Modern field guide to security and privacy

White House reveals plan to bolster American cybersecurity

The Cybersecurity National Action Plan, which will be announced Tuesday, comes as the government scrambles to improve its own cybersecurity in the wake of the massive breach on the Office of Personnel Management.

|
Jonathan Ernst/Reuters
President Obama at a press briefing in Washington on Feb. 5.

The White House is rolling out a major initiative to fortify the government's digital defenses and educate Americans about ways they can improve their own digital security.

The Cybersecurity National Action Plan (CNAP), which will be announced Tuesday, comes as the government is scrambling to improve its own cybersecurity after the Office of Personnel Management breach that exposed intimate details on some 22 million people.

The government's plan is also meant to help businesses better protect networks and sensitive information from hackers who have successfully infiltrated major American banks, healthcare companies, and retailers over the past year.

If Washington doesn't take action to bolster the nation's digital security, said President Obama's Cybersecurity Coordinator Michael Daniel, "we risk cybersecurity and the Internet becoming a strategic liability for the US."

Obama’s budget request to Congress Tuesday would boost cybersecurity spending to $19 billion for fiscal year 2017, a 35 percent increase over the resources he allocated for cybersecurity this fiscal year.

Mr. Daniel and other officials offered more details on how that money would be spent under the CNAP. The White House wants $3.1 billion for a special Information Technology Modernization Fund to retire and replace aging systems in the federal government.

"Over the last year, I’ve become acutely aware of the challenges agencies face in trying to upgrade and modernize the systems," said Tony Scott, the federal chief information officer. "We’re going to prioritize applications in federal agencies that have a high cybersecurity challenge."

To oversee this effort, the White House plans to create a new job: A federal chief information security officer, who would coordinate information security practices across the civilian agencies. "That’s a key role that many private sector companies have long implemented, and is good practice for the federal government," said Mr. Scott, who hopes the post will be filled within 90 days.

The White House is also announcing a $62 million investment in programs, grants, and scholarships designed to enhance the "quality of people, and quality of skills, in the cybersecurity workforce available to the government," Scott said. "We’ve all understood quite acutely there’s a shortage of people skills with the right cybersecurity education and skills across the federal government."

Symantec, a security software vendor, has projected the demand for skilled cybersecurity workers will rise to 6 million by 2019 – but fall short by 1.5 million people. Meanwhile, the US government and private companies are competing over available talent.

A new CyberCorps Reserve program will offer scholarships for Americans to get cybersecurity education and serve in the civilian federal government. The government will also work on a curriculum to ensure the graduates will be well-trained, Scott said. It will also implement a loan forgiveness program for cybersecurity experts who join the federal workforce.

The Obama administration’s plan extends also to the public, with a focus on encouraging Americans to move beyond passwords and use multiple factors of authentication to log in to their online accounts, such as via fingerprints or codes sent to mobile devices. The nonprofit National Cyber Security Alliance will partner with tech companies such as Google, Facebook, and Microsoft to make it easier for users secure their accounts online.

And the White House wants to strengthen core Internet technologies, said Ed Felten, deputy US chief technology officer. "Just as the roads and bridges and physical infrastructure need repair and upkeep… the same is true for Internet infrastructure," he said.

The Homeland Security, Commerce, and Energy departments are contributing resources and capabilities to establish a National Center for Cybersecurity Resilience, according to a White House factsheet. The cybersecurity center is designed so companies and organizations can test security of systems in a controlled environment – "such as by subjecting a replica electric grid to cyberattack," according to the factsheet.

And a new Cybersecurity Assurance Program will test and certify connected devices, from refrigerators to medical infusion pumps, "so that when you buy a new product, you can be sure that it has been certified to meet security standards."

On the privacy front, Obama signed an executive order to create a permanent Federal Privacy Council, uniting privacy officials from across the government to implement more strategic and comprehensive federal privacy guidelines, the factsheet said. "Like cybersecurity, privacy must be effectively and continuously addressed as our nation embraces new technologies, promotes innovation, reaps the benefits of big data and defends against evolving threats."

While the budget – and the modernization fund – will require congressional approval, Scott expects broad support from Congress for the plan. "Cyber, thus far, has not been a partisan issue," he said.

But much of the CNAP, officials said, the White House can carry out on its own.

"Much of this package we can do either under existing executive authorities, or can get done by driving our existing authorities to the limit,” said Daniel, the White House cybersecurity coordinator. "This plan is as aggressive as we can get under existing authorities and we can do quite a bit of it without additional resources."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to White House reveals plan to bolster American cybersecurity
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0209/White-House-reveals-plan-to-bolster-American-cybersecurity
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe