The Obama administration has introduced its Cybersecurity National Action Plan, which would create a federal chief information security officer, establish a new commission tasked with protecting computer networks, and increase coordination between federal officials who focus on privacy issues.
Part of the plan is a much-needed software patching and updating audit, and more training and recruiting for cybersecurity specialists.
None of this will be cheap, of course—the White House will look for Congress to approve a 35% increase in the cybersecurity budget to secure $19 billion in funding for implementation starting next year. About $3 billion of that will be earmarked for the IT modernization effort.
"The cyber-threat continues to outpace our current efforts," Michael Daniel, the White House's cybersecurity coordinator, told reporters on a conference call.
"The President’s Cybersecurity National Action Plan aims to modernize agencies’ technology and user behavior, and we believe it is a broadly positive step forward,” Harley Geiger, director of public policy, Rapid7, said via email. “If implemented, the proposal will help support federal agencies that are very much in need of more secure IT to help prevent or mitigate more serious breaches. We hope Congress and the Administration will collaborate to execute this plan.”
It’s unlikely however that the president’s plan will be supported by Republicans, who have vowed to not consider any new funding this year ahead of the election. Geiger said that they may make an exception for cybersecurity efforts.
“Last year, Congress made cybersecurity a clear priority as it passed a cybersecurity information-sharing bill, but, as demonstrated by the President’s proposal, information sharing is only one of many actions needed to strengthen cybersecurity,” he said. “The President’s plan would help address some other needed improvements, though there is still a long way to go before US national cyber defenses are commensurate with today’s threat landscape."
The news comes as US officials are reeling in the wake of an attack by an anonymous hacker who claimed to have stolen the details of 29,000 government employees including FBI staffers.
The hacker is said to have compromised the email account of a DoJ employee, attempted to log-in to a departmental portal and then phoned up the help desk when that failed. The breached data included phone numbers, email addresses and job titles for 20,000 Department of Justice employees and a further 9,000 working for the Department of Homeland Security, according to a report on Motherboard.
Photo © Christopher Halloran/Shutterstock.com