Cybertelecom Federal Internet Law & Policy An Educational Project

Cybersecurity :: White House

"The Administration already has established an Information and Communications Infrastructure Interagency Policy Committee (ICI-IPC), chaired by the National Security Council (NSC) and Homeland Security Council (HSC),19 as the primary policy coordination body for issues related to achieving an assured, reliable, secure, and survivable global information and communications infrastructure and related capabilities." [2009 Review 7]

White House has proposed the position of a Cybersecurity Czar / Coordinator

"The President should consider appointing a cybersecurity policy official at the White House, reporting to the NSC and dual-hatted with the NEC, to coordinate the Nation's cybersecurity-related policies and activities. This individual would chair the ICI-IPC and lead a strong process in consultation with other elements of the EOP to resolve competing priorities and coordinate interagency development of policies and strategies for cybersecurity.20 The cybersecurity policy official should participate in all appropriate economic, counterterrorism, and science and technology policy discussions to inform them of cybersecurity perspectives.

"To be successful, the President's cybersecurity policy official must have clear presidential support, authority, and sufficient resources to operate effectively in policy formulation and the coordination of interagency cybersecurity-related activities. The cybersecurity policy official should be supported by at least two Senior Directors and appropriate staff from the NSC and at least one Senior Director and appropriate staff from the NEC. These directorates would report through the cybersecurity policy official and work together in pursuit of the goals set forth in this paper and established as national policy. In addition, to achieve additional scale and integration across the NSC, each NSC regional and functional directorate should designate an individual to be responsible for following cybersecurity-related issues in the directorate's portfolio and coordinating with the directorate for cybersecurity.

"The cybersecurity policy official should not have operational responsibility or authority, nor the authority to make policy unilaterally. Using interagency coordination processes, the cybersecurity policy official should harmonize cybersecurity-related policy and technology efforts across the Federal government, ensure that the President's budget reflects federal priorities for cybersecurity, and develop a legislative agenda, all in consultation with the Federal government's Chief Technology Officer and Chief Information Officer-along with the appropriate entities within the Office of Management and Budget (OMB), the Office of Science and Technology Policy (OSTP), and the NEC.

"This appointment also would make crisis management more effective by establishing the cybersecurity policy official as the White House action officer for cyber incident response (a similar role to the action officers who help the White House monitor terrorist attacks or natural disasters); departments and agencies would continue to perform their operational roles.

"To facilitate coordination, all federal departments and agencies should establish a point-of-contact in their respective executive suites authorized to interface with the White House on cybersecurity related issues.

"The cybersecurity policy official-through the interagency policy development process-should prepare for the President's consideration an updated national strategy to secure the information and communications infrastructure. The strategy should include continued evaluation of CNCI activities and build, where appropriate, on its successes.24 The national strategy should focus senior leadership attention and time toward resolving issues that hamper U.S. efforts to achieve an assured, reliable, secure, and resilient global information and communications infrastructure and related capabilities.25 The strategy would assist government efforts to raise public awareness, renew and build international alliances and public-private partnerships, establish a more comprehensive national cyber response and recovery plan, and promote an aggressive research and development agenda that has the potential to result in new technologies that will enhance cybersecurity.

"The Federal government should continue the principle of "mission bridging" started under the CNCI. Departments and agencies should expand the sharing of expertise, knowledge, and perspectives about threats, tradecraft, technology, and vulnerabilities between network defenders and the intelligence, military, and law enforcement organizations that develop U.S. operational capabilities in cyberspace. In addition, the cybersecurity policy official should help coordinate intelligence and military policies and strategies for cyberspace-including for countering terrorist use of the Internet-to ensure integration of all mission equities. The cybersecurity policy official should engage external advisory bodies. Many advisory bodies touch on cybersecurity-related issues, including the National Security and Telecommunications Advisory Committee (NSTAC), the National Infrastructure Advisory Council (NIAC), the Critical Infrastructure Partnership Advisory Council (CIPAC), and the Information Security and Privacy Advisory Board (ISPAB). The cybersecurity policy official should review the responsibilities of these bodies and propose changes as necessary to optimize advice and eliminate unnecessary duplication.

