President Obama Outlines Plans for Greater Protection of U.S. Interests from Cyberthreats

By Peter Bernstein February 12, 2016

President Obama, in a commentary piece in the Wall Street Journal, has laid out what is described as “Our new national action plan includes $3 billion to kick-start an overhaul of federal computer systems.” It has been characterized as not only an important initiative but one that is long overdue.

As the President explains:

More than any other nation, America is defined by the spirit of innovation, and our dominance in the digital world gives us a competitive advantage in the global economy. However, our advantage is threatened by foreign governments, criminals and lone actors who are targeting our computer networks, stealing trade secrets from American companies and violating the privacy of the American people.”

He goes on to cite a few of the well know data breaches in the last few months, and the fact that surveys have found that nine out of 10 Americans say they feel like they’ve lost control of their personal information. In fact, it is actually surprising that it isn’t 100 percent, at least of those who engage in e-commerce transactions.

Following the reasons why cyberthreats pose such a clear present and future danger to national security as well as national economic vitality, the president highlights a few of the steps that have already been taken to shore up our cyber defenses, including the signing of legislation in December that is aimed at better sharing of information between government and industry. 

The president also notes that those with malicious intent are getting more sophisticated and their attacks more pernicious, and that the U.S. needs to invest more in protecting our personal and corporate information. 

As a result, he announced a new Cybersecurity National Action Plan. “Backed by my proposal to increase federal cybersecurity funding by more than a third, to over $19 billion, this plan will address both short-term and long-term threats, with the goal of providing every American a basic level of online security.”

The specifics are as follows:

  1. A $3 billion fund to kick-start an overhaul of federal computer systems.  The impetus is not misplaced. In fact, the analogy drawn of our government as “an Atari game in an Xbox world,” is unfortunately true.  Indeed, he cites the Social Security Administration’s use of systems and code from the 1960s.
  2. The creation of a new federal position, Chief Information Security Officer, to copy what most large enterprises are already putting in place.
  3. Increased efforts to attract and keep talented cyber professionals in the government.
  4. A new cybersecurity Center of Excellence, which will bring together industry and government experts to research and develop new cutting-edge cyber technologies.
  5. Establishment of a national testing lab, where companies can test their systems’ security under simulated attacks. And because every enterprise is potentially vulnerable, the Small Business Administration is offering cybersecurity training to over 1.4 million small businesses and their workers.
  6. In partnership with industry, the administration is launching a new national awareness campaign to raise awareness of cyberthreats and encourage more Americans to move beyond passwords. This is being done in conjunction with tech firms like Google, Facebook, Dropbox and Microsoft, which are making it easier for millions of users to secure their online accounts, while credit-card and payment companies such as Visa, MasterCard and PayPal are making transactions more secure.
  7. The creation of a bipartisan Commission on Enhancing National Cybersecurity to focus on long-term solutions.

Those are the broad strokes. For those interested in more granularity, the White House has also released an FAQ called The President’s National Cybersecurity Plan: What You Need to Know.

As you might expect, my inbox has been flooded with comments from cybersecurity experts on the announcement.  Two that I thought are worth sharing follow.

Jon Oberheide, CTO of Duo Security noted: "We're encouraged to see that the Federal Government is taking a proactive approach to security. Within this initiative is the use of two-factor authentication, which is a basic step to significantly improving the overall security hygiene and protecting against data breaches. We'd like to encourage that organizations of all sizes, across all industries consider adding basic security measures to protect their corporate data and two-factor is a great first step."

After a government official acknowledged that just “throwing money at the problem” will not work, and that “You’ve got to do business differently,” Oberheide responded that: "The acknowledgement that 'just throwing money at the problem will not work' is right on. We've seen a huge increase in spending in the area of cybersecurity and yet the breaches continue. It's about finding security solutions that are manageable and that your employees will use. Otherwise, without adoption by employees and contractors, these security measures don't have a chance of being effective against a breach. We're pleased to see that the government is rethinking the idea of cybersecurity and improving their overall security hygiene."

Jeff Hill, Channel Marketing Manager at STEALTHbits Technologies had an interesting take that is real food for thought.  He noted that:

“In absolute terms, the figures released by the White House are encouraging, as $19 billion is nothing to sneeze at, nor is a $5 billion year-over-year budget increase…More telling, however, is that the Federal Government spends about $700 billion annually on Defense, Intelligence, and Homeland Security.  So the cybersecurity budget is proposed to increase from 2 percent ($14 billion in FY2016) of the overall budget for protecting our nation’s interests and its people to 2.7 percent ($19 billion in FY2017). 

This budget priority reality begs the question:  do cyber-attacks – from organized state actors, to well-healed crime syndicates, to independent hackers looking to make a name for themselves – represent a mere 2 or 3 percent of the risk to our nation’s economy and the safety of its citizens?  Three percent priority might be progress, but we’ve got a long way to go.”

I chose these from the multitudes received because they hit on two important points. The first is that we all have to do our fair share as individuals and IT administrators to use common sense and readily available best practices like anti-virus and anti-malware software, two-factor authentication, encryption, etc. The reason as every IT security professional agrees is that while no set of security solutions is fail-safe, the goal is to force bad actors to really work to create mischief and hopefully to make them look for softer targets.

Second, that issue of whether we are spending enough, even with the new proposals, to protect our national security and economic vitality is a good one.  Hill’s last sentence about what can be viewed as an incremental increase in spending on cybersecurity given the risk is not just astute, but should be a call to action for the industry to keep the pressure on for an even more aggressive approach.

Many years ago, at one of the first public security conferences I attended, a distinguished panel of experts was asked to choose the nightmare scenario from, as memory serves me, the following options:

  • Dirty nuclear bomb in a major port city
  • Poisoning of a large metropolitan area water supply
  • Destruction of a chemical manufacturing facility
  • A sarin gas attack on a transit system
  • A cyber attack on the electrical grid

Obviously, all of the options really are nightmares. However, the panel was unanimous in selecting the last one.  And it must be noted that this was before the mass adoption of the Internet. In the intervening years, access to the Internet has become pervasive and bad guys of all types, as we are painfully aware, have become extremely sophisticated.  In short, the stakes of what is at risk have risen exponentially. 

This is certainly true for the U.S. federal government, where the number of daily hacker attempts has become almost mind-boggling, and where aged computer systems that hold absolutely critical information are highly vulnerable and common. It is equally true for enterprises where customer data and intellectual property has been pilfered at alarming rates.  

SHARE THIS ARTICLE
Related Articles

Why Blockchain Could Be a Gamechanger

By: Paula Bernier    1/22/2018

Blockchain has become closely associated with the controversial topic of cryptocurrency. And that's fine because blockchain is an enabling technology …

Read More

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More