Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections.
Reaction - This is a bad idea. You want decentralized, walled-off systems which have limited sharing of credentials. If one system is compromised, and you break through this wall and get behind it as a trusted user, you have the run of the whole thing. The broader your trust is, and the more centralized it is, the easier it is to breach the barrier and be trusted anywhere inside.
Initiative #2. Deploy an intrusion detection system of sensors across the Federal enterprise.
Reaction - This is a good idea. I'm surprised they don't already do this.
Initiative #3. Pursue deployment of intrusion prevention systems across the Federal enterprise.
Reaction - "Pursue"? I'd like something a little more definite as a goal. Nothing wrong with this, it's a good idea. There are tons of open source tools that would level the playing field, and honeypot research is always ongoing.
Initiative #4: Coordinate and redirect research and development (R&D) efforts.
Reaction - Translation: The people behind this want to spend federal money.
Initiative #5. Connect current cyber ops centers to enhance situational awareness.
Reaction - Translation: The people behind this want to control the turf, so get ready for turf wars. See #4, where they want money. Money + turf = power. Hey, at least they're being honest.
Initiative #6. Develop and implement a government-wide cyber counterintelligence (CI) plan.
Reaction - Good luck with that. Has any government-wide anything ever come together? At least they're being honest and telling us they want this government-wide thing with them at the top.
Initiative #7. Increase the security of our classified networks.
Reaction - This is a good idea, but it's so vague it falls under if you can't measure it, you can't manage it. Then again, you can hardly blab about the inherent insecurity of your classified systems, can you?
Initiative #8. Expand cyber education.
Reaction - See #4 - education means these people want to spend feneral money on education grants. These are basically government subsidies of for-profit education, in this case DeVry, ITT, and Univ. of Phoenix. Do we really want graduates from these schools running our country's cyber security, and do we want to pit them against the best black-hat experts that other countries have to offer?
Initiative #9. Define and develop enduring â€śleap-aheadâ€ť technology, strategies, and programs.
Reaction - See #8 - our DeVry grads are going to leap ahead of the best black-hat experts in the world? Really? If the government did what I did on my home network (on a larger scale) we'd almost end security problems as we know them. I don't think that's going to happen. A few "cyber warriors" developing leap-ahead strategies isn't going to stop the inertia of the other government branches basically emptying their pockets buying insecure Microsoft operating systems. (I'm certainly not doing anything special, just following best practices.)
Initiative #10. Define and develop enduring deterrence strategies and programs.
Reaction - This is a waste of time because the technology world changes too rapidly. Your "enduring" plan will be obsolete next year.
Initiative #11. Develop a multi-pronged approach for global supply chain risk management.
Reaction - This is buzzword gibberish. Isn't our "supply chain" dependent on China, anyway? I bought some crimpers and cable ties at Harbor Freight recently. Guess where they were made? How long would our network infrastructure last without China? I doubt I could put a network together without Made in China tools. Maybe if I bought those new ridiculously overpriced German tools they got in recently at Lowes.
Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains.
Reaction - Translation: We want federal control over state and local power plants, train depots, etc. Decenteralized control is much better for cyber security. If you break into one small area, you can't take the whole thing out. That's why they dug zigzag trenches in WWI - so if a bomb landed in one traverse, it wouldn't take the whole trench out. This sounds like they want to straighten out all the trenches so the panopticon government can see up and down them with a clear line of sight.