blog.

Schmidt said that since the review was released:

• The administration has released for public comment a plan for secure, voluntary, privacy-enhancing credentials for authenticating identities in cyberspace more securely
• The Homeland Security Department has been developing a National Cyber Incident Response Plan to ensure that there is a coordinated national response to a significant cyber incident
• The administration has released new performance metrics for agencies under the Federal Information Management Security Act (FISMA) for more continuous monitoring of security and
• Obama has appointed a cybersecurity coordinator and a privacy and civil liberties official, and the administration has released documents outlining cybersecurity initiatives to ensure greater transparency.

Obama, Schmidt, Homeland Security Secretary Janet Napolitano and Commerce Secretary Gary Locke met with interested parties from industry, state and local governments, academia and privacy and civil liberties groups in Washington on July 14 to discuss cybersecurity. The event was not open to the press.