WASHINGTON — The Obama administration announced a new cybersecurity strategy on Tuesday, calling for a 35% increase in funding to bolster private and public defenses and the creation of a new chief information security officer position for the government.
President Obama has frequently cited worries about cybersecurity, including last year when the White House held a cybersecurity summit in at Stanford University in California. But high-profile data breaches, like one at the Office of Personnel Management that exposed the personal information of more than 20 million government employees, have served as a stark reminder that more needs to be done.
The administration's 2017 budget, which is to be released Tuesday morning, earmarks $19 billion to fund cybersecurity improvements. Following are some of the highlights of the "Cybersecurity National Action Plan":
-
While cybersecurity has already been part of bank exams for years, the Federal Deposit Insurance Corp. is highlighting it as a separate comment in order to ensure the issue is getting appropriate attention from bank executives and boards.
November 12 -
The White House and other Democrats have long pushed for banks to offer affordable small-dollar loans as an alternative to payday loans and other costlier credit, but banks have struggled to make them profitable and safe for consumers.
February 8 -
A cybersecurity assessment tool designed to help bankers bolster their defenses against hackers and other cybercriminals is continuing to sow confusion among bankers, with some arguing it is effectively imposing tougher standards on the industry.
February 5 -
Bankers, technology CEOs and President Obama are throwing everything they have at countering the growing threat of cyber attacks, putting their faith in biometrics, tokenization and data sharing. But it's far from clear that it will be enough.
February 13
More money to bolster federal government cybersecurity
The proposed budget calls for a $3.1 billion "down payment" on the Information Modernization Fund, which will be a revolving fund used to update and replace outdated infrastructures, networks and systems.
The president is also requiring agencies to identify their most valuable and highest-risk assets and increasing shared services within the federal government so that individual agencies do not have to build their own systems in-house.
The White House said it has created a new position, federal chief information security officer, to lead cybersecurity initiatives. The administration added that it is also "dramatically increasing the number of federal civilian cyber defense teams" at the Department of Homeland Security to 48.
Encouraging the use of multifactor authentication
The administration said it wants the public and others to rely less on a single password as a source of authentication. It wants to add a second method, such as a text-messaged code or fingerprint, that would be required along with a password in order to access services or make payments. Multifactor authentication will also be fast-tracked for government services such as tax and benefits information.
Under the plan, the government will also reduce its use of Social Security numbers. The Small Business Administration would also partner with the Federal Trade Commission and the National Institute of Standards and Technology to provide cybersecurity training to 1.4 million small businesses.
Assisting the private sector
The Department of Homeland Security will double the number of cybersecurity advisors available to the private sector. They will help with cyber assessments and implementation.
The agency is also partnering with industry to develop a "Cybersecurity Assurance Program" to certify "Internet of Things" technology.
The National Institute of Standards and Technology is also asking for feedback to improve its cybersecurity framework, which has been used as a baseline for a number of agencies' own cybersecurity requirements.
In the spring, the administration will release a national cyber incident coordination policy so that government agencies can have a methodology in determining the severity of a breach and determine the needed level of attention and remediation.
Creating a new government council
Obama signed an executive order on Tuesday to create a permanent Federal Privacy Council that will focus on reforming the federal government's privacy guidelines and continue to review policies as new technologies and the use of "Big Data" become more prevalent.
The administration is also seeking to establish a commission of "top strategic, business, and technical thinkers from outside of government" to make suggestions on how to improve cybersecurity.