Obama’s new cybersecurity agenda: What you need to know

The president wants to spend $3.1 billion to just to upgrade legacy systems.

In response to mounting cyber attacks on federal networks, President Barack Obama is seeking $19 billion for cybersecurity, more than a 35% increase over last year’s spending, and calling for a federal CISO to oversee all the upgrade of outdated and insecure cyber infrastructure.

The number of information security incidents grew more than 11-fold between 2006 and 2014 to 67,168, and attacks from other countries have been on the rise.

+More on Network World: Feds' primary network security weapon needs more bang+

Notably China has acknowledged that hackers there were connected to the breach of the Office of Personnel Management which lost comprehensive records of 22 million federal employees, contractors and job applicants.

Public-facing federal Web sites have been abused, most notoriously the Internal Revenue Service’s online services which coughed up detailed tax records of more than 334,000 taxpayers to hackers scamming the system.

To help stem the tide, Obama has announced the Cybersecurity National Action Plan, which lays down a series of specifics to stem the tide and modernize the government’s digital networks. It would strengthen security but also provide for the education of experts needed to ensure ongoing improvements.

Here are the essentials of the plan:

  • Allocate $3.1 billion for upgrading outdated and hard to secure cyber infrastructure.
  • Appoint a federal CISO to oversee the upgrade. The job will be to develop, manage and coordinate cybersecurity strategy, policy, and operations across the federal government.
  • Establish the Commission on Enhancing National Cybersecurity – This group of business and tech leaders, some of whom to be appointed by Congress, will draw a 10-year cybersecurity roadmap to promote best practices. The plan will include enhancing cybersecurity awareness, protecting privacy, maintaining public safety and economic and national security, and empowering Americans to take better control of their digital security. The group will be backed by the National Institute of Standards and Technology (NIST).
  • Up total spending on cybersecurity to $19 billion, a boost of more than 35% over last year.
  • Create the Federal Privacy Council to create strategic and comprehensive federal privacy policy across agencies.
  • Educate consumers about cybersecurity via the National Cyber Security Alliance, an existing non-profit that includes the Department of Homeland Security (DHS) as well as private businesses such as Symantec, Cisco, Microsoft, SAIC and EMC. It calls for encouraging use of multi-factor authentication as well as implementing an unnamed means of adoption of “effective identity proofing.”
  • Require agencies to do a risk assessment of the date they are in charge of, and then implement a plan to protect it better.
  • Push for shared IT services – such as cloud - to improve efficiency and lift the burden of individual agencies having to create their own secure infrastructure.
  • Expand Einstein, the DHS program that records and analyzes netflow records and runs an IDS on government network traffic. The expansion would include running all government Internet traffic through a few central locations and running it through an IPS. Expand the DHS Continuous Diagnostics and Mitigation program for automating network risk assessment.
  • Increase DHS cyber-defense teams to 48 to conduct penetration tests, search for intrusions, provide security expertise and incident response.
  • Expand the number of colleges and universities that are part of the National Centers for Academic Excellence in Cybersecurity program, and fund scholarships for cybersecurity degrees that incorporate a federal core cybersecurity curriculum. In return, recipients agree to work for the government in cybersecurity programs, with the possibility of student-loan forgiveness. That would be funded at $62 million.
  • Identity proof public-facing federal Web sites to prevent fraud, such as filing phony tax returns for the refunds.
  • Reducing federal use of Social Security numbers as a means of ID to help prevent identity theft.
  • Support regional cybersecurity training for small businesses through the Small Business Administration, the Federal Trade Commission and NIST.
  • Create a testbed to test defenses for critical infrastructure such as the electric grid. This is run by DHS, Department of Commerce and Department of Energy.
  • Develop a program to certify that Internet of Things devices are secure.
  • Lay out strategic R&D goals for cybersecurity technology.
  • Work with and help fund open source technologies to ensure their security.

Join the CSO newsletter!

Error: Please check your email address.

More about CiscoDepartment of CommerceEMCFederal Trade CommissionInternal Revenue ServiceIPSMicrosoftSymantecTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place