from the FAS Project on Government Secrecy
Volume 2010, Issue No. 17
March 3, 2010

Secrecy News Blog:


The White House yesterday released a newly declassified description of the Comprehensive National Cybersecurity Initiative (CNCI), a highly classified program that is intended to protect U.S. government computer networks against intrusion and disruption.

The cybersecurity initiative was established in January 2008 by President Bush's classified National Security Presidential Directive (NSPD) 54, and quickly became controversial in part because of the intense secrecy surrounding it.

"Virtually everything about the initiative is highly classified," the Senate Armed Services Committee complained in 2008, "and most of the information that is not classified is categorized as 'For Official Use Only'. These restrictions preclude public education, awareness and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties.... The Committee strongly urges the [Bush] Administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative." No such reconsideration was forthcoming until now.

Concerns about overclassification were also expressed by the National Academy of Sciences in a 2009 report, which called for "a broad, unclassified national debate and discussion about cyber-attack policy," and argued that "secrecy even about broad policy issues serves mostly to inhibit necessary discussion about them."

The Comprehensive National Cybersecurity Initiative was "the single largest request and the most important initiative of the President's fiscal year 2009 [intelligence] budget request," the House Intelligence Committee said in its report on the FY2009 intelligence authorization act.

The Electronic Privacy Information Center filed a Freedom of Information Act lawsuit just last month seeking declassification and disclosure of the Bush Administration's NSPD 54.

But that foundational directive was not disclosed, nor did the Obama Administration address the issue of offensive cyber policy raised by the National Academy. Instead, the White House released a descriptive summary of 12 component elements of the Cybersecurity Initiative, a gesture that it said was consistent with the President's emphasis on increased transparency.

"Transparency is particularly vital in areas, such as the CNCI, where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity," said Howard A. Schmidt, the White House Cybersecurity Coordinator who announced the disclosure. "Transparency provides the American people with the ability to partner with government and participate meaningfully in the discussion about how we can use the extraordinary resources and expertise of the intelligence community with proper oversight for the protection of privacy and civil liberties," Mr. Schmidt said.

But without a clear delineation of legal authorities and implementation mechanisms, the scope for meaningful public discussion seems limited.

As the House Intelligence Committee put it in 2008, "a cybersecurity initiative [is] worthwhile in principle, but the details of the CNCI remain vague and, thus, open to question."

In order to bolster independent oversight of programs such as the CNCI that must remain classified, at least in part, dozens of public interest organizations including the Federation of American Scientists this week urged President Obama to finally appoint the members of the Privacy and Civil Liberties Oversight Board.

The Board, originally proposed in 2004 by the 9/11 Commission to monitor and defend civil liberties in information sharing and counterterrorism activities, was given independent agency status by Congress in 2007. But it has remained vacant since that time and thus unable to fulfill its assigned task.

"It is crucial that you nominate qualified individuals to serve on the PCLOB, so that it may begin to provide guidance as new policies and procedures are developed," the public interest group letter said.


U.S. Army doctrine published last week anticipates an increasingly unstable information environment that may challenge Army operations and test national capabilities.

"Unprecedented levels of adverse activity in and through cyberspace threaten the integrity of United States critical infrastructure, financial systems, and elements of national power. These threats range from unwitting hackers to nation-states, each at various levels of competence. Collectively, the threats create a condition of perpetual turbulence without traditional end states or resolution."

Under prevailing circumstances, the Army says, "Notions of 'dominating' cyberspace are simplistic and unrealistic. A realistic and meaningful goal is to achieve and maintain freedom of action in and through cyberspace while being able to affect that of the adversaries."

The Army's assessment and proposed response are described in "Cyberspace Operations Concept Capability Plan 2016-2028," TRADOC Pamphlet 525-7-8, February 22, 2010:


Noteworthy new and updated reports from the Congressional Research Service that have not been made readily available to the public include the following.

"Instances of Use of United States Armed Forces Abroad, 1798-2009," January 27, 2010:

"Afghanistan Casualties: Military Forces and Civilians," February 26, 2010:

"China-North Korea Relations," January 22, 2010:

"Honduran Political Crisis, June 2009-January 2010," February 1, 2010:

"Southwest Border Violence: Issues in Identifying and Measuring Spillover Violence," February 16, 2010:

"Satellite Surveillance: Domestic Issues," February 1, 2010:


Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:

To SUBSCRIBE to Secrecy News, go to:


OR email your request to [email protected]

Secrecy News is archived at:

SUPPORT the FAS Project on Government Secrecy with a donation here: