Obama's cybersecurity chief opens CNCI 'Einstein 3' kimono

Howard Schmidt has unveiled more details of the Comprehensive National Cybersecurity Initiative (CNCI). President Barack Obama's cybersecurity honcho announced that the Einstein 3 program has now been at least partially declassified. In IT Blogwatch, bloggers worry for their privacy.

By Richi Jennings. March 3, 2010.

Your humble blogwatcher selected these bloggy morsels for your enjoyment. Not to mention 100 Dollars 50 Conversations...     Siobhan Gorman:

It was an open secret that the [NSA] was bolstering a ... program to detect and respond to cyber attacks on government systems, but a summary of that program declassified Tuesday provides more details of NSA’s role in a Homeland program known as Einstein. ... The program is designed to look for indicators of cyber attacks by digging into all Internet communications, including the contents of emails, according to the declassified summary.


Declassifying details of the NSA’s role, in a program initially developed during the Bush administration ... will likely ignite new debates over privacy. ... The White House’s new cyber-security chief, Howard Schmidt, announced the move to declassify the program in a speech at the RSA conference in San Francisco. ... He said addressing potential privacy concerns was one of the ten initial steps he planned to take. “We’re really paying attention, and we get it,” he said.

Howard A. Schmidt is the horse's mouth:

Today in my keynote speech ... I discussed two themes that are vital to our nation’s cybersecurity efforts: partnerships and transparency. ... You cannot have one without the other. ... [So] I was pleased to announce today that the Obama Administration has revised the classification guidance for the Comprehensive National Cybersecurity Initiative (or CNCI).


Transparency is particularly vital ... there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity. ... We will not defeat our cyber adversaries because they are weakening, we will defeat them by becoming collectively stronger, through stronger technology, a stronger cadre of security professionals, and stronger partnerships.

Eric Chabrow unpicks the story:

I ran into Melissa Hathaway, and asked her what she thought about declassifying portions of the CNCI. Hathaway had been intimately involved with CNCI, first as a Bush administration national security senior staffer - CNCI is a result of a directive issued by President Bush - and then as the official who led President Obama's 60-day cybersecurity policy review last year.


Hathaway said the declassified summary included new information on Initiative No. 3 - Einstein 3 ... which has attracted many questions from Congress and the private sector. ... The fact that the administration is being more transparent about what was a fairly secretive program provides the public a stake in CNCI and other government IT security programs. ... Safeguarding our digital assets won't succeed without cooperation of all stakeholders, and letting the public know about these initiatives is a crucial step toward protecting our IT systems.

Alejandro Martinez-Cabrera chronicles the disclosure:

The documents offer general descriptions of the plan's 12 initiatives ... [and] discuss the need for a way for the private and public sector to share information regarding the protection of the nation's critical infrastructure. ... Privacy advocates have ... raised concerns. ... President Obama promised last year that he would appoint someone to ensure the plan is carried out without violating civil liberties.


Other priorities Schmidt outlined were:

  • Updating the nation's cyber-security strategy ...
  • Revising federal security compliance standards ...
  • Improving security awareness and coordination among federal agencies.
  • Improving the country's cyber-response plan ...
  • Addressing the need for an international cyber-security policy.

Kim Zetter :

Civil libertarians criticized the Bush administration for failing to disclose the contents of the plan or allowing independent oversight of its implementation. ... Obama said last May that he planned ... to ensure that the ... cybersecurity plan doesn’t violate privacy and civil liberties and insisted that the government’s plan would not include spying on the public.


What may be the most controversial part of the declassified plan is a discussion of a need for the government to define its role in protecting ... the electrical grid, telecommunication networks, internet service providers, the banking and financial industry. ... Additionally, the plan calls for a strategy to increase the security of classified networks and to develop and implement a government-wide cybercounterintelligence ... plan, but provides little detail about what that would involve.

So what's your take?
Get involved: leave a comment.

And finally...

Richi Jennings, your humble blogwatcher
  Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, he is also an analyst at Ferris Research. You can follow him as @richi on Twitter, or richij on FriendFeed, pretend to be richij's friend on Facebook, or just use good old email: itblogwatch@richij.com.

Don't miss out on IT Blogwatch:

Copyright © 2010 IDG Communications, Inc.

Shop Tech Products at Amazon