WASHINGTON — The Obama administration announced a new cybersecurity strategy on Tuesday, calling for a 35% increase in funding to bolster private and public defenses and the creation of a new chief information security officer position for the government.
President Obama has frequently cited worries about cybersecurity, including last year when the White House held a cybersecurity summit in at Stanford University in California. But high-profile data breaches, like one at the Office of Personnel Management that exposed the personal information of more than 20 million government employees, have served as a stark reminder that more needs to be done.
The administration's 2017 budget, which is to be released Tuesday morning, earmarks $19 billion to fund cybersecurity improvements. Following are some of the highlights of the "Cybersecurity National Action Plan":
More money to bolster federal government cybersecurity
The proposed budget calls for a $3.1 billion "down payment" on the Information Modernization Fund, which will be a revolving fund used to update and replace outdated infrastructures, networks and systems.
The president is also requiring agencies to identify their most valuable and highest-risk assets and increasing shared services within the federal government so that individual agencies do not have to build their own systems in-house.
The White House said it has created a new position, federal chief information security officer, to lead cybersecurity initiatives. The administration added that it is also "dramatically increasing the number of federal civilian cyber defense teams" at the Department of Homeland Security to 48.
Encouraging the use of multifactor authentication
The administration said it wants the public and others to rely less on a single password as a source of authentication. It wants to add a second method, such as a text-messaged code or fingerprint, that would be required along with a password in order to access services or make payments. Multifactor authentication will also be fast-tracked for government services such as tax and benefits information.
Under the plan, the government will also reduce its use of Social Security numbers. The Small Business Administration would also partner with the Federal Trade Commission and the National Institute of Standards and Technology to provide cybersecurity training to 1.4 million small businesses.
Assisting the private sector
The Department of Homeland Security will double the number of cybersecurity advisors available to the private sector. They will help with cyber assessments and implementation.
The agency is also partnering with industry to develop a "Cybersecurity Assurance Program" to certify "Internet of Things" technology.
The National Institute of Standards and Technology is also asking for feedback to improve its cybersecurity framework, which has been used as a baseline for a number of agencies' own cybersecurity requirements.
In the spring, the administration will release a national cyber incident coordination policy so that government agencies can have a methodology in determining the severity of a breach and determine the needed level of attention and remediation.
Creating a new government council
Obama signed an executive order on Tuesday to create a permanent Federal Privacy Council that will focus on reforming the federal government's privacy guidelines and continue to review policies as new technologies and the use of "Big Data" become more prevalent.
The administration is also seeking to establish a commission of "top strategic, business, and technical thinkers from outside of government" to make suggestions on how to improve cybersecurity.