The U.S.’s cyber security czar Howard Schmidt has obviously been doing something apart from tidying his desk in the three months since being appointed: He’s been coming up with a cyber defense plan, which he’s just revealed to the World.
Schmidt was speaking at the RSA event in San Francisco, and it’s the first real showing he’s made since starting his job in December 2009. What he was talking about were the aspects of the freshly-upgraded Comprehensive National Cybersecurity Initiative that have been declassified for public consumption. And while you may suspect that Schmidt could only reveal the tiniest of details about such in important plan, he actually spilled quite a few beans in an attempt to get academics and private companies to buy into the government’s plans.
The CNCI is a twelve-part initiative that covers several key aspects of digital security, including the cloak-and-dagger counterintelligence stuff. Its overall intent, revealed for the first time since its inception in 2008, is to be the first line of defense against immediate cyberattacks, to defend against every possible kind of attack, and to work to improve future cybersecurity.
Schmidt’s speech suggests that he’ll be a figure appearing a lot in the media, with the goal of educating the public as much as working behind the scenes–he noted that the authorities have to “continue to seek out innovative new partnerships–not only within government, but also among industry, government [sic] and the American public.” And that’s precisely why the decision has been made to declassify parts of the CNCI. His point is well made, coming close on the heels of the widespread cyberattacks that targeted Google, other companies and U.S. official bodies at the end of 2009. These were internationally-sourced complex, penetrating attacks that could’ve wreaked untold damage, and the actual events are still being combed through, but cyberattacks at a more personal level have also recently been in the news with a huge phishing scam affecting Twitter.
Also speaking at the RSA conference, Microsoft’s VP for Trustworthy Computing Scott Charney suggested that one way to raise the serious money to fund national-level defenses against cyberattacks is to levy a tax on Net usage. The plan would obviously pay for some of Schmidt’s work, and presumably MS would be hoping that it (along with its competitors) would see some of the cash, and use it to improve their own defenses and code in public and governmental use. But whereas Schmidt’s speech may have been considered a breath of fresh air coming from a government figure, Charney’s presentation was not well received…and given MS’s shocking reputation for security loopholes in its OS and other software, as well as the company’s billions of dollars of business, this really isn’t a surprise.