The Comprehensive National Cybersecurity Initiative (or CNCI) began in 2008 and forms an important component of cybersecurity efforts within the federal government. Anyone can now view or download an unclassified description of the CNCI and each of the 12 initiatives under the CNCI.
"Transparency is particularly vital in areas, such as the CNCI, where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity" said Schmidt. "Transparency provides the American people with the ability to partner with government and participate meaningfully in the discussion about how we can use the extraordinary resources and expertise of the intelligence community with proper oversight for the protection of privacy and civil liberties".
Ultimately, the National cybersecurity strategy has two main objectives, explained Schmidt: “to improve our resilience to cyber incidents, and to reduce the cyber threat”.
details the President’s Cyberspace Policy Review and identifies 10 near term actions to support the cybersecurity strategy. These are:
- Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities.
- Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure.
- Designate cybersecurity as one of the President’s key management priorities and establish performance metrics
- Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
- Conduct interagency-cleared legal analyses of priority cybersecurity-related issues.
- Initiate a national awareness and education campaign to promote cybersecurity.
- Develop an international cybersecurity policy framework and strengthen our international partnerships.
- Prepare a cybersecurity incident response plan and initiate a dialog to enhance public-private partnerships.
- Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure.
- Build a cybersecurity-based identity management vision and strategy, leveraging privacy-enhancing technologies for the Nation.
Schmidt, who announced his pride “at representing President Obama”, admitted that there is “still a long way to go” to achieving the actions outlined above. “Over the past year, thousands of hours have gone into this policy”, Schmidt said. “We all know that collaboration is important, and we recognise that the government and industry need to work together. These vulnerabilities are shared, so we need to work together.”
Schmidt acknowledged the importance for transparency when asking the industry for help. “In order to be successful, we must seek new and innovative partnerships, with government, industry, academia, and the public. Working together is the most powerful tool we have.”
In reference to the ten initiatives outlined in the cybersecurity strategy, Schmidt reliably informs the audience that they are certainly making headway. “We’re making sure that President Obama and Congress are thinking about cybersecurity in everything they do. Leadership at the top is very important”, he said.
“Appointing a cybersecurity policy official and designating a privacy and civil liberties official has been done. Here I am”, exclaimed Schmidt. “Updating the strategy is a work in progress. While there are a lot of things that will remain the same, it has to be updated.
“There is a working group that has been divided into four tracks dedicated to the international awareness campaign. There have been meetings, there are plans, and there are milestones. We’re making sure that the policy and framework address the international threat, and we’re ensuring that the cybsecurity response plans looks not only at how we co-ordinate, but how we get it right”.
In regards to action 9, Schmidt assured the audience that they have been looking at specific projects and economics.
In conclusion, Schmidt declared cybersecurity “a shared responsibility for all of us. We can only do what we can do, and that’s all we’re asking”.