The rumor is that there will be two or three new presidential directives that will put structure around cyber defense this month. These directives will become the fundamental constructs to operate the interagency group.
A presidential directive is a form of executive order issued by the President of the United States with the advice and consent/buy-in of the National Security Council. When issued, a Presidential Directive has the full force and effect of law. One of the most notable directives is Homeland Security Presidential Directives (HSPD). HSPD-1 followed Executive Order 13228 and established the Department of Homeland Security (DHS). There is little doubt that these directives will be classified.
That being said, I thought I would post what I believe will be representative of the directives that should be put in place this week.
Directive #1: This directive will establish the entity being charged with cyber defense. It is believed this order will define the make-up of the organization and establish eleven functional areas of operation. (Listing withheld for security reasons) It is believed that the organization will have defensive and intelligence gathering responsibilities as they relate to cyber defense. Additionally, oversight and reporting requirements will be defined.
Directive #2: This directive will concentrate of the offensive cyber capabilities. It is believed that the military will have the responsibility for offensive cyber warfare and be charged with the responsibility of extending current military doctrine covering information warfare and the requirement to align and integrate these operations with the new organization.
Directive #3: This directive will concentrate on the private sector responsibility for cyber security. It is widely accepted that unless businesses, particularly those included as part of our critical infrastructure, enhance their security in light of the growing threat of cyber attacks and cyber terrorism, the country will not be adequately protected. This directive will establish the coordination and integration of the private sector into the operational modalities of the new entity charged with cyber defense. It is also though to include the establishment of minimum security standards for private sector organizations.
There is a large amount of funding that is being budgeted for this effort. Inside sources believe in this current year the budget is $6 billion. You can be sure the competition for these funds is significant and there is a lot at stake. Hopefully, everyone has learned from establishing the Department of Homeland Security and this will go much smoother.