“It is no secret that too often government IT is like an Atari game in an Xbox world.” —US President Barack Obama, WSJ Opinion
The White House announced the Cybersecurity National Action Plan (CNAP) on February 8 in recognition of the threat that cybersecurity poses to the United States. This follows the passage of the Cybersecurity Act of 2015. President Barack Obama has proposed that $19 billion of the $4.1 trillion budget proposed for the 2017 fiscal year be set aside to fund this initiative (up $5 billion from the $14 billion requested for the 2016 fiscal year).
Highlights of the proposed CNAP include the following:
- Establishing the Commission on Enhancing National Cybersecurity, composed of strategic, business, and technical thinkers from the private sector, including those designated by bipartisan congressional leadership.
- Proposing a $3.1 billion Information Technology Modernization Fund that includes the formation of a new position, the federal chief information security officer. This will mark the first dedicated senior official whose job is entirely composed of developing, managing, and coordinating cybersecurity strategy, policy, and operations across the federal domain.
- Promoting cybersecurity awareness and security for citizens through multiple outlets.
- The National Cyber Security Alliance will launch a new National Cybersecurity Awareness Campaign that will partner with leading, global technology firms to help consumers secure their online accounts and with leading, global financial firms to make online transactions more secure.
- The CNAP will implement stronger and more effective identity proofing and multifactor authentication methods with less reliance on Social Security numbers for online transactions between the federal government and citizens.
- The US Department of Homeland Security will support the initiative by
- expanding the EINSTEIN and Continuous Diagnostics and Mitigation programs and
- increasing its federal civilian cyber defense teams from 10 to 48. These teams will respond to incidents, conduct penetration testing, proactively hunt for intruders on federal networks, and help agencies design more secure systems.
- Investing $62 million in cybersecurity personnel, including creating and expanding related scholarships and education programs and enhanced student loan forgiveness.
- Creating a new National Cybersecurity Center of Excellence.
- Establishing a national testing lab where companies can test their systems’ security under simulated attacks, and offering cybersecurity training to more than 1.4 million small businesses and their workers through the Small Business Administration.