Comprehensive National Cybersecurity Initiative

Last updated

The Comprehensive National Cybersecurity Initiative (CNCI) outlines U.S. cybersecurity goals across multiple agencies including the Department of Homeland Security, the Office of Management and Budget, and the National Security Agency. The initiative was established by President George W. Bush in January 2008 in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23). [1] [2]

Contents

Details

Utah Data Center, Bluffdale, Utah. Utah Data Center Panorama (cropped).jpg
Utah Data Center, Bluffdale, Utah.

During 2008, the initial signing of the initiative and hearings about the initiative was kept classified. [3] However, in March 2010, the Obama administration declassified limited material about the project. [4]

The goals of the initiative include: establishing a front line of defense against network intrusion; defending the U.S. against the full spectrum of threats through counterintelligence; and strengthening the future cybersecurity environment through education, coordination and research. [5]

The main actions of the CNCI are: [6]

On January 6, 2011, the National Security Agency (NSA) began building the first of a series of data centers pursuant to the program. [7] [8] The $1.5 billion Community Comprehensive National Cybersecurity Initiative Data Center, also known as the Utah Data Center, is located at Camp Williams, Utah. [9]

See also

Notes

  1. "National Security Presidential Directives [NSPD] George W. Bush Administration". Federation of American Scientists. Retrieved 7 January 2011.
  2. "Computer Network Security & Privacy Protection" (PDF). Department of Homeland Security. Retrieved 7 January 2011.
  3. "Hearing on NSPD-54/HSPD-23 and the Comprehensive National Cyber Security Initiative". Senate.gov. Retrieved 7 January 2011.
  4. Vijayan, Jaikumar (2 March 2010). "Obama administration partially lifts secrecy on classified cybersecurity project". Computerworld. Retrieved 7 January 2011.
  5. "The Comprehensive National Cybersecurity Initiative". whitehouse.gov . Retrieved 7 January 2011 via National Archives.
  6. "Archived copy" (PDF). Archived from the original (PDF) on 2017-02-02. Retrieved 2017-01-28.{{cite web}}: CS1 maint: archived copy as title (link)
  7. LaPlante, Matthew D. (July 2, 2009). "New NSA center unveiled in budget documents". Salt Lake Tribune. MediaNews Group. Retrieved 2009-07-05.
  8. LaPlante, Matthew D. (July 2, 2009). "Spies like us: NSA to build huge facility in Utah". Salt Lake Tribune. MediaNews Group. Retrieved 2009-07-05.
  9. Fidel, Steve. "Utah's $1.5 billion cyber-security center under way". Deseret News. Retrieved 6 January 2011.

Related Research Articles

<span class="mw-page-title-main">Bluffdale, Utah</span> City in Utah, United States

Bluffdale is a city in Salt Lake and Utah counties in the U.S. state of Utah, located about 20 miles (32 km) south of Salt Lake City. As of the 2020 census, the city population was 17,014.

<span class="mw-page-title-main">National security directive</span> Instruction the President of the United States sends to defense and intelligence advisers

National security directives are presidential directives issued for the National Security Council (NSC). Starting with Harry Truman, every president since the founding of the National Security Council in 1947 has issued national security directives in one form or another, which have involved foreign, military and domestic policies. National security directives are generally highly classified and are available to the public only after "a great many years" have elapsed. Unlike executive orders, national security directives are usually directed only to the National Security Council and the most senior executive branch officials, and embody foreign and military policy-making guidance rather than specific instructions.

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.

The National Security and Homeland Security Presidential Directive, signed by President of the United States George W. Bush on May 4, 2007, is a Presidential Directive establishing a comprehensive policy on the federal government structures and operations in the event of a "catastrophic emergency". Such an emergency is defined as "any incident, regardless of location, that results in extraordinary levels of mass casualties, damage, or disruption severely affecting the U.S. population, infrastructure, environment, economy, or government functions."

EINSTEIN was originally an intrusion detection system that monitors the network gateways of government departments and agencies in the United States for unauthorized traffic. The software was developed by the United States Computer Emergency Readiness Team (US-CERT), which is the operational arm of the National Cyber Security Division (NCSD) of the United States Department of Homeland Security (DHS). The program was originally developed to provide "situational awareness" for the civilian agencies. While the first version examined network traffic and subsequent versions examined content, the current version of EINSTEIN is significantly more advanced.

<span class="mw-page-title-main">Camp Williams</span> Military base south of Bluffdale, Utah

Camp W. G. Williams, commonly known as Camp Williams, also known as Army Garrison Camp Williams, is a National Guard training site operated by the Utah National Guard. It is located south of Bluffdale, west of Lehi, and north of Saratoga Springs and Cedar Fort, approximately 25 miles (40 km) south of Salt Lake City, straddling the border between Salt Lake County and Utah County in the western portion of the Traverse Mountains. Camp Williams is also home to the Non-Commissioned Officer's Basic Leader Course, which is taught to Active, National Guard, and Reserve components.

