Four Presidential Priorities for Cybersecurity

By Eric Noonan • February 24, 2016

In a recent Wall Street Journal article President Obama announced a new “Cybersecurity National Action Plan” which would increase federal cybersecurity funding north of $19 billion. Although, it is unclear if any of this spending will actually be funded as House Budget Committee Chairman Tom Price (R-GA) and Senate Budget Committee Chairman Mike Enzi (R-WY) have already declared that both committees will not hold a hearing to review the president’s FY 2017 Budget. Politics aside, it’s encouraging to see a dialogue happening at the highest levels of our government on such an important topic.

The Four Major Priorities that are Being Proposed

1: $3 Billion Fund to Kick-start an Overhaul of Federal Computer Systems

First, the President is proposing a $3 billion fund to kick-start an overhaul of federal computer systems and going forward, agencies will be required to increase protections for their most valued information and make it easier for them to update their networks. Additionally, he’s proposed creating a new federal position, Chief Information Security Officer, a position he notes that most major companies have already established. Of course the devil is in the details as to how the money is spent but in general the government, like most corporations, needs to invest more in cybersecurity. In our experience, the investment should prioritize people and process rather than the short-sighted rush to procure more tools supported by an already overworked staff following undocumented processes.

2: Stepping Up Efforts to Build a Corps of Cyber Professionals Across Government Agencies
Second, the President has proposed stepping up efforts to build a corps of cyber professionals across government agencies to push best practices at every level. This includes offering scholarships and forgiving student loans to recruit talent from Silicon Valley and across the private sector.  I’m sure loan forgiveness would be appreciated by many, but creatively funding internships, certifications or co-ops that would integrate classroom studies with professional work experience should also be considered to propel this effort to create cybersecurity practitioners.

3: Strengthening Partnerships with the Private Sector to Deter, Detect and Disrupt Threats

Third, the President is strengthening partnerships with the private sector to deter, detect and disrupt threats, including to the nation’s critical infrastructure. This has been an ongoing effort for several years and many of the team here at CyberSheath were a part of the initial efforts on this front in 2007 and 2008; I personally had the privilege of testifying before the House Armed Security Committee on the effectiveness of the Defense Industrial Base Cybersecurity Initiative. Ultimately those efforts matured and resulted in the most recent iteration, NIST 800-171,  which will become mandatory for tens of thousands of contractors in 2017. Having seen the potential for transformation firsthand we believe strongly in these partnerships.

4: Empower Americans to Protect themselves Online by Launching a New National Awareness Campaign

Lastly, the President wants to do more to empower Americans to protect themselves online by launching a new national awareness campaign to raise awareness of cyber threats and encourage more Americans to move beyond passwords—adding an extra layer of security like a fingerprint or codes sent to your cellphone. Done correctly this could collectively do a lot of good. Two-factor authentication technology is widely available and relatively easy to use so de-mystifying it and encouraging Americans to take advantage of the additional level of security it provides would be a welcome improvement.
Again, it’s unclear how much if any of these initiatives are tied to a proposed budget that may not even be reviewed but I am encouraged that the government continues to recognize the national security implications of cybersecurity and is doing something about it.

Did You Like This Post?

Subscribe to CyberSheath’s blog today to receive email updates as new posts become published.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security