The Comprehensive National Cybersecurity Initiative (CNCI) was established by President George W. Bush in National Security Presidential Directive 54/ Homeland Security Presidential Directive 23 (NSPD/HSPD) in. Last year, EPIC won a five-year court battle against the NSA for NSPD the ( Apr. 23, ); Court Awards EPIC Attorneys’ Fees in FOIA Case Against NSA. As a result of HSPD-7, the Department of Homeland Security established the 54/Homeland Security Presidential Directive 23 (NSPD/HSPD), which.

Author: Dibar Tulkree
Country: Lithuania
Language: English (Spanish)
Genre: Relationship
Published (Last): 3 May 2017
Pages: 263
PDF File Size: 18.3 Mb
ePub File Size: 9.90 Mb
ISBN: 160-6-54036-347-3
Downloads: 24640
Price: Free* [*Free Regsitration Required]
Uploader: Nikorg

Admiral Rogers announced, “the default setting is if we become aware of a vulnerability, we share it. A broad coalition of organizations now oppose cybersecurity bills currently before Congress. The full text of the Comprehensive National Cybersecurity Initiative, hsp-d23 unreported sections and any executing protocols distributed to the agencies in charge of its implementation. In Octoberthe NSA identified three relevant documents, but refused to disclose any of them.

The Directive created the Comprehensive National Cybersecurity Initiative CNCIa “multi-agency, multi-year plan that lays out twelve hspx-23 to securing the federal government’s cyber networks. Senator Wyden, who opposed the measure, stated”If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill – it’s a surveillance bill by another name. In a speech delivered at Stanford University, National Security Agency director Michael Rogers announced that the NSA will no longer stockpile “zero-day exploits”software glitches that could facilitate cyber espionage.

Comprehensive National Cybersecurity Initiative

The initiatives cover a wide range of government activity, from cyber education to intrusion detection. Suite Washington, DC However, the text of the underlying legal authority for cybersecurity still remains a secret. The groups warn that the measures will increase monitoring of Internet users, increase government secrecy, and remove judicial oversight for government surveillance.

EPIC sued DHS to compel the disclosure of records relating to a cybersecurity program designed to monitor traffic flowing through ISPs to a select number of defense contractors. The Executive Order is hsps-23 of several cybersecurity initiative s announced by the President. The court concluded that the agency’s argument relied on “a weak assumption,” but will allow the agency to submit a revised justification for withholding the records.


Hepd-23 privacy policies related to the Directive or the Initiative, including contracts or other documents describing privacy policies with information shared with private contractors to facilitate the CNCI.

Companies would receive immunity for their disregard of existing privacy law. The report describes the internal watchdog’s audits, studies, and investigations of nspd-23 NSA’s activities. In the appeal, EPIC argued that the agency has the document and therefore bears the burden of proving it is not an “agency record. The Order also promotes compliance with Fair Information Practices and adoption of such Privacy Enhancing Techniques as data minimization.

Among other findings, the OIG uncovered improper searches through U. The agency then opposed EPIC’s hspd–23 for attorneys fees in the case. Earlier this year, the NSA’s policies on zero-day exploits came under scrutiny when an glitch known as the “Heartbleed bug” threatened to undermine SSL encryption across the entire internet.

Noting the extraordinary public interest in the plan and the public’s right to comment on the measures in Congress, EPIC asked the NSA to expedite the processing of its request. Einstein 3 is a government cybersecurity program that monitors Internet traffic.

The Directive also includes the Comprehensive National Cybersecurity Initiative and evidences government efforts to enlist private sector companies to assist in monitoring Internet traffic. EPIC then sued the agency to force disclosure of the document but a court ruled sue sponte that the NSA did not have control over NSPD, and thus it was not an “agency record” subject to release.

One document, relating to the text of the Directive, was not disclosed because the record “did not originate with” the NSA, and “has been referred to the National Security Council for review and direct response to” EPIC.

DHS, a federal district court ruled that the Department of Homeland Security failed to justify withholding documents subject to the Freedom of Information Act.

EPIC – EPIC v. NSA – Cybersecurity Authority

The Order encourages the companies to disclose user data to the federal government outside any judicial process. The text of the National Security Presidential Directive Click Here to Kill Everybody: President Obama announced today an Executive Order to promote collaboration between the private sector and the government to counter cyber threats.


In the past, the NSA has kept these vulnerabilities secret for use in counterintelligence. The bill would allow the government to obtain user information from private companies without judicial oversight. Two other documents relating to privacy policies were withheld allegedly pursuant to a FOIA exemption.

The Judge agreed with EPIC that “a referral of a FOIA request could be considered a ‘withholding’ if ‘its net effect is to impair the requester’s ability to obtain the records or significantly to increase the amount of time he must wait to obtain them,” but held that “an entity that is not subject to FOIA cannot unilaterally be made subject to the statute by any action of an agency, including referral of a FOIA request. The case remains pending in U.

On July 21,a briefing schedule was set for the case to move forward. EPIC then submitted an administrative appealappealing the NSA’s failure to make a timely substantive determination as well as denying expedited processing on July 30, Many have described the cyber security bills as “cyber surveillance” measures. On August 30,the NSA released the heavily redacted version of two of the original three documents it had identified as responsive.

For more information, see EPIC: For more information, see EPIC v. The request specifically asked for the following documents: Freedom of Information Act Cases. The NSA acknowledged receipt of this appeal in December, but failed to provide any further communication. Court of Appeals for the D.