|
Monday, December 08, 2008
The CSIS commission’s report, “Securing Cyberspace for the 44th Presidency” was released today. The CSIS Report is a must read for everyone in Cyber Security. This affects all of us! This is one of the few documents that exist today that outline the necessary actions in order to improve cybersecurity on a national scale. I’m not advocating its the best possible strategy, just that it is one of the few that exists to this scale, and is published. Whether it is comprehensive enough, and/or feasible is where the discussion begins. This post is just a quick summary of my first pass on the document. More to follow as time allows. The Three Major Findings presented in the Executive Summary: NOTE: I think it is critical to note that the Commission takes the time to note that the critical elements to this national strategy must include: Diplomatic, Intelligence, Military, Economic, and Law Enforcement! Forgetting the legal and enforcement aspects of this strategy would have been a fatal flaw. I’m thrilled to see those aspects get specific attention! The high-level sections are dedicated to describing the commissions recommendations are: Creating the Comprehensive Strategy, Organizing around that Strategy, Modernizing Legal Authority. There is also some basic thoughts around partnering with the Private Sector, and more tactical issues such as Secure Infrastrucutre/SCADA, Revising Acquisition, Manage Identities (HSPD-12 and beyond), Revisions for FISMA, Training, R&D that are also described later in the document. I’m not going to review all of them in this post. Time permitting I may break them down over the next few weeks though. Organization: At a high level, the recommendation breaks down like this: The National Security Council (NSC) working with a new office in the Executive Office of the President (EOP) called the National Office for Cyberspace (NOC). This new office would work with other relevant agencies to create a comprehensive national strategy. The recommendation was that this new office could be created by merging National Cyber Security Center (NCSC) and the Joint Inter-Agency Cyber Task Force (JIACTF). Interestingly, this recommendation also allowed the existing agencies to keep responsibility for current operational activities (such as the DHS US-CERT), under the direction of the NSC and the new EOP cyberspace office. They didn’t get into specifics on how DoD, NSA, DHS, etc would play together - or at least I haven’t comprehended that out of the report yet. I also mentioned, briefly, that there was some talk about partnership with the private sector. Specifically they mentioned the creation of a couple of councils: Personally, I think this is an area we can get much more out of. I don’t think I want the “Private” sector representation to be limited to the Telecom’s. IMHO, this objective needs to broaden significantly for this effort to take flight. There are a lot of great ideas presented in this document. The authors, contributors, reviewers all did a great job of identifying some of the biggest obstacles the government faces in Cyber Security, and at least there is one plan out there to talk through. Hopefully, we will see change in the not so distant future! References: Recent Write-Up’s summarizing the Commissions Report:
Page 1 of 1 pages
|
|