•• To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and
working to define and develop strategies to deter hostile or malicious activity in cyberspace.
In building the plans for the CNCI, it was quickly realized that these goals could not be achieved without
also strengthening certain key strategic foundational capabilities within the Government. Therefore, the
CNCI includes funding within the federal law enforcement, intelligence, and defense communities to
enhance such key functions as criminal investigation; intelligence collection, processing, and analysis;
and information assurance critical to enabling national cybersecurity efforts.
The CNCI was developed with great care and attention to privacy and civil liberties concerns in close
consultation with privacy experts across the government. Protecting civil liberties and privacy rights
remain fundamental objectives in the implementation of the CNCI.
In accord with President Obama’s declared intent to make transparency a touchstone of his presidency,
the Cyberspace Policy Review identified enhanced information sharing as a key component of effective
cybersecurity. To improve public understanding of Federal efforts, the Cybersecurity Coordinator has
directed the release of the following summary description of the CNCI.
CNCI Initiative Details
Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted
Internet Connections. The Trusted Internet Connections (TIC) initiative, headed by the Office of
Management and Budget and the Department of Homeland Security, covers the consolidation of
the Federal Government’s external access points (including those to the Internet). This consolidation
will result in a common security solution which includes: facilitating the reduction of external access
points, establishing baseline security capabilities; and, validating agency adherence to those security
capabilities. Agencies participate in the TIC initiative either as TIC Access Providers (a limited number
of agencies that operate their own capabilities) or by contracting with commercial Managed Trusted IP
Service (MTIPS) providers through the GSA-managed NETWORX contract vehicle.
Initiative #2. Deploy an intrusion detection system of sensors across the Federal enterprise.
Intrusion Detection Systems using passive sensors form a vital part of U.S. Government network defenses
by identifying when unauthorized users attempt to gain access to those networks. DHS is deploying, as
part of its EINSTEIN 2 activities, signature-based sensors capable of inspecting Internet traffic entering
Federal systems for unauthorized accesses and malicious content. The EINSTEIN 2 capability enables
analysis of network flow information to identify potential malicious activity while conducting automatic
full packet inspection of traffic entering or exiting U.S. Government networks for malicious activity using
signature-based intrusion detection technology. Associated with this investment in technology is a
parallel investment in manpower with the expertise required to accomplish DHS’s expanded network
security mission. EINSTEIN 2 is capable of alerting US-CERT in real time to the presence of malicious
or potentially harmful activity in federal network traffic and provides correlation and visualization of
the derived data. Due to the capabilities within EINSTEIN 2, US-CERT analysts have a greatly improved
understanding of the network environment and an increased ability to address the weaknesses and
vulnerabilities in Federal network security. As a result, US-CERT has greater situational awareness and can
★
2
★