More Information on CNCI

In response to my post Black Hat DC 2009 Wrap Up, Day 1, a commenter shared a link to a Fairfax Chamber of Commerce briefing by Boeing on the Comprehensive National Cybersecurity Initiative (CNCI) that I last mentioned in FCW on Comprehensive National Cybersecurity Initiative. I've extracted a few slides below to highlight several points.

The first slide I share shows abbreviated definitions for Computer Network Defense, Computer Network Exploitation, and Computer Network Attack. These mirror what I cited in China Cyberwar, or Not? in late 2007.



The second slide supports what I said in my Predicitons for 2008 post: Expect greater military involvement in defending private sector networks. Notice DNI and DoJ are said to be "authorized to conduct domestic intrusion detection," and DNI and DoD are allowed "involvement with domestic networks."



The three phased approach is displayed next. Note mentions of deployment of sensors, counter-intrusion plans, and deterrence.



Finally, this slide lists the seven "emphasis areas" for the new program.



Thanks to the anonymous commenter for directing me to this public link.

Richard Bejtlich is teaching new classes in Europe in 2009. Register by 1 Mar for the best rates.

Comments

Anonymous said…
Perhaps my tin foil hat is showing, but after the CNCI system is deployed to monitor for network attacks there will be no need for wiretap warrants.

Fundamentally, there is no difference between monitoring network traffic for IDS signatures and political speech.

Lastly, if network traffic can be monitored without warrents, why can't databases be monitored, or general use computers without warrants?

An unrecognized consequence of this process is the erosion of the 4th amendment.
9:56 PM
Richard Bejtlich said…
Anonymous, there is a difference between monitoring your traffic at your ISP and monitoring traffic that interacts with .gov systems. There is already a wiretap act exception that allows system owners (you, me, .gov, etc.) to monitor their own networks in order to protect them.
10:33 PM
Anonymous said…
I'm sure Fairfax county Chamber of Commerce doesn't mean to leave the entire contents of their upload directory open to the world - hopefully they'll fix that issue.

Boeing's stated CNCI vision seems to be on (a bit skewed towards the contracts they support but that's understandable). I can't wait to see more people articulate this vision and how it all interplays moving forward. Certainly The Whitehouse (through OMB), DOD, DHS, NSA, DOJ and others have to find a way to work together in a meaningful manner. TIC and it's associated projects go a long way to setting up a common playing field across government, but that's the easy part of this entire project. The real work is still to come.
10:34 PM
Anonymous said…
This comment has been removed by a blog administrator.
2:09 AM
Anon said…
More comprehensive report on CNCI can be found here:
http://www.tdisecurity.com/resources/assets/CNCI%20TDI.pdf
5:27 PM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more