Four Presidential Priorities for Cybersecurity

By Eric Noonan • February 24, 2016

In a recent Wall Street Journal article President Obama announced a new “Cybersecurity National Action Plan” which would increase federal cybersecurity funding north of $19 billion. Although, it is unclear if any of this spending will actually be funded as House Budget Committee Chairman Tom Price (R-GA) and Senate Budget Committee Chairman Mike Enzi (R-WY) have already declared that both committees will not hold a hearing to review the president’s FY 2017 Budget. Politics aside, it’s encouraging to see a dialogue happening at the highest levels of our government on such an important topic.

The Four Major Priorities that are Being Proposed

1: $3 Billion Fund to Kick-start an Overhaul of Federal Computer Systems

First, the President is proposing a $3 billion fund to kick-start an overhaul of federal computer systems and going forward, agencies will be required to increase protections for their most valued information and make it easier for them to update their networks. Additionally, he’s proposed creating a new federal position, Chief Information Security Officer, a position he notes that most major companies have already established. Of course the devil is in the details as to how the money is spent but in general the government, like most corporations, needs to invest more in cybersecurity. In our experience, the investment should prioritize people and process rather than the short-sighted rush to procure more tools supported by an already overworked staff following undocumented processes.

2: Stepping Up Efforts to Build a Corps of Cyber Professionals Across Government Agencies
Second, the President has proposed stepping up efforts to build a corps of cyber professionals across government agencies to push best practices at every level. This includes offering scholarships and forgiving student loans to recruit talent from Silicon Valley and across the private sector.  I’m sure loan forgiveness would be appreciated by many, but creatively funding internships, certifications or co-ops that would integrate classroom studies with professional work experience should also be considered to propel this effort to create cybersecurity practitioners.

3: Strengthening Partnerships with the Private Sector to Deter, Detect and Disrupt Threats

Third, the President is strengthening partnerships with the private sector to deter, detect and disrupt threats, including to the nation’s critical infrastructure. This has been an ongoing effort for several years and many of the team here at CyberSheath were a part of the initial efforts on this front in 2007 and 2008; I personally had the privilege of testifying before the House Armed Security Committee on the effectiveness of the Defense Industrial Base Cybersecurity Initiative. Ultimately those efforts matured and resulted in the most recent iteration, NIST 800-171,  which will become mandatory for tens of thousands of contractors in 2017. Having seen the potential for transformation firsthand we believe strongly in these partnerships.

4: Empower Americans to Protect themselves Online by Launching a New National Awareness Campaign

Lastly, the President wants to do more to empower Americans to protect themselves online by launching a new national awareness campaign to raise awareness of cyber threats and encourage more Americans to move beyond passwords—adding an extra layer of security like a fingerprint or codes sent to your cellphone. Done correctly this could collectively do a lot of good. Two-factor authentication technology is widely available and relatively easy to use so de-mystifying it and encouraging Americans to take advantage of the additional level of security it provides would be a welcome improvement.
Again, it’s unclear how much if any of these initiatives are tied to a proposed budget that may not even be reviewed but I am encouraged that the government continues to recognize the national security implications of cybersecurity and is doing something about it.

Did You Like This Post?

Subscribe to CyberSheath’s blog today to receive email updates as new posts become published.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft