The Comprehensive National Cybersecurity Initiative (CNCI) was established by President George W. Bush in National Security Presidential Directive 54/ Homeland Security Presidential Directive 23 (NSPD/HSPD) in. Last year, EPIC won a five-year court battle against the NSA for NSPD the ( Apr. 23, ); Court Awards EPIC Attorneys’ Fees in FOIA Case Against NSA. As a result of HSPD-7, the Department of Homeland Security established the 54/Homeland Security Presidential Directive 23 (NSPD/HSPD), which.

Author: Tauzilkree Fausida
Country: Philippines
Language: English (Spanish)
Genre: Finance
Published (Last): 20 February 2012
Pages: 147
PDF File Size: 7.74 Mb
ePub File Size: 4.7 Mb
ISBN: 357-2-91736-205-1
Downloads: 93029
Price: Free* [*Free Regsitration Required]
Uploader: Nikonos

However, the text of the underlying legal authority for cybersecurity still remains a secret. The agency then opposed EPIC’s request for attorneys fees in the case.

A broad coalition of organizations now oppose cybersecurity bills currently before Congress. Admiral Rogers announced, “the default setting is if we become aware of a vulnerability, we share it.

The full text of the Comprehensive National Cybersecurity Initiative, including unreported sections and any executing protocols distributed to the nspd-23 in charge of its implementation.

In a speech delivered at Stanford University, National Security Agency director Michael Rogers announced that the NSA will no longer stockpile “zero-day exploits”software glitches that could facilitate cyber espionage. Earlier this year, the NSA’s policies on zero-day exploits came under scrutiny when an glitch known as the “Heartbleed bug” threatened to undermine SSL encryption across the entire internet.

National Security Presidential Directives [NSPD] George W. Bush Administration

Senator Wyden, who opposed the measure, stated”If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill – it’s a surveillance bill by another name. Court of Appeals for the D. The Directive also includes the Comprehensive National Cybersecurity Initiative and evidences government efforts to enlist nspd-5 sector companies to assist in monitoring Internet traffic.


Many have described the cyber security bills as “cyber surveillance” measures. The Directive created the Comprehensive National Cybersecurity Initiative CNCIa “multi-agency, multi-year plan that lays out twelve steps to securing the federal government’s cyber networks. In the past, the NSA has kept these vulnerabilities secret for use in counterintelligence. The court concluded that the agency’s argument relied bspd-23 “a weak assumption,” but will allow the agency to submit a revised justification for withholding the records.

Comprehensive National Cybersecurity Initiative – Wikipedia

The groups warn that the measures will increase monitoring of Internet users, increase government secrecy, and remove judicial oversight for government surveillance.

Nspd-23 Octoberthe NSA identified three relevant documents, but refused to disclose any of them. For more information, see EPIC: EPIC then sued the agency to force disclosure of the document but a court ruled sue sponte that the NSA did not have control over NSPD, and thus it was not an “agency record” subject to release.

One document, relating to the text of the Directive, was not disclosed because the record “did not originate with” the NSA, and “has been referred to the National Security Council for review and direct response to” EPIC.

Two other documents relating to privacy policies were withheld allegedly pursuant to a FOIA exemption.

DHS, a federal district court ruled that the Nspd-5 of Homeland Security failed to justify withholding documents subject to the Freedom of Information Act. The Order encourages the companies to disclose user data to the federal government outside any judicial process.

On July 21,a briefing schedule was set for the case to move forward. The Directive reveals the government’s long-standing interest in enlisting private sector companies to monitor user activity. Among other findings, the OIG uncovered improper searches through U. The report describes the internal watchdog’s audits, studies, and investigations of the NSA’s activities.

The Executive Order is one of several cybersecurity initiative s announced by the President. Click Here to Kill Everybody: Freedom of Information Act Cases.


Comprehensive National Cybersecurity Initiative

In the appeal, EPIC argued that the agency has the document and therefore bears the burden of proving it is not an “agency record. The initiatives cover a wide range of government activity, from cyber education to intrusion detection. The monitoring includes scanning email destined for. Circuit ruled in favor of EPIC today in a Freedom of Information Act case seeking the full text of National Security Presidential Directive 54a previously-secret Presidential order granting the government broad authority over cybersecurity matters.

The Order also promotes compliance with Fair Information Practices and adoption of such Privacy Enhancing Techniques as data minimization. Noting the extraordinary public interest in the plan and the public’s right to comment on the measures in Congress, EPIC asked the NSA to expedite the processing of its request.

The case remains pending in U. EPIC sued DHS to compel the disclosure of records relating to a cybersecurity program designed to monitor traffic flowing through ISPs to a select number of defense contractors. President Obama announced today an Executive Order to promote collaboration between the private sector and the government to counter cyber threats.

Suite Hapd-23, DC The NSA acknowledged receipt of this appeal in December, but failed to provide any further communication. Any privacy hsd-23 related to the Directive or the Initiative, including contracts or other documents describing privacy policies with information shared with private contractors to facilitate the CNCI.

Companies would receive immunity for their disregard of existing privacy law.