President Obama released the Cybersecurity National Action Plan (CNAP) – a response to the growing number of cyberattacks on federal networks that seeks seeking $19 billion for cybersecurity, a considerable increase from last year (more than 35%). The plan aims to strengthen not only the security of the U.S. government, but the defenses of companies and American citizens as well.
“I’m confident we can unleash the full potential of American innovation, and ensure our prosperity and security online for the generations to come”, said President Obama.
Does anyone feel safe anymore?
Technology has improved every aspect of our lives, but from time to time, some of us probably wonder: what price will we end up paying for our own evolution? It seems that we reached a critical point in our existence, where every technological advancement comes with a list of possible side effects (cyberthreats). How can anyone feel safe when we read about a new high-level breach almost every day? Can an individual feel safe after he finds out CIA Director John Brennan or Department of Homeland Security Secretary Jeh Johnson got hacked? How about when he finds out about the massive data breach that hit the Office of Personnel Management in June of last year?
China-based hackers (supposedly) compromised the information of more than 21.5 million federal employees. This is actually one of the strong arguments for the increase requested by the Cybersecurity National Action Plan. President Obama summed the situation in his essay in The Wall Street Journal: “With more than 100 million Americans’ personal data compromised in recent years—including credit-card information and medical records—it isn’t surprising that nine out of 10 Americans say they feel like they’ve lost control of their personal information.”
Every new research predicts an increase in cyberthreats. It’s quite logical if we think about it. On a small scale, it’s more profitable than pickpocketing. On a larger scale, the cyberattack can be effective and devastating, with better chances of success and fewer resources invested than a physical attack. The possible attack channels are also increasing every day. Easier transactions also mean new possible ways to get hacked.
President Obama also insisted in his essay on pointing out the vulnerability of the federal computer systems, comparing government IT to an Atari game in an Xbox world. The $3 billion fund meant to start the replacement of old federal computer systems is one of the most important propositions in the CNAP.
“No successful business could operate this way,” wrote the president. “Going forward, we will require agencies to increase protections for their most valued information and make it easier for them to update their networks. And we’re creating a new federal position, Chief Information Security Officer—a position most major companies have already adopted—to drive these changes across government.”
Cybersecurity National Action Plan – essential excerpts
Here are the most important proposals from the plan, structured based on their relevance:
1. Government
– Modernize Government IT and transform how the Government manages cybersecurity through the proposal of a $3.1 billion Information Technology Modernization Fund
– Formation of a new position – the Federal Chief Information Security Officer (CISO) – to drive these changes across the Government. The CISO will report to Chief Information Officer Tony Scott.
– Boost total spending on cybersecurity to over $19 as part of the President’s Fiscal Year (FY) 2017 Budget.
– The Department of Homeland Security is enhancing Federal cybersecurity by expanding the EINSTEIN and Continuous Diagnostics and Mitigation programs. The President’s 2017 Budget supports all Federal civilian agencies adopting these capabilities.
– The Department of Homeland Security is dramatically increasing the number of Federal civilian cyber defense teams to a total of 48, by recruiting the best cybersecurity talent from across the Federal Government and private sector.
– The release of the 2016 Federal Cybersecurity Research and Development Strategic Plan – lays out strategic research and development goals for the Nation to advance cybersecurity technologies driven by the scientific evidence of efficacy and efficiency.
2. Businesses
– Establish the “Commission on Enhancing National Cybersecurity.” This Commission will be comprised of top strategic, business, and technical thinkers from outside of Government – including members to be designated by the bi-partisan Congressional leadership. The Commission will make recommendations on actions that can be taken over the next decade to strengthen cybersecurity in both the public and private sectors.
– The Small Business Administration (SBA), partnering with the Federal Trade Commission, the National Institute of Standards and Technology (NIST), and the Department of Energy, will offer cybersecurity training to reach over 1.4 million small businesses and small business stakeholders.
– The Department of Homeland Security, the Department of Commerce, and the Department of Energy are contributing resources and capabilities to establish a National Center for Cybersecurity Resilience where companies and sector-wide organizations can test the security of systems in a contained environment, such as by subjecting a replica electric grid to cyber-attack.
3. Citizens
– Empower Americans to secure their online accounts by moving beyond just passwords and adding an extra layer of security. The initiative will focus on multi-factor authentication campaigns, and partnerships with leading technology firms to make the processes easier.
– The National Initiative for Cybersecurity Education will enhance cybersecurity education and training nationwide and hire more cybersecurity experts to secure Federal agencies. As part of the CNAP, the President’s Budget invests $62 million in cybersecurity personnel.
– Expand the cybersecurity workforce by: enhancing student loan forgiveness programs for cybersecurity experts joining the Federal workforce, and catalyzing investment in cybersecurity education.
– The Federal Trade Commission recently relaunched IdentityTheft.Gov, to serve as a one-stop resource for victims to report identity theft, create a personal recovery plan, and print pre-filled letters and forms to send to credit bureaus, businesses, and debt collectors.
– Federal Government has supplied over 2.5 million more secure Chip-and-PIN payment cards, and transitioned to this new technology the entire fleet of card readers managed by the Department of the Treasury.
The ripple effect
Government and tech publications are flooded with security news, and for good reason. The attacks are getting worse and we reached that sink-or-swim moment, where in order to swim, you have to adapt your security to fight off the current threats.
Even if no one will argue with the necessity of the CNAP measures, some of them might still be shut down. There is a considerable amount of money involved. What’s certain is that the Cybersecurity National Action Plan will create a ripple effect among other industries as well. Businesses everywhere will undoubtedly take notice of these efforts and realize that a cyberattack might end up costing much more than an upgrade.
