FAS

White House Offers Glimpse of Cybersecurity Program

03.03.10 | 3 min read | Text by Steven Aftergood

The White House yesterday released a newly declassified description (pdf) of the Comprehensive National Cybersecurity Initiative (CNCI), a highly classified program that is intended to protect U.S. government computer networks against intrusion and disruption.

The cybersecurity initiative was established in January 2008 by President Bush’s classified National Security Presidential Directive (NSPD) 54, and quickly became controversial in part because of the intense secrecy surrounding it.

“Virtually everything about the initiative is highly classified,” the Senate Armed Services Committee complained in 2008, “and most of the information that is not classified is categorized as ‘For Official Use Only’.  These restrictions preclude public education, awareness and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties…. The Committee strongly urges the [Bush] Administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative.”  No such reconsideration was forthcoming until now.

Concerns about overclassification were also expressed by the National Academy of Sciences in a 2009 report, which called for “a broad, unclassified national debate and discussion about cyber-attack policy,” and argued that “secrecy even about broad policy issues serves mostly to inhibit necessary discussion about them.”

The Comprehensive National Cybersecurity Initiative was “the single largest request and the most important initiative of the President’s fiscal year 2009 [intelligence] budget request,” the House Intelligence Committee said in its report on the FY2009 intelligence authorization act.

The Electronic Privacy Information Center filed a Freedom of Information Act lawsuit (pdf) just last month seeking declassification and disclosure of the Bush Administration’s NSPD 54.

But that foundational directive was not disclosed, nor did the Obama Administration address the issue of offensive cyber policy raised by the National Academy.  Instead, the White House released a descriptive summary of 12 component elements of the Cybersecurity Initiative, a gesture that it said was consistent with the President’s emphasis on increased transparency.

“Transparency is particularly vital in areas, such as the CNCI, where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity,” said Howard A. Schmidt, the White House Cybersecurity Coordinator who announced the disclosure.  “Transparency provides the American people with the ability to partner with government and participate meaningfully in the discussion about how we can use the extraordinary resources and expertise of the intelligence community with proper oversight for the protection of privacy and civil liberties,” Mr. Schmidt said.

But without a clear delineation of legal authorities and implementation mechanisms, the scope for meaningful public discussion seems limited.

As the House Intelligence Committee put it in 2008, “a cybersecurity initiative [is] worthwhile in principle, but the details of the CNCI remain vague and, thus, open to question.”

In order to bolster independent oversight of programs such as the CNCI that must remain classified, at least in part, dozens of public interest organizations including the Federation of American Scientists this week urged President Obama (pdf) to finally appoint the members of an independent executive branch oversight board.

The Privacy and Civil Liberties Oversight Board (pdf), originally proposed in 2004 by the 9/11 Commission to monitor and defend civil liberties in information sharing and counterterrorism activities, was given independent agency status by Congress in 2007.  But it has remained vacant since that time and thus unable to fulfill its assigned task.

“It is crucial that you nominate qualified individuals to serve on the PCLOB, so that it may begin to provide guidance as new policies and procedures are developed,” the public interest group letter said.

publications
See all publications
Nuclear Weapons
Blog
New Voices on Nuclear Weapons Fellowship: Creative Perspectives on Rethinking Nuclear Deterrence 

To empower new voices to start their career in nuclear weapons studies, the Federation of American Scientists launched the New Voices on Nuclear Weapons Fellowship. Here’s what our inaugural cohort accomplished.

11.28.23 | 3 min read
read more
Science Policy
Article
Expected Utility Forecasting for Science Funding

Common frameworks for evaluating proposals leave this utility function implicit, often evaluating aspects of risk, uncertainty, and potential value independently and qualitatively.

11.20.23 | 11 min read
read more
Nuclear Weapons
Report
Nuclear Notebook: Nuclear Weapons Sharing, 2023

The FAS Nuclear Notebook is one of the most widely sourced reference materials worldwide for reliable information about the status of nuclear weapons and has been published in the Bulletin of the Atomic Scientists since 1987. The Nuclear Notebook is researched and written by the staff of the Federation of American Scientists’ Nuclear Information Project: Director Hans […]

11.17.23 | 1 min read
read more
Social Innovation
Blog
Community School Approach Reaches High of 60%, Reports Latest Pulse Panel

According to the National Center for Education Statistics’ August 2023 pulse panel, 60% of public schools were utilizing a “community school” or “wraparound services model” at the start of this school year—up from 45% last year.

11.17.23 | 4 min read
read more