Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations

Federal agencies report increasing cyber-intrusions into government computer networks, perpetrated by a range of known and unknown actors. In response, the President, legislators, experts, and others have characterized cybersecurity as a pressing national security issue. Like other national security challenges in the post-911 era, the cyber threat is multi-faceted and lacks clearly delineated boundaries. Some cyber attackers operate through foreign nations military or intelligence-gathering operations, whereas others have connections to terrorist groups or operate as individuals. Some cyber threats might be viewed as international or domestic criminal enterprises. In January 2008, the Bush Administration established the Comprehensive National Cybersecurity Initiative the CNCI by a classified joint presidential directive. The CNCI establishes a multipronged approach the federal government is to take in identifying current and emerging cyber threats, shoring up current and future telecommunications and cyber vulnerabilities, and responding to or proactively addressing entities that wish to steal or manipulate protected data on secure federal systems. On February 9, 2009, President Obama initiated a 60-day interagency cybersecurity review to develop a strategic framework to ensure the CNCI is being appropriately integrated, resourced, and coordinated with Congress and the private sector.