"Other structures will be needed to help ensure that civil liberties and privacy rights are protected. Such structures would signal transparency and build trust between the civil liberties and privacy community, the public, and the program for cybersecurity, especially if implemented from the outset.26 It is important to reconstitute the Privacy and Civil Liberties Oversight Board (PCLOB), accelerate the selection process for its board members, and consider whether to seek legislative amendments to broaden its scope to include cybersecurity-related issues.27 Other options include: facilitating regular engagement of government civil liberties and privacy advisors on policy matters for cybersecurity or designating a dedicated privacy and civil liberties officer within the NSC (or, more broadly, the EOP) to engage with the private-sector civil liberties and privacy community, an oversight board, and government civil liberties and privacy officers.28, 29

"Equally important to developing cybersecurity policy, is assuring the effective execution and implementation of that policy to meet the goals of the larger strategy. Accordingly, the cybersecurity policy official, in consultation with OMB and other EOP entities, will need to ensure effective implementation of cybersecurity-related policy and activities. During the course of the 60-day review, stakeholders suggested a variety of options to coordinate and oversee cybersecurity activities. Several commentators identified strong executive leadership as well as focused, multi-year attention across the participating departments and agencies as critical elements to ensure that the U.S. Government has the mechanisms needed for an effective cybersecurity program. Currently, some of these oversight functions for existing cybersecurity efforts are being performed outside of the EOP. For example, the Joint Interagency Cyber Task Force (JIACTF), under the Director of National Intelligence, currently is responsible for coordinating and monitoring the implementation of the CNCI. The cybersecurity policy official, in consultation with OMB and other EOP entities, should develop structural options to perform appropriate oversight, implementation, and other functions. These could include among others, developing a JIACTF-like function30 in OMB or elsewhere in the EOP, creating an entity similar to President Eisenhower's Operations Coordinating Board,31 or establishing some other entity that, among other things, assists in assessing department and agency performance and oversees federal compliance with cybersecurity standards. Unless and until such an office is established, the work of the JIACTF should continue.32" [2009 Review 7]

-

References

• White House: Cybersecurity

Executive Order 13636 Improving Critical Infrastructure Cybersecurity, EO Feb. 12, 2013

• Executive Order 13636—Improving Critical Infrastructure Cybersecurity” 78 FR 11739 (February 19, 2013).
• "Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to:
  • Develop a technology-neutral voluntary cybersecurity framework
  • Promote and incentivize the adoption of cybersecurity practices
  • Increase the volume, timeliness and quality of cyber threat information sharing
  • Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure
  • Explore the use of existing regulation to promote cyber security "
• Press Release, The White House, Presidential Policy Directive – Critical Infrastructure Security and Resilience (Feb. 12, 2013)
• NIST Voluntary Framework
• DHS
  • DHS Fact Sheet: EO 13636 Improving Critical Infrastructure Cybersecurity and PPD-21 Critical Infrastructure Security and Resilience
  • Summary Report: Executive Order 13636 Cybersecurity Incentives Study
  • Analytic Report: Executive Order 13636 Cybersecurity Incentives Study
  • Blog: Working Together to Strengthen the Nation’s Critical Infrastructure, by Bruce McConnell, Acting Deputy Under Secretary for Cybersecurity
  • Fact Sheet: Executive Order (EO) 13636 Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD)-21 Critical Infrastructure Security and Resilience
  • Fact Sheet: Integrated Task Force
  • Press Release: DHS Highlights Efforts to Strengthen Cybersecurity for the Nations Critical Infrastructure
  • Privacy and Civil Liberties Assessment Report, Compiled by the DHS Privacy Office and the Office of Civil Rights and Civil Liberties, DHS April 2015
• GSA Improving Cybersecurity and Resilience through Acquisition PDF  - 1.67 MB DOCX  - 132.09 KB

Presidential Policy Directive (PPD)-21, “Critical Infrastructure Security and Resilience.” 2013

• The White House, “National strategy for trusted identities in cyberspace,” April 2011
  • See Authentication NEED LINK
• THE WHITE HOUSE, INTERNATIONAL STRATEGY FOR CYBERSPACE (2011)
• Federal Cybersecurity R&D Strategic Plan

  Posted by Aneesh Chopra and Howard Schmidt on December 06, 2011 at 12:38 PM EST

  Today, OSTP is releasing Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program -a road map to ensuring long-term reliability and trustworthiness of the digital communications network that is increasingly at the heart of American economic growth and global competitiveness. 

