Obama unveils national cybersecurity action plan and budget
President Barack Obama announced a national cybersecurity action plan Tuesday, substantially increasing the requested amount of federal funding dedicated to cybersecurity, creating a new federal information security chief and proposing a significant increase in efforts to expand the nation’s cybersecurity workforce.
The administration is proposing a 35 percent increase in cybersecurity funding in its budget proposal, up to $19 billion from last year’s allocation of $14 billion.
The budget request is part of a cybersecurity plan that will have short- and long-term goals aimed at strengthening networks inside and outside government against hackers, protecting privacy, and raising Americans’ awareness of digital security measures.
“The cyberthreat continues to outpace our current efforts,” said Michael Daniel, White House cybersecurity coordinator, during a call with reporters Monday. “As we continue to hook more and more of our critical infrastructure up to the Internet and as we build out the Internet of Things, cyberthreats only become more frequent and more serious. If we do not begin to address the fundamental cybersecurity challenges we face effectively, we risk cybersecurity and the Internet becoming a strategic liability for the U.S.”
Officials said a big portion of the expanded budget request is aimed at further modernizing federal IT systems, building off last year’s Cybersecurity Implementation Plan.
Obama is proposing a $3.1 billion Information Technology Modernization Fund that will be used to expedite the replacement of antiquated federal systems that are costly to maintain and a growing cybersecurity liability.
“Over the last year, I have directly observed the need to modernize our information systems across the federal government,” said Tony Scott, federal chief information officer, during the media call. “We have a broad surface area of old, outdated technology that’s hard to secure, expensive to operate and on top of all of that, the skill sets need to maintain those systems are disappearing rather rapidly.”
The fund would operate out of the General Services Administration, with agencies needing to hit certain modernization benchmarks to continue receiving funds. Scott said the fund will also encourage agencies to use governmentwide shared services instead of building their own solutions from scratch.
Scott also announced the administration will be hiring a chief information security official within the next 60 to 90 days. The new CISO, who will report to Scott, will be responsible for overseeing cybersecurity policies within all federal civilian agencies, while working in collaboration with top-level Defense Department and intelligence agency counterparts.
“In reality, the CISO role is a policy coordinating role across the federal government,” Scott said Monday. “One of the things that’s unique about OMB, given the name, is that it has management and budget responsibilities. Those are two powerful things that can shape and influence practice in each agency.”
Outside of the federal government, Obama established a Commission on Enhancing National Cybersecurity, which will be made up of private sector cybersecurity experts who will make recommendations on how the public and private sector can better use and promote worthwhile cybersecurity practices.
A new cybersecurity awareness campaign aimed at increasing the use of multifactor authentication will also launch, with help from the National Cyber Security Alliance, Dropbox, Google, Facebook and Microsoft.
A fact sheet issued by the White House also focused on improving cybersecurity education and training nationwide, highlighting the budget’s $62 million plan to establish a cybersecurity corps reserve, core curriculum and student loan forgiveness programs for those who work in cybersecurity for the federal government. The proposal is in addition to the $4 billion that has been attached to the president’s Computer Science for All plan.
Additionally, Obama is signing an executive order Tuesday creating a Federal Privacy Council, bringing together privacy officials from across the federal government to ensure agencies are meeting federal privacy guidelines.
Scott compares it to the federal CIO Council, which offers a forum where agency tech execs can share ideas and best practices, and agree common standards. “I expect the privacy council will do the same thing,” he said. “It’s building on many things that have already gone on to make sure there is consistency policy and application across the federal government.”
The considerable increase in cybersecurity funding comes after a year that saw a number of government agencies, offices and officials fall victim to breaches and federal watchdog reports deem tools already in place as woefully behind the times.
As the conclusion of the call, Daniel said this plan will “measurably and demonstrably improve” the country’s cybersecurity footing but warned it will not completely stop attacks from occurring.
“This is a continuing threat of varying degree,” he said. “I think no matter how good we get, we will never stop all intrusions.”
Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.