White House Reveals Secret Cybersecurity Plan Developed Under Bush Administration
WASHINGTON — The Obama administration on Tuesday gave the public a peek at the Bush administration's classified plan to secure the nation's computer systems, but the newly revealed list of broad goals provided few surprises and key provisions remain secret.
The decision to publish a summary of the cyber initiative on the White House blog came just a month after the Washington-based Electronic Privacy Information Center filed a lawsuit in federal court seeking release of the computer security document.
Privacy advocates and other groups have long fought to get the Bush cyber plan made public, concerned that it discussed surveillance activities and Internet traffic monitoring by intelligence agencies that could violate Americans' personal privacy.
The government's precautions for dealing with cyber security has become a critical national security issue, as U.S. computers have been continually attacked and scanned by hackers, criminals and terrorists looking to steal money, data and state secrets.
U.S. officials and cyber experts have repeatedly warned that the nation is not adequately prepared for a cyber attack. Government and key private computer systems – such as those that run the electric grid or nuclear power plants – must be better protected, the critics say.
While the new White House posting did not provide details on the Bush-era classified cyber plan, one privacy group welcomed the public disclosure as a good first step for the Obama White House, which has pledged to run a more open, transparent government.
"The White House should be credited with beginning an important public discussion about the future of cybersecurity," said Marc Rotenberg, EPIC's executive director.
Rotenberg added, however, that the entire document still needs to be made public, including the legal authorities the government operates under and the privacy safeguards it employs when scrutinizing Internet traffic for cyber threats.
White House cyber coordinator Howard Schmidt announced the decision to make the summary public Tuesday at a San Francisco computer security conference.
Transparency is particularly vital in areas like the cyber initiative, Schmidt said, "where there have been legitimate questions about sensitive topics like the role of the intelligence community in cybersecurity."
He said the move would the public to participate in discussions on "how we can use the extraordinary resources and expertise of the intelligence community with proper oversight for the protection of privacy and civil liberties."
The list of 12 initiatives needed to defend U.S. networks and counter cyber threats, though, are largely familiar efforts that have been discussed for the past two years.
They include the ongoing development of a sophisticated system, called Einstein 3, that would detect and deter cyber attacks against U.S. government computers. The initiatives also include plans to make sure high-tech products bought by the U.S. are protected, and not being used by hackers to steal data or infiltrate systems.
The January 2008 presidential directive was signed by President George W. Bush as an attempt to better coordinate the protection of the nation's computer networks as well as its offensive cyber strategies.
President Barack Obama requested a broad review of the nation's cyber security shortly after he took office, and late last year he brought in Schmidt, a former eBay and Microsoft executive, to become the government's cyber coordinator.