  Early in his Administration, the President ordered a top-to-bottom review of the Government's cyberspace policy. The resulting Cyberspace Policy Review  challenged Federal agencies to develop a targeted set of cybersecurity research priorities to "change the game" so that cyberspace can become safer and more trustworthy-key to facilitating continued growth of the Nation's digital infrastructure. The cybersecurity R&D strategic plan being released today is in direct response to the near-term action plan of the Cyberspace Policy Review and seeks to enhance and focus our cybersecurity research and development efforts by setting forth coordinated Federal strategic priorities and research objectives.

  Under the leadership of the National Science and Technology Council's Networking and Information Technology Research and Development (NITRD) Program, Federal agencies have been engaged in a number of public discussions with a broad range of stakeholders to solicit input and help guide the research prioritization process. For example, during the National Cyber Leap Year Summit of 2009 , approximately 150 invited researchers and technological innovators from across the Nation convened to review five prospective game-changing themes for cybersecurity. Several of the key ideas and objectives in the new strategic plan are outgrowths of that event.

  As a research and development strategy, this plan defines four strategic thrusts:

  1. Inducing Change - using game-changing themes to understand the root causes of existing cybersecurity deficiencies with the goal of disrupting the status quo;
  2. Developing Scientific Foundations - minimizing future cybersecurity problems by developing the science of security;
  3. Maximizing Research Impact - catalyzing coordination, collaboration, and integration of research activities across Federal agencies for maximum effectiveness; and
  4. Accelerating Transition to Practice - expediting improvements in cyberspace from research findings through focused transition programs.

  Given the magnitude and pervasiveness of cyberspace threats to our economy and national security, it is imperative that we fundamentally alter the dynamics in cybersecurity through the development of novel solutions and technologies. The Federal government is in a unique position to leverage its fundamental research resources to address the underlying causes of cybersecurity problems.   Using this strategic plan as a road map, sustained efforts in these areas will result in a more secure and trustworthy cyberspace. We invite researchers and innovators in industry and academia to join us in this effort.  Together, we can maximize the benefits of research and accelerate their transition into the marketplace.

• “National Security Strategy ” The White House May 2010, p 27 Web 17 Dec 2010
• Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, White House (NSPD-54/HSPD23) (May 2009) [2009 Review]
• May 28, 2009 House Science and Technology Committee Press release Gordon Joins Members for Release of Cyber Security Report
• The White House, Office of the press Secretary, President Obama Directs the National Security and Homeland Security Advisors to Conduct Immediate Cyber Security Review (Feb. 9, 2009),
• 2007, the Comprehensive National Cybersecurity Initiative (CNCI)
• Homeland Security Presidential Directive 7, Critical Infrastructure Identification, Prioritization, and Protection (December 17, 2003).
• Presidential Decision Directive 63, Critical Infrastructure Protection, May 22, 1998, at section II.
• National Strategy to Secure Cyberspace ("DHS will become a federal center of excellence for cybersecurity and provide a focal point for federal outreach to state, local, and nongovernmental organizations including the private sector, academia, and the public.")
• EO 12333: United States Intelligence Activities 2008
• EO 12472: Assignment of National Security and Emergency Preparedness Telecommunications Functions 2003
• EO 12382: President's National Security Telecommunications Advisory Committee 2003
• Executive Order establishing the Office of H. Security and the H. Security Council.  10/8/2001
• EO 13231: Critical Infrastructure Protection in the Information Age 2001
• The White House Statement on the Review of Critical Infrastructure Protection and Cyber Security May 9, 2001
• Report of the President of the United States on the Status of Federal Critical Infrastructure Protection Activities
• THE ELECTRONIC FRONTIER: THE CHALLENGE OF UNLAWFUL CONDUCT INVOLVING THE USE OF THE INTERNET A Report of the President’s Working Group on Unlawful Conduct on the Internet March 2000

© Cybertelecom ::