In a recent Wall Street Journal article President Obama announced a new “Cybersecurity National Action Plan” which would increase federal cybersecurity funding north of $19 billion. Although, it is unclear if any of this spending will actually be funded as House Budget Committee Chairman Tom Price (R-GA) and Senate Budget Committee Chairman Mike Enzi (R-WY) have already declared that both committees will not hold a hearing to review the president’s FY 2017 Budget. Politics aside, it’s encouraging to see a dialogue happening at the highest levels of our government on such an important topic.
The Four Major Priorities that are Being Proposed
1: $3 Billion Fund to Kick-start an Overhaul of Federal Computer Systems
First, the President is proposing a $3 billion fund to kick-start an overhaul of federal computer systems and going forward, agencies will be required to increase protections for their most valued information and make it easier for them to update their networks. Additionally he’s proposed creating a new federal position, Chief Information Security Officer, a position he notes that most major companies have already established. Of course the devil is in the details as to how the money is spent but in general the government, like most corporations, needs to invest more in cybersecurity. In our experience the investment should prioritize people and process rather than the short sighted rush to procure more tools supported by an already overworked staff following undocumented processes.
2: Stepping Up Efforts to Build a Corps of Cyber Professionals Across Government Agencies
Second, the President has proposed stepping up efforts to build a corps of cyber professionals across government agencies to push best practices at every level. This includes offering scholarships and forgiving student loans to recruit talent from Silicon Valley and across the private sector. I’m sure loan forgiveness would be appreciated by many, but creatively funding internships, certifications or co-ops that would integrate classroom studies with professional work experience should also be considered to propel this effort to create cybersecurity practitioners.
3: Strengthening Partnerships with the Private Sector to Deter, Detect and Disrupt Threats
Third, the President is strengthening partnerships with the private sector to deter, detect and disrupt threats, including to the nation’s critical infrastructure. This has been an ongoing effort for several years and many of the team here at CyberSheath were a part of the initial efforts on this front in 2007 and 2008; I personally had the privilege of testifying before the House Armed Security Committee on the effectiveness of the Defense Industrial Base Cybersecurity Initiative. Ultimately those efforts matured and resulted in the most recent iteration, NIST 800-171
, which will become mandatory for tens of thousands of contractors in 2017. Having seen the potential for transformation firsthand we believe strongly in these partnerships.
4: Empower Americans to Protect themselves Online by Launching a New National Awareness Campaign
Lastly, the President wants to do more to empower Americans to protect themselves online by launching a new national awareness campaign to raise awareness of cyber threats and encourage more Americans to move beyond passwords—adding an extra layer of security like a fingerprint or codes sent to your cellphone. Done correctly this could collectively do a lot of good. Two factor authentication technology is widely available and relatively easy to use so de-mystifying it and encouraging Americans to take advantage of the additional level of security it provides would be a welcome improvement.
Again, it’s unclear how much if any of these initiatives are tied to a proposed budget that may not even be reviewed but I am encouraged that the government continues to recognize the national security implications of cybersecurity and is doing something about it.
Did You Like This Post?
Subscribe to CyberSheath’s blog today to receive email updates as new posts become published.