IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

What Obama Did for Tech: Cybersecurity

The federal government has been less impervious to cyberthreats than many might have expected.

Editor's note: This story is part of a six-part series on how Obama has, over the last eight years, elevated the profile of IT in the public sector. He taught government how to ride the technology bicycle, so to speak. A future president who neglects technology won’t be able to make it forget the skills taught through the influence of Silicon Valley and startup culture, said Aneesh Chopra, the nation’s first chief technology officer.

The popular cybersecurity adage that “there is no silver bullet” has never been more true. Reports of evolving threat vectors and breaches have become a normal part of everyday life in the digital age. And the federal government has been less impervious than many might have expected. In 2015, the breach of the Office of Personnel Management compromised the sensitive information of some 21.5 million employees. The IRS suffered a similar, though less dramatic, set of breaches that left taxpayer data vulnerable. Such intrusions added to the uneasiness around the government’s ability to adequately protect its tech infrastructure, as well as the data it holds.

At the White House, this discord translated to new partnerships with many of Silicon Valley’s biggest names. But issues around privacy slowed efforts to encourage the sharing of threat information between the public and private sectors. After much legislative wrangling, Congress passed the Cybersecurity Information Sharing Act of 2015 (CISA), which permits unclassified information to be shared inside and outside specific government agencies, and classified information to external sources with appropriate security clearance, providing immunity to the private sector for lawsuits that might result from monitoring they do in the name of CISA. Other safeguards are intended to protect personal information involved in cyberthreat disclosures, charging the U.S. Attorney General and Homeland Security Secretary with publishing guidelines to help businesses understand and comply with the law.

Federal leadership can also be found in the cyberframework set by the National Institute of Standards and Technology, which provides a common language with which to talk about and develop policy around cybersecurity. With more coherent national standards, governments at all levels have been better able to assess their security status and build effective barriers against cyberattacks. Standards set by FedRAMP — see Cloud by Default — has also helped ensure governments considering the cloud can more easily meet security thresholds