“The administration is focused on developing policies and programs to improve our nation’s cybersecurity,” said a senior administration official, who requested anonymity because of the sensitivities of the subject. “The White House Cybersecurity Coordinator and the administration’s cybersecurity leadership team are multi-tasking, working within the Executive Branch and with Congress to move forward.”
The official points to several ongoing initiatives as part of what’s currently being done to better secure federal networks, including the Trusted Internet Connection (TIC) effort to reduce the number of gateways agencies use, the creation of a national incident response plan and an upcoming national exercise to evaluate it, and improving cybersecurity situational awareness across all cyber centers.
Gen. Keith Alexander, commander of the DoD Cyber Command, said yesterday during a House Armed Services Committee hearing, that Congressional support of these legislative proposals is one of two ways lawmakers can help.
“In terms of resources, we need the continued support of Congress and resources the department is putting forward for the component commands we have here,” Alexander said. “It will have to grow. Each is looking at this and addressing that. The second is authorities. Right now the White House is leading a discussion on what are the authorities needed, how will we do that and what will the team-the Defense Department and Cyber Command are a member of that team-how will that team operate to defend our country. What they will look at across that is what are authorities, what do we have legally and what do we have to come back to Congress and reshape or mold for authorities to operate in cyberspace.”
In a separate release, DoD detailed several questions it is trying to answer as part of this policy discussion:
What constitutes a cyber attack?
How do the laws of war pertain to operations in cyberspace?
What does deterrence look like in the cyber world, where it can take months to determine attack perpetrators and the cyber defense group may have nothing to strike back at?
Alexander said at the hearing that he is focused on DoD’s role in protecting the .mil networks, and not the .gov or .com domains.
“It is not my mission to defend today the entire nation,” he said. “If we are tasked by either the Secretary or President, we would have to put in place the capabilities to do that. But today, we could not.”
He said part of what the White House is working on is how to form the team along with DHS, the FBI, DoD and others to defend the nation in cyberspace along with ensuring everyone has the proper roles, responsibilities and authorities.
“We get to participate in that, to put forward our ideas for how the country could be protected, specifically the government, the government networks and what I’ll call critical infrastructure,” Alexander said.
Another piece of the preparation is the National Cyber Incident Response Plan. DHS issued an interim version earlier this month. A copy was obtained by Federal News Radio.
“The NCIRP focuses on improving the human and organizational responses to cyber incidents, while parallel efforts focus on enhancing the community’s technological capabilities,” the draft plan states. “The purpose of the NCIRP is to establish the strategic framework for organizational roles, responsibilities and actions to prepare for, respond to, and begin to coordinate recovery from a cyber incident. It ties various policies and doctrine together into a single tailored, strategic, cyber-specific plan designed to assist with operational execution, planning, and preparedness activities and to guide short-term recovery efforts.”
The draft plan focuses on a significant cyber incident-defined as a highly disruptive event where the levels of consequences are occurring or imminent, or an observed or imminent degradation of critical functions with a moderate to significant level of consequences, possibly coupled with indicators of higher levels of consequences impending.
The draft plan details specific federal responsibilities from the Executive Office of the President to DHS to DoD to the National Security Agency to Justice and the FBI.
It also discusses the private sector’s role as well as other non-governmental organizations.
“By the time coordinated response actions are needed during a Significant Cyber Incident, the cybersecurity community must be prepared and maintain a shared situational awareness to help identify, respond to, and recover from an incident,” the draft strategy states.
The draft strategy states that DHS’s National Cybersecurity and Communications Integration Center (NCCIC) would send out an alert on the National Cyber Risk Alert Level system.
“The system utilizes the common operational picture from the NCCIC and works with NCCIC partners to examine risk to cybersecurity systems across [critical infractructure] sectors and across the nation,” the draft states. “When risk to critical systems is determined, it will be communicated through four alert levels (Guarded, Elevated, Substantial, Severe) and will be accompanied by additional, more detailed information.”
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)