Agencies discuss new cyber security plan

Senior government officials yesterday discussed details of the Bush administration's largely classified, multibillion-dollar national cyber security initiative, emphasizing the private sector's role in those efforts.

Officials from the Homeland Security Department, the Office of the Director of National Intelligence (ODNI), the White House and other agencies involved in the governmentwide effort to secure cyberspace told an industry group yesterday about counterintelligence, supply chain security and research and development portions of the plan. Disclosures thus far about the National Cyber Security Initiative have largely been limited to information regarding the government's effort to improve the security of the .gov network.

Paul Schneider, DHS' deputy secretary, said the initiative has three focus areas: establishing the front lines of defense against cyber attacks and reducing current vulnerabilities, defending against a full spectrum of threats by using intelligence, and shaping the future through research and investment in new technologies.

"In research and development we will be spending a significant amount of resources in the private sector and that's because that's where the technology's going to come from," he said at an Information Technology Association of America event.

Schneider said industry should be aware the government's first focus is to make sure that its networks are protected. He pointed to efforts to reduce the external points of access to government networks from several thousand to less than one hundred. The new version of DHS' intrusion detection system for the civilian government domain ? EINSTEIN II ? will take intrusion detection to the next level, he said.

Officials also emphasized the need to enhance communications with the private sector.

"We don't own the nation's information technology networks or communications infrastructure," said Schneider. ""What we are faced with is the absolute need for a very unique partnership in order to defend this network."

Melissa Hathaway, senior adviser and cyber coordination executive at ODNI, said officials are looking at possible changes in the federal acquisition regulation and defense acquisition regulations to ensure the government is buying appropriately.

"We see [cyber threats] as a growing economic and national security crisis that cannot wait any longer to be addressed," she said.

Hathaway said threats come from several areas that include the malicious or unintentional creation of vulnerabilities by insiders, the interception of data, the unauthorized access of information through remote means, attacks against control systems and supply chain vulnerabilities.

Hathaway said there are more than 100 countries with the capability to do this type of targeting and terrorist groups have also expressed the desire to use cyber attacks to target infrastructure.

Officials also said that the plan was also to improve the nation's counterintelligence capabilities in the cyber arena.

Neill Sciarrone, special assistant to the president and senior director for cyber security and information-sharing policy for the White House's Homeland Security Council, said officials are also developing a "robust intrusion prevention system" to stop attacks before they penetrate the networks.

Hathaway said ODNI reports quarterly to the president and the Office of Management and Budget on the initiative's progress and officials have created more than 80 metrics to judge the initiative's progress. She also said an interagency group has briefed Congress more than 150 times on the initiative and that it was one of ODNI's top two priorities as it planned for the change in administrations.

Ben Bain writes for Federal Computer Week, an 1105 Government Information Group publication.