White House declassifies parts of US cybersecurity plan

On Tuesday, the White House declassified cybersecurity somewhat when cybersecurity czar Howard Schmidt pulled back the curtain, at least a bit, on the Bush administration’s secretive plan to defend the nation’s computer networks.

At the RSA Conference, a security industry event, in San Francisco Tuesday, Mr. Schmidt announced that the Obama administration was partially declassifying the 2008 Comprehensive National Cybersecurity Initiative (CNCI) in the name of transparency.

“Transparency is particularly vital in areas, such as the CNCI, where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity,” said Schmidt in a statement posted on the White House blog.

The declassified portion of the CNCI includes descriptions of 12 broad initiatives of the CNCI, but few details.

According to the Wired Threat Level blog, “the most most controversial part of the declassified plan is a discussion of a need for the government to define its role in protecting private critical infrastructure networks” such as telecoms, the electric grid, Internet providers, and banking networks.

“The Department of Homeland Security and its private-sector partners have developed a plan of shared action” in an effort to confront the threats facing nongovernment computer networks, according to the declassified plan.

The document largely focuses on efforts to secure the federal government’s vast computer networks with the use of its Einstein system to detect unauthorized attempts to access government computers.

“There's not much in the way of details,” wrote CNET, “but those that are included are likely to raise questions about the role of the National Security Agency in network surveillance,” which worries many civil libertarians.

President Obama, who has made cybersecurity a priority, has said that his administration’s cybersecurity plans will not include “monitoring of private sector networks or Internet traffic.”

The Electronic Privacy Information Center (EPIC), which filed suit against the government for the full text of the CNCI, said it was pleased the description was released, but still wants to see the full document. Marc Rotenberg, EPIC executive director, told the Associated Press that he would like to see the “privacy safeguards” the government has in place when assessing cyber threats.

Schmidt (who the Monitor wrote about here) said he hopes the release of the document will answer some of those privacy concerns and lead to stronger partnerships with the private sector in fighting the growing threat of cyber attacks. "Transparency improves our collective knowledge," he said, "and helps bind our partnerships together to form the most powerful cyber tools that we have."