White House Announces National Cybersecurity Action Plan, Chief Information Security Officer Position

The Obama administration outlined the need for an increased emphasis on cybersecurity given rising threat levels and a need to adapt to the rapidly changing environment.

by / February 9, 2016

The White House announced Tuesday, Feb. 9, that it will be rolling out a comprehensive new plan to bolster the nation’s cybersecurity standing.

Under the Cybersecurity National Action Plan (CNAP), announced as part of the president’s 2017 budget, the Obama administration outlined the need for an increased emphasis on cybersecurity given rising threat levels and a need on the part of the government and the public to adapt to the rapidly changing environment.

The announcement comes just one day after hackers released the contact information of around 20,000 FBI employees and officials with the National Institute of Science and Technology dedicated new facilities for the expanded National Cybersecurity Center of Excellence (NCCoE) in Maryland as part of a collaborative effort between the federal government and private industry.

Among the major action items listed in the plan was the creation of the Commission on Enhancing National Cybersecurity and the creation of a federal chief information security officer (CISO). The role of chief information officer (CIO) was created in 2009.

“Criminals, terrorists and countries who wish to do us harm have all realized that attacking us online is often easier than attacking us in person,” the administration said in a release. “As more and more sensitive data is stored online, the consequences of those attacks grow more significant each year.  Identity theft is now the fastest growing crime in America.” 

The commission will comprise “top strategic, business and technical thinkers from outside the government” and will be tasked with taking stock of the digital security standing and making recommendations to improve protections, according to the release.

“The president’s plan takes new action both now and in the long term to help the conditions we need to improve our approach on cybersecurity across the federal government, the private sector and our personal lives,” Cybersecurity Coordinator Michael Daniel said in a blog post Tuesday.

The creation of a top security positon marks the first administrative role dedicated to the oversight of and development of federal cybersecurity.

A Federal Privacy Council was also created through an executive action. The action creates a framework to better protect the private information of citizens, expands skills and career development for agency professionals, and creates an environment for sharing best practices among 24 listed agencies.

In addition to the aforementioned steps, the president’s 2017 budget outlines $3.1 billion for an Information Technology Modernization Fund, which the officials say will act as a down payment for future upgrades and boosts cybersecurity spending across the board by $19 billion.  

“While there is no silver bullet to fully guarantee our data security, the president has done a lot to enhance security measures on a lot of our daily activities to protect our private information," Daniel wrote. "Last year, he took executive action as part of his BuySecure Initiative to help drive the market toward more secure payments by pushing companies to use microchips instead of magnetic strips or PINs on credit, debit and other payment cards."

The cybersecurity blueprint would also require federal agencies to “identify and prioritize their highest value and most at-risk IT assets” and take steps to remedy security shortcomings. 

A call for multifactor identification, or two-step identification processes, may also become a reality at the federal level. 

“The president is calling on Americans to move beyond just the password to leverage multiple factors of authentication when logging-in to online accounts,” the release reads. “Private companies, nonprofits and the federal government are working together to help more Americans stay safe online through a new public awareness campaign that focuses on broad adoption of multi-factor authentication.”

NEW ON THE PODCAST

The Districts Podcast: Detroit and Houston or Bust