Here Comes the CNCI and the Era of Proactive IT Security

By Stacey McDaniel

Although it has been overshadowed by the upcoming presidential elections and high fuel prices, and other national headlines since it was issued in January, the Comprehensive National Cybersecurity Initiative (CNCI) is quietly happening. Details of the CNCI are still fuzzy, but this much is clear: Agencies must step up and be more proactive about security -- by staying on top of the latest security threats and attack trends and being prepared to stop them before any damage is done.

A big request
The CNCI is no small initiative. In fact, it comprises the single largest request for funds in the fiscal 2009 intelligence budget. The Bush administration has made a 2009 Budget Request of $7.2 billion to support the CNCI. However, despite the big price tag, details of the CNCI continue to be shrouded in mystery.

This much is known: The CNCI is a multiagency, multiyear plan to reduce the vulnerability of federal computer networks and critical infrastructure and the consequences of attacks against these networks. It has been reported that the CNCI not only authorizes the National Security Agency to monitor federal computer networks but also requires that the number of points at which federal networks connect to the public Internet are dramatically reduced.

Looking for details
In May, Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Me., sent a letter to Michael Chertoff, secretary of homeland security, asking for more specific information about the CNCI and how it will be carried out. “We are concerned that the lack of information about the CNCI being provided to the public, other agencies and private entities that conduct business with the government might be creating confusion and concern about the initiative,” the letter states.

Causes for concern
The hefty CNCI price tag reflects the deep concerns of the Bush administration about the havoc that could be wreaked by cyber terrorists or unfriendly countries on America’s computer-dependent economy. According to most industry officials, those concerns aren’t unfounded. Just consider:

• On March 1, OMB reported that for FY07 there were 12,986 security incidents, more than doubling the number of incidents reported in FY06.
• Last year, cyber criminals disrupted the communications and computer-dependent infrastructure in Estonia.
• More than 20 countries have publicly documented cyber warfare programs and technologies.
• In late 2007, hackers successfully infiltrated the Oak Ridge National Laboratory and the Los Alamos National Laboratory.
• In 2007, an unidentified hacker broke into the email system of the office of the defense secretary, and the Pentagon shut down about 1,500 computers in response.
• In 2006, a State Department employee opened an infected email, prompting officials to cut off Internet access to the department’s East Asia and Pacific region.
• In 2002, British hacker Gary McKinnon was accused of penetrating at least 100 servers owned by the Defense Department, Navy, Army, Air Force and other government agencies. (McKinnon is making headlines again, as he is currently fighting extradition to the U.S.)

Just as with the private sector, cyber attacks on government networks are becoming more frequent, more targeted and more sophisticated. Now government officials appear ready to address the growing cyber security threat.

Taking a proactive stance
"It is no longer sufficient for the U.S. government to discover cyber intrusions in its networks, clean up the damage and take legal or political steps to deter further intrusions," Mike McConnell, Director of National Intelligence, stated in a February threat assessment. "We must take proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage."

Securing information assets from internal and external threats has become a highly complex IT function, demanding significant investment in expertise, systems infrastructure and oversight. Threats have become faster, more frequent and more dangerous -- and the expertise required to keep an agency protected is becoming harder to find.

With the threat landscape moving to more complex, targeted attacks from multiple vantage points, it is critical to have a clear global view of threat activity.

Conclusion
While the details of the CNCI continue to be worked out, there will be a big emphasis placed on strengthening the government’s security posture through more proactive measures.

 

Stacey McDaniel has been writing about high-tech issues for more than six years.