Monday, February 23, 2009

More Information on CNCI

In response to my post Black Hat DC 2009 Wrap Up, Day 1, a commenter shared a link to a Fairfax Chamber of Commerce briefing by Boeing on the Comprehensive National Cybersecurity Initiative (CNCI) that I last mentioned in FCW on Comprehensive National Cybersecurity Initiative. I've extracted a few slides below to highlight several points.

The first slide I share shows abbreviated definitions for Computer Network Defense, Computer Network Exploitation, and Computer Network Attack. These mirror what I cited in China Cyberwar, or Not? in late 2007.



The second slide supports what I said in my Predicitons for 2008 post: Expect greater military involvement in defending private sector networks. Notice DNI and DoJ are said to be "authorized to conduct domestic intrusion detection," and DNI and DoD are allowed "involvement with domestic networks."



The three phased approach is displayed next. Note mentions of deployment of sensors, counter-intrusion plans, and deterrence.



Finally, this slide lists the seven "emphasis areas" for the new program.



Thanks to the anonymous commenter for directing me to this public link.


Richard Bejtlich is teaching new classes in Europe in 2009. Register by 1 Mar for the best rates.

5 comments:

Anonymous said...

Perhaps my tin foil hat is showing, but after the CNCI system is deployed to monitor for network attacks there will be no need for wiretap warrants.

Fundamentally, there is no difference between monitoring network traffic for IDS signatures and political speech.

Lastly, if network traffic can be monitored without warrents, why can't databases be monitored, or general use computers without warrants?

An unrecognized consequence of this process is the erosion of the 4th amendment.

Richard Bejtlich said...

Anonymous, there is a difference between monitoring your traffic at your ISP and monitoring traffic that interacts with .gov systems. There is already a wiretap act exception that allows system owners (you, me, .gov, etc.) to monitor their own networks in order to protect them.

Rocky DeStefano said...

I'm sure Fairfax county Chamber of Commerce doesn't mean to leave the entire contents of their upload directory open to the world - hopefully they'll fix that issue.

Boeing's stated CNCI vision seems to be on (a bit skewed towards the contracts they support but that's understandable). I can't wait to see more people articulate this vision and how it all interplays moving forward. Certainly The Whitehouse (through OMB), DOD, DHS, NSA, DOJ and others have to find a way to work together in a meaningful manner. TIC and it's associated projects go a long way to setting up a common playing field across government, but that's the easy part of this entire project. The real work is still to come.

Maanik Mehta said...
This comment has been removed by a blog administrator.
Anon said...

More comprehensive report on CNCI can be found here:
http://www.tdisecurity.com/resources/assets/CNCI%20TDI.pdf