Schneier on Security

A blog covering security and security technology.

« Interesting Microsoft Patent Application | Main | U.S. Air Force Considers Creating its Own Botnet »

May 13, 2008

What Is the Comprehensive National Cybersecurity Inititative?

The Department of Homeland Security has a new $200 million Comprehensive National Cybersecurity Inititative (CNCI). Congress is happy to fund it, but kind of wants to know what it's going to do.

I have to admit, I'm kind of curious myself.

Posted on May 13, 2008 at 12:54 PM • 21 Comments • View Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

@ Bruce,

"I have to admit, I'm kind of curious myself"

Remember curiosity killed the cat 8)

Posted by: Clive Robinson at May 13, 2008 1:15 PM

Sheesh. Is it too much to ask that 'happy to sign it' doesn't even get floated before 'tell us what this is and what it does' is answered to everyone's satisfaction?

There's been far too much trust given to an administration that hasn't shown that it's deserving of that trust.

Posted by: Nick Lancaster at May 13, 2008 1:17 PM

Dudes and dudettes, how come even though the US is broke like no other nation on this planet they still manage to find shitloads of money to throw out of the window for bullshit like this? And of course for war?
And don't tell us that "stimulating the economy" bullshit. Broken window fallacy, look it up!
http://en.wikipedia.org/wiki/Parable_of_the_broken_window

Posted by: Anonymous at May 13, 2008 1:17 PM

Take a look around buddy, the entire worlds economy is based on future promises of repayment. The united states is a debt based economy, it doesnt matter if we owe 80 billion or 500 billion, the us dollar is worthless, its not backed by anything.

Posted by: LC at May 13, 2008 1:57 PM

@Clive Robinson: I thought Schrödinger killed the cat! ;)

Posted by: Kaukomieli at May 13, 2008 1:59 PM

@Kaukomieli:

"Schrodinger's Security Plan" - you're safe and vulnerable at the same time. It's only when you open the box that you can determine if you spent your money wisely ...

Posted by: Nick Lancaster at May 13, 2008 2:09 PM

Well, since (a) Joe Lieberman is involved, and (b) Congressional oversight of the securocracy is a quaint vestige of our constitutional past anyway, my forecast is DHS will send the Senate Homeland Security committee a letter containing some emollient but utterly uninformative boilerplate, and the committee will then declare itself satisfied and sign on the dotted line.

Posted by: Carlo Graziani at May 13, 2008 2:14 PM

> "I have to admit, I'm kind of curious myself"

Nothing to be curious about. This is just another handoff of extorted^H^H^H^H^H^H^Htax money from politicos to their "business" pals. It doesn't matter at all what exactly will be funded - it's not like they're running a business which can produce something desireable to us.

Posted by: averros at May 13, 2008 2:52 PM

Nick - very funny.

Posted by: Grahame at May 13, 2008 2:58 PM

Should have been done through the USAF, where 200 million dollar hammers and the defense of "cyberspace" are all just another day's work.

http://www.airforce.com/achangingworld/

Posted by: Garfield's Human at May 13, 2008 3:01 PM

I daresay anyone wanting to know where money is *pretending* to go, at least, might want to check out this conference being held in DC from June 2-5th.

http://www.ndia.org/meetings/8680

Please go there, Bruce, and let the rest of us know how much of it turns out to be snake oil. Or just plain snake...

Posted by: Trichinosis USA at May 13, 2008 3:01 PM

http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf

Posted by: could this be it? at May 13, 2008 3:35 PM

Nobody's been able to yet show whether Schrodinger killed the cat or not.

Posted by: jeffd at May 13, 2008 5:55 PM

It is an attempt to distract Terrorists(tm) by buying them World of Warcraft subscriptions and Internet Porn.

Of course they need to quality check the material first...

Posted by: alan at May 13, 2008 6:06 PM

@Garfield's Human:

"Should have been done through the USAF..."

Have a look at:

http://www.armedforcesjournal.com/2008/05/3375884

"Why American needs a military botnet".

Posted by: Mark Mc. at May 13, 2008 6:53 PM

$200 million doesn't buy you much, really.

A new facility, maybe $40 million. A couple hundred highly trained infosec analysts with security clearance (at $120K per year plus 25% overhead for benefits), that's $30 million right there, just for the first year. Maybe $50 million in general equipment, networking gear, a compute cluster, laptops, etc. Shoot, that's $120 million off the top and I haven't even spent 3 minutes thinking about it.

What's $200 million, Congress? Why you gotta be so inquisitive?

Posted by: Pat Cahalan at May 13, 2008 7:47 PM

@ Pat

Sure that's what it'll cost, but what's the point of all those people if they don't do anything useful?

Posted by: Werner at May 14, 2008 1:50 AM

If the Government wants to make the interenet "secure" they need to rebuild it from scratch, you need more that $200 Million for that task!

Posted by: Tom73 at May 14, 2008 6:57 AM

If the Government wants to make the internet "secure" they need to rebuild it from scratch, you need more that $200 Million for that task!

Posted by: Tom73 at May 14, 2008 6:57 AM

Congress will sign anything with an impressive sounding title. You don't expect our Congress-critters to actually spend time to read the whole bill before voting on it, do you? It may be their job, but their primary responsibility is getting re-elected so they can vote on more unread bills.

Posted by: derf at May 14, 2008 9:41 AM

This is the project supposedly run by the FBI, (branch of dhs I guess, used to be part of the Just Us department) feebs cant even get their own computers to run for the last two generations, they like to abuse people and lie to them, garbage in garbage out. its set up in West Virginia, hotbed of the latest in computer security.

Posted by: carbon14 at May 14, 2008 10:45 AM