Obama’s National Action Plan for Cybersecurity Seeks Boosts in Personnel Awareness, Protections

A national action plan issued by the White House seeks to take near-term actions to enhance cybersecurity awareness and protections, including investing more than $19 billion in resources for cybersecurity.

The Cybersecurity National Action Plan (CNAP) announced on February 9 is the “capstone” of more than seven years of efforts by the Obama administration to tackle the ever-present and growing cybersecurity threat, the White House said in a fact sheet.

Calling on the Nation’s Private Sector Thinkers

Among its measures, the plan directs the federal government to establish a commission to enhance national cybersecurity, comprising 12 congressionally appointed “thinkers” from the private sector. That commission will recommend actions that can be taken over the next 10 years to strengthen cybersecurity while protecting privacy for both the public and private sectors, and issue a report that is due to the president by December 1.

The CNAP also calls for the creation of a $3.1 billion “Information Technology Modernization Fund” to modernize the government’s legacy IT, and it creates a new position—Federal Chief Information Security Officer—to drive those changes. It also allots $62 million to increase governmental cybersecurity personnel. Measures to expand the workforce include enhancing student loan forgiveness programs for cybersecurity experts joining the federal workforce.

Otherwise, it calls on Americans to secure online accounts by adding more layers of security beyond passwords, such as fingerprints or single-use codes.

Finally, it calls for $19 billion of cybersecurity investments, proposed as part of the president’s Fiscal Year (FY) 2017 budget. The budget proposal represents more than a 35% increase from FY 2016. This will include doubling the number of cybersecurity advisors available to help private sector organizations, and tests and certifications of networked devices within the “Internet of Things.”

Meanwhile, the administration will also “lead the international effort in adopting principles of responsible state behavior,” the White House said. And, the Department of Justice and Federal Bureau of Investigation will increase their funding for cybersecurity-related activities by 23%, it said.

Over the spring, the administration plans to release a policy for national cyber incident coordination as well as a severity methodology for evaluating cyber incidents “so that government agencies and the private sector can communicate effectively and provide an appropriate and consistent level of response.”

In a statement, President Obama also called upon the nation’s “top strategic business, and technical thinkers from outside of government” to study and report on what more can be done to enhance cybersecurity awareness and protections.

A Boon for Industry?

Yoni Shohet, CEO and co-founder of industrial network security group SCADAfence, told POWER on February 10 that the new proposal could prove helpful in protecting critical infrastructure and manufacturers, the power industry included.

“Because critical systems are more connected to external environments, they are exposed to new cyber risks,” he said. “Government action can help mediate this risk by raising awareness to today’s myriad of threats, exposing operators to best practices, and improving the ability to test and evaluate the current security level of existing environments.”

Sonal Patel, associate editor (@POWERmagazine, @sonalcpatel)

Editor’s note: Updated Feb. 11: Adds quotes from Yoni Shohet.