CNCI plan for President

12 “discreet initiatives”, the first time I heard of it was on a meeting, Professor Zhaocheng Lv, and I look up for it the whole day. Oh yeah~~I got it!
Remark: DHS___department of homeland security (国土安全局)
Do not refer to 'Don Self', hiahia~~~
CNCI___Comprehensive National Cyber Initiative

write it down, may be others need it.

1. Move towards managing a single federal enterprise network.
The cornerstone to this effort is the TrustedInternet Connections program, initiated by the Office of Management and Budget in November 2007 that aimsto reduce the number of connections from federal agencies to external computer networks to 100 or fewer, frommore than 4,300 connections identified in January of this year. But it would also rely heavily on Federal DesktopCore Configuration standards, initiated by OMB, which prescribe specific requirements to access and use federalnetworks.

2. Deploy intrinsic detection systems.
These systems would build on current software tools—notably a programcalled Einstein, and an enhanced version called Einstein 2, developed by the Department of Homeland Security.These tools monitor and identify information streams at network access points, but currently lack the ability todo more than report potential problems.

3. Develop and deploy intrusion prevention tools.
DHS teams are now working on the development ofEinstein 3, which would be designed to block and mitigate malicious patterns in the code surroundinginformation in transit, before they can do harm on federal networks.

4. Review and potentially redirect research and funding.
Efforts are underway to take stock of cyberresearch and related programs and to look for overlaps and gaps, in order to channel resources more effectively.

5. Connect current government cyber operation centers.
In particular, increase the effectiveness thesecenters by standardizing operating procedures and improving shared awareness of threats.

6. Develop a government-wide cyber intelligence plan.
Because several civilian, intelligence and defenseDetails emerge about President’s Cyber Plan
have varying responsibilities to address cyber threats, the government has had a difficult time crafting asingle, coherent approach.

7. Increase the security of classified networks.
The escalating volume of attacks, and the increasingpenetration into supposedly secure networks makes it imperative that work be done to further security classifiednetworks and the information on them.

8. Expand cyber education.
There is a significant need for creating a career pipeline to train cyber securityexperts—with offensive as well as defensive skills--and to institutionalize the knowledge surrounding securitythreats. Cyber education needs to include developing a broader base of candidates with scientific knowledge anda cyber-savvy workforce, as well as network specialists who can work in law enforcement, military, homelandsecurity, health and other specialty areas.

9. Define enduring leap-ahead technologies.
The government needs to provide direction for “game-changing”technologies that would provide a more stable environment and supplant some of the fundamental design ofexisting technologies--and the current patchwork approach to fixing them.

10. Define enduring deterrent technologies and programs.
The government has an opportunity to tap broadergroups of scientists, strategists and policy makers – similar to the way it did a half-century ago in crafting anuclear weapons deterrent strategy—to develop new and lasting approaches to address cyber threats in thiscentury.

11. Develop multi-pronged approaches to supply chain risk management.
The reality of global supply chainspresents significant challenges in thwarting counterfeit--or maliciously designed—hardware and softwareproducts which must be addressed.

12. Define the role of cyber security in private sector domains.
Experts agree, the government must do moreto get its cyber security house in order. But with so much of the nation’s infrastructure in the hands of theprivate sector, more must be done to quantify the financial and economic risks associated with cyber securitythreats in order to provide better investment direction.

Celebrate

Finally I got my blog for security!