The Comprehensive National Cybersecurity Initiative (CNCI) was established by President George W. Bush in National Security Presidential Directive 54/ Homeland Security Presidential Directive 23 (NSPD/HSPD) in. Last year, EPIC won a five-year court battle against the NSA for NSPD the ( Apr. 23, ); Court Awards EPIC Attorneys’ Fees in FOIA Case Against NSA. As a result of HSPD-7, the Department of Homeland Security established the 54/Homeland Security Presidential Directive 23 (NSPD/HSPD), which.

Author: Douzilkree Fauzilkree
Country: Madagascar
Language: English (Spanish)
Genre: Politics
Published (Last): 19 June 2007
Pages: 339
PDF File Size: 20.94 Mb
ePub File Size: 17.38 Mb
ISBN: 347-5-92038-679-4
Downloads: 39679
Price: Free* [*Free Regsitration Required]
Uploader: Kejin

EPIC – EPIC v. NSA – Cybersecurity Authority

Admiral Rogers announced, “the default setting is if we become aware of a vulnerability, we share it. The Directive created the Comprehensive National Cybersecurity Initiative CNCIa “multi-agency, multi-year plan that lays out twelve steps to securing the federal government’s cyber networks.

Admiral Rogers recognized that “‘a fundamentally strong Internet is in the best interest of the U. The Directive reveals the government’s long-standing interest in enlisting private sector companies to monitor user activity.

EPIC sued DHS to compel the disclosure of records relating to a cybersecurity program designed to monitor traffic flowing through ISPs to a select number of defense contractors.

The Judge agreed with EPIC that “a referral of a FOIA request could be considered a ‘withholding’ if ‘its net effect is to impair the requester’s ability to obtain the records or significantly to increase the amount of time he must wait to obtain them,” but held that “an entity that is not subject to FOIA cannot unilaterally nsps-54 made subject to the statute by any action of an agency, including referral of a FOIA request.

The groups warn that the measures will increase monitoring of Internet users, increase government secrecy, and remove judicial oversight for government surveillance. Companies would receive immunity for their disregard of existing privacy law.


The Directive also includes the Comprehensive National Cybersecurity Initiative and evidences government efforts to enlist private sector companies to assist in monitoring Internet traffic. The bill would allow the government to obtain user information from private companies without judicial oversight.

The court concluded that the agency’s argument relied on “a weak assumption,” but will allow the agency to submit a revised justification for bspd-54 the records.

Comprehensive National Cybersecurity Initiative

Click Here to Kill Everybody: In Octoberthe NSA identified three relevant documents, but refused to disclose any of them. EPIC then submitted an administrative appealappealing the NSA’s failure to make a timely substantive determination as well as denying expedited processing on July 30, The text of the National Security Presidential Directive Senator Wyden, who opposed the measure, stated”If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill – it’s a surveillance bill by another name.

EPIC then sued the agency to force disclosure of the document but a court ruled sue sponte that the NSA did not have control over NSPD, and thus it was not an “agency record” subject to release. In the past, the NSA has kept these vulnerabilities secret for use in counterintelligence. One document, relating to the text of the Directive, was not disclosed because the record “did not originate with” the NSA, and “has been referred to the National Security Council for review and direct response to” EPIC.

The full text of the Comprehensive National Cybersecurity Initiative, including unreported sections and any executing protocols distributed to the agencies in charge of its implementation.

The case remains pending in U. On August 30,the NSA released the heavily redacted version of two of the nwpd-54 three documents it had identified as responsive. The Order encourages the companies to disclose user data to the federal government outside any judicial process. Suite Washington, DC Many have described the cyber security bills as “cyber surveillance” measures.


The agency then opposed EPIC’s request for attorneys fees in the case. Two other documents relating to privacy policies were withheld allegedly pursuant to a FOIA exemption.

Einstein 3 is a government cybersecurity program that monitors Internet traffic. President Obama announced today an Executive Order to promote collaboration between the private sector and the government to counter cyber threats.

The NSA acknowledged receipt of this appeal in December, but failed to provide any further communication. Freedom of Information Act Cases.

Any privacy policies related to the Directive nspc-54 the Initiative, including contracts or other documents describing privacy policies with information shared with private contractors to facilitate the CNCI. The Order also promotes compliance with Fair Information Practices and adoption of such Privacy Enhancing Techniques as data minimization.

Comprehensive National Cybersecurity Initiative – Wikipedia

The request specifically asked for the following documents: The report describes the internal watchdog’s audits, studies, and investigations of the NSA’s activities. The Executive Order is one of several cybersecurity initiative s announced by the President. The initiatives cover a wide range of government activity, from cyber education to intrusion detection. DHS, a federal district court ruled that the Department of Homeland Yspd-23 failed to justify withholding documents subject to the Freedom of Information Act.

Earlier this year, the NSA’s policies on zero-day exploits came under scrutiny when an glitch known as the “Heartbleed bug” threatened to undermine SSL encryption across the entire internet.