White House Cybersecurity Plans Seem Mostly Harmless

A brief overview of the classified cybersecurity bill known as “NSPD54” has been posted to the whitehouse.gov website (you can find the document in .pdf form here). The bill itself is still classified, but the overview seems to suggest that the tightening of security is really just on the centralized government end of things and not some Bush-era surveillance madness.

The summary PDF outlines twelve “CNCI Initiative Details,” most of which sound incredibly reasonable. The first three points are essentially just methods for blocking intrusions and using secure connections when doing work on government servers. The next few points are the normal rigmarole: they discuss developing “a government-wide counterintelligence plan,” increasing security for classified networks, and better educating users.

The last two points, however, are a bit nebulous when it comes to issues of government interaction and involvement with other entities. Initiative 11 is to “develop a multi-pronged approach for global supply chain risk management.” The point itself specifically refers to “commercial information and communication technology,” which is outside the government’s normal purview. As we don’t have the entirety of NSPD54, however, it’s hard to speculate on what this means.

It’s initiative twelve that could impact the American populace most directly. The summary states that the government wants to “define the federal role for extending cybersecurity into critical infrastructure domains.” Again, it’s premature to say that this point definitely means anything concrete, but one possible reading is that the government wants to have some involvement in public energy and ‘net infrastructure. Now I’m more civil liberties crazy than most anyone I know, but this makes a lot of sense. It would probably be to the benefit of the American people if the US government had some close oversight which would allow the feds to, I don’t know, keep the Chinese from hacking our power grid.