The Comprehensive National Cybersecurity Initiative (CNCI) is a federally-mandated cybersecurity process created by National Security Presidential Directive (NSPD) 54 and Homeland Security Presidential Directive (HSPD) 23. The goal of CNCI is to implement a major overhaul in how the Federal Government protects sensitive information from malicious entities such as hackers and hostile nation-states trying to infiltrate Government IT systems. This goal is to be achieved by addressing the fragmented security management approach that most Federal agencies currently employ in dealing with their systems and networks. Obviously, such lofty goals cannot be achieved unless sufficient funding is allocated and clear goals are set. In terms of funding, the total budget expected to be allocated to CNCI is on the order of
$40 billion over several years. The latest budget request is for $3.6 billion, which makes CNCI one of the most well funded Federal security initiatives. While most of the operational details about CNCI are still highly classified, on March 2, 2010 the White House released a
declassified report highlighting major CNCI initiatives. CNCI will mainly focus on:
Trusted Internet Connections (TIC): A mandatory program for all Federal agencies aimed at decreasing the number of disparate connections these agencies maintain to the public Internet. The goal is to dramatically reduce the number of possible entry points into United States Government systems. The officially stated objective is to reduce the 3000+ connections to the Internet currently maintained by various Federal agencies to less than 100.
Intrusion Detection / Prevention System (IDS/IPS): Given the number of attacks endured by Federal agencies on a daily basis, CNCI will attempt to provide a major upgrade to the Government's IDS/IPS capabilities by requiring usage of a state-of-the-art system called Einstein (and its successor Einstein 2). Einstein is expected to dramatically improve the capability of Federal agencies to detect intrusion attempts and neutralize them as early as possible.
Global Supply Chain Security (GSCS): Given there are no standards controlling the global flow of products and services, Federal agencies can easily become victims of foreign agents through the covert installation of spyware and other malware on foreign produced equipment. This can then serve as a back-door to classified Government networks and systems. The GSCS initiative attempts to mitigate that risk by establishing some standards mandatory for all Federal agencies when purchasing equipment.
Miscellaneous Support: Some other publicly announced CNCI components include Research and Development (R&D), counterintelligence with a focus on cybersecurity, non-traditional network security technologies, cybersecurity education and training and awareness, novel information security deployment methodologies, cyber-attack deterrence, collaboration between the public and private technology sector (especially with respect to critical infrastructure protection) and others.
TDI has been in the cybersecurity business for a decade. Throughout this period, we have always emphasized the value of focused security implementations driven by both business need and research data. On the policy side, TDI works closely with many of the leading participants in CNCI. TDI maintains contact with key members of the first knowledge sharing meeting related to CNCI - a meeting chaired by ODNI, during which the general framework of CNCI was discussed and budgetary requirements defined. Furthermore, TDI counts among its customers many of the Government participants in CNCI, including members of the defense, intelligence and homeland security communities. This unique combination of exposure to both the supply and demand side of cybersecurity in the Government can make TDI your gateway to CNCI opportunities that may be of interest to your organization.
On the operational and research side, TDI has been heavily involved researching and implementing most of the technologies that CNCI focuses on, in particular IDS/IPS (e.g. Einstein), and network infrastructure consolidation (e.g. TIC). TDI developed a number of the de-facto standard introduction manuals on IDS/IPS technologies and continues to actively develop this area through its research labs division, particularly behavior analysis extrusion prevention and anomaly detection. In terms of network infrastructure consolidation, TDI has performed such efforts at many of the large federal agencies in the Government. We believe that only through continued emphasis on cutting edge technologies, security training and awareness, and sound business decision making can the CNCI initiative truly pay off and provide our government with the cyber defense capabilities it needs in the 21st century and beyond.
- About TDI
- TDI Labs