Throughout his tenure as President, Obama has frequently alluded to his worries about cybersecurity. Recent high-profile data breaches in both the public and private sector, such as the Anthem and Office of Personnel Management breaches, have brought this concern to light as both private entities and the Federal Government have expressed a need to ramp up cybersecurity practices and in some cases, we have seen success. However, just about everyone can agree that more needs to be done to defeat the war on cybercrime. Accordingly, the Obama administration has announced a new cybersecurity strategy “calling for a 35% increase in funding to bolster private and public defenses and the creation of a new chief information security officer position for the government.” This increase in funding, which is part of the administration’s 2017 budget, includes $19 billion to fund cybersecurity improvements. Some highlights of the “Cybersecurity National Action Plan” are:
- More money to bolster federal government cybersecurity: The proposed budget incorporates a $3.1 billion “down payment” on the Information Modernization Fund which will be used to “update and replace outdated infrastructures, networks and systems.” President Obama has also created a CISO government position while also “dramatically increasing the number of federal civilian cyber defense teams” at the DHS to 48.
- Encouraging the use of multifactor authentication: The White House also wants the government, businesses and civilians to rely less on a single password as a source of authentication. By adding a text-messaged code or fingerprint as a second method, criminals would have a harder time in accessing unauthorized information.
- Assisting the private sector: The Department of Homeland Security plans to double the number of cybersecurity advisors available to the private sector to assist in “cyber assessments and implementation.” Additionally, the National Institute of Standards and Technology is focused on improving its cybersecurity framework, which is used as a framework for many agencies’ own cybersecurity requirements. Lastly, the White House is working on a national cyber incident coordination policy to create a methodology to determine the severity of a breach and the necessary level of attention needed to respond.
- Creating a new government council: Obama has signed an executive order to “create a permanent Federal Privacy Council that will focus on reforming the federal government’s privacy guidelines and continue to review policies as new technologies and the use of “Big Data” become more prevalent.”