Cybersecurity Update

The Obama Administration announced, last month, a cybersecurity initiative that would cover both defense and federal civilian networks and would include the appointment of a cybersecurty "czar" in addition to the formal appointment of a Cybersecurity Command within the Department of Defense. [I discussed the DOD appointment in a previous post.] The Administration's move follows on the Bush Administration's cybersecurity initiative, announced last year, which was more detailed and provided for both Department of Defense and Department of Homeland Security involvement in 12 specific areas of interest:

• Intrusion detection

• Intrusion prevention

• Research and development

• Situational awareness

• Cyber counter intelligence

• Classified network security

• Cyber education and training

• Implementation of information security technologies

• Deterrence strategies

• Global supply chain security

• Public/private collaboration

Federal dollars pledged last year to support the initiative were estimated at $20 billion, however, don't take that to the bank just yet.

The focal point for all cyber decision authority, and presumably much of the contract work, will in the WDC metro area, specifically Fort Meade. I expect that this will be true for non-DOD programs and efforts also. Why Fort Meade? Because the Cyber Commander will be dual-hatted as the Director of NSA.

Some other facts to note:

Much of the work will be highly classified. While this can be an impediment, the right connections and/or partnering can help get around this sometimes impenetrable wall.

The DOD now considers cyberspace to be the 5th domain for national defense, the first four being land, sea, air, and space.

The cyber command is expected to grow exponentially over the next 10 years.

To quote a local Information Operations Technical Director with the Navy, the holy grail for cybersecurity are attribution and location -- e.g., the who and the where. There are many commercial solutions for masking one's mischief on the internet. Staying one step ahead of these commercial solutions, and more clever upgrades, will be of the highest priority.

Reviewing the 12 items above, consider that beyond protection of the networks the highest priorities, from the defense perspective, will be deterrence and countermeasures. Any other information could not be conveyed on this blog but this is probably the best advice for interested software companies and entrepreneurs.