We are increasingly discovering in the press snippets of the “largely classified government-wide cybersecurity initiative.” This is the commonly used title of the National Security Presidential Directive 54/ Homeland Security Presidential Directive 23, which President Bush signed into law in January 2008 … see the August 1, 2008 article in NextGov at www.nextgov.com/nextgov/ng_20080801_9053.php
Specifics are hard to come by, since much of the directive is classified. However, the NextGov article reports that Steven Chabinsky, deputy director of the Joint Interagency Task Force is reported to have stated that the initiative, which some estimate will cost $30-40 billion over seven years, comprises eleven components in the following areas:
- Intrusion detection
- Intrusion prevention
- Research and development
- Situational awareness
- Cyber counter intelligence
- Classified network security
- Cyber education and training
- Implementation of information security technologies
- Deterrence strategies
- Global supply chain security
- Public/private collaboration
When I read about the initiative and the areas that it will cover, one question comes to mind, namely “Where have we been for the past decade?” In May 1998, President Clinton issued Presidential Decision Direction 63 on Critical Infrastructure Protection. It mandated that, by May 2003, the nation’s critical infrastructure would be protected against all known threats and attacks, including cyber attacks. The CNCI appears to have a seven-year time frame. So a most distressing aspect of this revelation is that appears that we have lost about a dozen years and will likely be spending many times what the original cost might have been ten years ago to achieve the same end
The other aspect, which I find particularly galling, is that many of the issues to be addressed in the CNCI have been raised many times by many others, including me in my November 2001 testimony before Congress.
On the positive side, the ball has started rolling again. Let us hope and pray that the initiative is not delayed by even more years because of the transition to a new Administration, as happened the last time around. This initiative is too important to our national security for us to go through another not-invented-here delay as we saw happen eight years ago. The protection of our critical infrastructure and our secrets against cyber attacks must be a national priority and receive the attention by the new Administration that it deserves and must have. Those unaware of history are bound to repeat its mistakes. Now that you have been made aware, please don’t let it happen again.