Walter Pincus at the Washington Post writes on the federal government’s Fiscal Year 2009 intelligence budget.
President Bush’s single largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative, a little publicized but massive program whose details "remain vague and thus open to question," according to the House Permanent Select Committee on Intelligence.
A highly classified, multiyear, multibillion-dollar project, CNCI — or "Cyber Initiative" — is designed to develop a plan to secure government computer systems against foreign and domestic intruders and prepare for future threats. Any initial plan can later be expanded to cover sensitive civilian systems to protect financial, commercial and other vital infrastructure data.
The House Intelligence Committee released its annual report (pdf) on the Intelligence Authorization Act and spent much of the report focused on the CNCI. The program was announced about the same time as the issuance of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 in January 2008. That directive is classified and its contents unknown. However, the directive has been reported on, and presumably the House Intelligence Committee has the authority to know its contents.
The Committee said in its report that it "finds a cybersecurity initiative worthwhile in principle, but the details of the CNCI remain vague and, thus, open to question." Also, "[f]or the CNCI to work as described in the Presidential Directive, it will require a partnership with industry unlike any model that currently exists." The Committee also questioned the government’s readiness to create and use the CNCI:
The Committee also notes that the federal government is not presently organized or equipped to negotiate the myriad issues and challenges presented by the implementation of the CNCI, especially those that cross organizational and jurisdictional boundaries. As the CNCI develops, it will be imperative that the government also take into account the interests and concerns of private citizens, the U.S. information technology industry, and other elements of the private sector.
The Committee recognizes that "[m]any of the details of the CNCI are still evolving, and an endeavor of this magnitude will need to be undertaken over the course of many years." The Committee included a provision "requiring a report from the President on options for creating a high-level advisory body" that would be able "to review the Intelligence Community’s progress toward refining and implementing the CNCI, as well as make policy recommendations to the executive and legislative branches in the areas of governance, privacy and civil liberties, and regulatory issues."
The Committee also included provisions to enhance its oversight power:
The Committee has borne witness to repeated failures by the Administration to comply with the National Security Act of 1947, which mandates that the Committee be ‘‘fully and currently informed’’ of all intelligence activities. These failures prompted the Committee to adopt two provisions to enhance reporting on intelligence activities to the full membership of the congressional intelligence committees. One provision would limit the use of covert action funds until the full membership of the intelligence committees are briefed on all covert actions in effect as of April 24, 2008. Another provision would restrict the Administration’s attempts to limit information to only the Chairman and Ranking Member, and clarifies the information that must be reported to the full Committee.