The committee applauds the administration for developing a serious, major initiative to begin to close the vulnerabilities in the government's information networks and the nation's critical infrastructure. The committee believes that the administration's actions provide a foundation on which the next president can build.
However, the committee has multiple, significant issues with the administration's specific proposals and with the overall approach to gaining congressional support for the initiative.
A chief concern is that virtually everything about the initiative is highly classified, and most of the information that is not classified is categorized as `For Official Use Only.' These restrictions preclude public education, awareness, and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties. Without such debate and awareness in such important and sensitive areas, it is likely that the initiative will make slow or modest progress. The committee strongly urges the administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative.
The administration itself is starting a serious effort as part of the initiative to develop an information warfare deterrence strategy and declaratory doctrine, much as the superpowers did during the Cold War for nuclear conflict. It is difficult to conceive how the United States could promulgate a meaningful deterrence doctrine if every aspect of our capabilities and operational concepts is classified. In the era of superpower nuclear competition, while neither side disclosed weapons designs, everyone understood the effects of nuclear weapons, how they would be delivered, and the circumstances under which they would be used. Indeed, deterrence was not possible without letting friends and adversaries alike know what capabilities we possessed and the price that adversaries would pay in a real conflict. Some analogous level of disclosure is necessary in the cyber domain.
The committee also shares the view of the Senate Select Committee on Intelligence that major elements of the cyber initiative request should be scaled back because policy and legal reviews are not complete, and because the technology is not mature. Indeed, the administration is asking for substantial funds under the cyber initiative for fielding capabilities based on ongoing programs that remain in the prototype, or concept development, phase of the acquisition process. These elements of the cyber initiative, in other words, could not gain approval within the executive branch if held to standards enforced on normal acquisition programs. The committee's view is that disciplined acquisition processes and practices must be applied to the government-wide cyber initiative as much as to the ongoing development programs upon which the initiative is based.
The committee also... [ Read More (0.2k in body) ]
SASC Criticizes Secrecy of National Cyber Security Initiative