Last December, Congress passed the much anticipated Cyber Information Sharing Act (CISA) which encourages reciprocal sharing of cybersecurity data breach and cyber threat information between the federal government and the private sector. Since its passing, many have speculated that this bill, the first of many, serves as a building block for many cyber related bills to come. As part of President Obama’s 2017 fiscal year budget plan, The Cybersecurity National Action Plan (CNAP) “features short – and long-term initiatives to tackle the nation’s cyber vulnerabilities.” With the impact of cyber-related criminal activity reaching an estimated $445 billion on the global economy, landmark steps must be taken to stay ahead of constantly evolving cyber threats. In short, CNAP requests $19 billion for cybersecurity in 2017 and plans to collaborate with the private sector to establish key and monumental cybersecurity programs. Included in CNAP are five primary elements:
Commission on Enhancing National Cybersecurity: The commission, established by executive order, will be composed of 12 unpaid, presidential appointees from outside of government. By December 1, the commission will recommend actions to diagnose and address the causes of cyber vulnerabilities.
Information Technology Modernization Fund (ITMF): ITMF requires agencies to identify and prioritize their highest value and most at-risk IT assets. The president’s fiscal year 2017 budget will include a $3.1 billion ITMF to help federal agencies and departments replace legacy information systems and modernize their cybersecurity postures.
Federal Chief Information Security Officer (CISO): The administration will create a federal CISO at the career, senior executive service level to drive cybersecurity policy, planning and implementation across the federal government.
Federal Cyber Workforce Development: The budget proposes to invest $62 million in cybersecurity personnel. Aspects of the program include building a federal cybersecurity reserve of professionals, writing a core cybersecurity curriculum and forgiving student loan for cybersecurity experts.
Privacy Executive Order (EO): A privacy executive order creates a permanent federal council made up of agency and department chief privacy officers. The council is expected to focus on sharing privacy best practices and not on investigating companies’ use of data.