Cybersecurity Will Take A Big Bite of the Budget

By Walter Pincus
Monday, July 21, 2008

President Bush's single largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative, a little publicized but massive program whose details "remain vague and thus open to question," according to the House Permanent Select Committee on Intelligence.

A highly classified, multiyear, multibillion-dollar project, CNCI -- or "Cyber Initiative" -- is designed to develop a plan to secure government computer systems against foreign and domestic intruders and prepare for future threats. Any initial plan can later be expanded to cover sensitive civilian systems to protect financial, commercial and other vital infrastructure data.

"It is no longer sufficient for the U.S. Government to discover cyber intrusions in its networks, clean up the damage, and take legal or political steps to deter further intrusions," Director of National Intelligence Mike McConnell noted in a February 2008 threat assessment. "We must take proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage." His conclusions echoed those of a 2007 interagency review that led to CNCI's creation.

During debate on the intelligence authorization bill last week, Rep. Jim Langevin (D-R.I.), a member of the House intelligence committee and chairman of the Homeland Security subcommittee on emerging threats, described cybersecurity as "a real and growing threat that the federal government has been slow in addressing."

Without specifying funding figures, which are classified, Langevin said the panel approved 90 percent of the funds requested for CNCI but warned that the committee "does not intend to write the administration a blank check."

The committee's report recognized that as the initiative develops, "it will be imperative that the government also take into account the interests and concerns of private citizens, the U.S. information technology industry, and other elements of the private sector."

Such a public-private partnership will be "unlike any model that currently exists," said the committee, which recommended a White House study leading toward establishment of an oversight panel of lawmakers, executive branch officials and private-sector representatives. The panel would review the intelligence community's development of the initiative.

The committee said it expects the policy debates over the initiative to extend into the next administration, and major presidential candidates have addressed the issue.

On the same day the intelligence bill passed the House, Sen. Barack Obama (D-Ill.) told an audience that, "as president, I'll make cybersecurity the top priority that it should be in the 21st century." He vowed to appoint a national cyber adviser to coordinate policy to secure information -- "from the networks that power the federal government, to the networks that you use in your personal lives."

In a July 1 speech, Sen. John McCain (R-Ariz.) addressed cybersecurity, as well. "To protect our energy supply, air and rail transport, banking and financial services, we need to invest far more in the federal task of cyber security," he said. Neither Obama nor McCain mentioned the cybersecurity initiative underway.

National security and intelligence reporter Walter Pincus pores over the speeches, reports, transcripts and other documents that flood Washington and every week uncovers the fine print that rarely makes headlines -- but should. If you have any items that fit the bill, please send them to

© 2008 The Washington Post Company