paulmudgett.com

National Cybersecurity Initiatives – Quick thoughts

The White House just recently published a summary of the Comprehensive National Cybersecurity Initiative.  While there hasn’t been any time to debate this or even digest the implications of the 12 initiatives, I had some initial thoughts that I wanted to put down.  Certainly, this may change as (or if) more details are provided.

Initiative #1.  Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet. This is an effort of gargantuan proportions.  The enormous complexity of this initiative has failure written all over it.  If this somehow manages to be implemented I can only think “One ring to rule them all”… or “own” them all may be more appropriate.

Initiative #7.  Increase the security of our classified networks. Wow!  You think?  Common sense is not that common.

Initiative #8.  Expand cyber education. It will be interesting to see how programs are implemented when colleges and universities are dropping programs due to budget crisis.  Creating an InfoSec educated workforce is a long term strategy in a rapidly changing arena.  It may be difficult to find instructors who aren’t so grounded in academia that they become unaware of the changes in the environment..

Initiative #9.  Define and develop enduring “leap-ahead” technology, strategies, and programs. This assumes that an environment that rewards innovation in the private sector is created.  At least in writing, there appears to be a recognition of the need for public-private partnerships to be successful.

This may be a good start but without details on how government will implement these initiatives, it’s impossible to determine if this will be good, bad or ugly.  I’ll be keeping an eye on developments here.