Melissa Hathaway is a leading expert in cyberspace policy and cybersecurity. She served under two U.S. presidential administrations from 2007 to 2009, including more than 8 months at the White House, spearheading the Cyberspace Policy Review for President Barack Obama after leading the Comprehensive National Cybersecurity Initiative (CNCI) for President George W. Bush. She is President of Hathaway Global Strategies LLC, a Senior Fellow and member of the Board of Regents at Potomac Institute for Policy Studies, a Distinguished Fellow at the Centre for International Governance Innovation in Canada, and a non-resident Research Fellow at the Kosciuszko Institute in Poland. She was previously a Senior Adviser at Harvard Kennedy School's Belfer Center.

<span class="mw-page-title-main">Department of Defense Cyber Crime Center</span>

The Department of Defense Cyber Crime Center (DC3) is designated as a Federal Cyber Center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23, as a Department of Defense (DoD) Center Of Excellence for Digital and Multimedia (D/MM) forensics by DoD Directive 5505.13E, and serves as the operational focal point for the Defense Industrial Base (DIB) Cybersecurity program. DC3 operates as a Field Operating Agency (FOA) under the Inspector General of the Department of the Air Force.

Homeland Security Presidential Directive (HSPD)-8, National Preparedness, describes the way United States Federal agencies will prepare for an incident. It requires Department of Homeland Security to coordinate with other Federal agencies and with State, local, and Tribal governments to develop a National Preparedness Goal with Emergency management. Congressional laws enacted, following the wake of 9/11, which resulted in new developments in the way security was assessed and addressed in the United States, to prevent and respond to threatened or actual domestic terrorist attacks, disasters, and other emergencies by requiring a national domestic all-hazards preparedness goal. HSPD 5, HSPD-7, HSPD-8, and HSPD-8 Annex 1 are directives that deal with the preparedness goals.

<span class="mw-page-title-main">Gordon M. Snow</span>

Gordon M. Snow was an Assistant Director of the FBI over the Cyber Division through 2012, the FBI Director of Counterintelligence for the Middle East in 2001, and currently directs Global Security Operations for Cleveland Clinic.

<span class="mw-page-title-main">Utah Data Center</span> NSA data storage facility

The Utah Data Center (UDC), also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is designed to store data estimated to be on the order of exabytes or larger. Its purpose is to support the Comprehensive National Cybersecurity Initiative (CNCI), though its precise mission is classified. The National Security Agency (NSA) leads operations at the facility as the executive agent for the Director of National Intelligence. It is located at Camp Williams near Bluffdale, Utah, between Utah Lake and Great Salt Lake and was completed in May 2014 at a cost of $1.5 billion.

<span class="mw-page-title-main">Lisa Monaco</span> American lawyer

Lisa Oudens Monaco is an American attorney, former federal prosecutor and national security official who has served as the 39th deputy attorney general of the United States since April 2021.

Presidential Policy Directive 20 (PPD-20), provides a framework for U.S. cybersecurity by establishing principles and processes. Signed by President Barack Obama in October 2012, this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.

The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), also known as the New Jersey Office of Homeland Security and Preparedness' (NJOHSP) Division of Cybersecurity, is the first American state-level information sharing and analysis organization in the United States that exchanges cyber threat intelligence and conducts incident response for governments, businesses, and citizens in New Jersey. Located at NJ’s Regional Operations and Intelligence Center (ROIC), and acting in a cyber fusion center capacity the NJCCIC is composed of staff from NJOHSP, the NJ Office of Information Technology, and the NJ State Police. The NJCCIC's nomenclature is derived from its federal counterpart, the National Cybersecurity and Communications Integration Center, which encompasses the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT).

A presidential directive, or executive action, is a written or oral instruction or declaration issued by the president of the United States, which may draw upon the powers vested in the president by the U.S. Constitution, statutory law, or, in certain cases, congressional and judicial acquiescence. Such directives, which have been issued since the earliest days of the federal government, have become known by various names, and some have prescribed forms and purposes. Presidential directives remain in effect until they are revoked, which the president is free to do. The classification of presidential directives is not easily done, as the distinction between the types can be quite arbitrary, arising from convenience and bureaucratic evolution, and none are defined in the Constitution. Furthermore, the different types may overlap. As one legal scholar put it: "it is a bit misleading to overclassify presidential directives as comprising separate and distinct 'types' just because they have different headings at the top of the first page." In terms of legal applicability, what matters is the substance of the directive, not the form, unless a certain kind of directive is specifically required by relevant statute.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

<span class="mw-page-title-main">National Initiative for Cybersecurity Education</span> American government program for cybersecurity education

The National Initiative for Cybersecurity Education (NICE) is a partnership between government, academia, and the private sector focused supporting the country's ability to address current and future cybersecurity education and workforce challenges through standards and best practices. NICE is led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security (DHS) that is responsible for strengthening cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers. Its activities are a continuation of the National Protection and Programs Directorate (NPPD), and was established on November 16, 2018, when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.