President Obama Outlines Plans for Greater Protection of U.S. Interests from Cyberthreats

By

President Obama, in a commentary piece in the Wall Street Journal, has laid out what is described as “Our new national action plan includes $3 billion to kick-start an overhaul of federal computer systems.” It has been characterized as not only an important initiative but one that is long overdue.

As the President explains:

More than any other nation, America is defined by the spirit of innovation, and our dominance in the digital world gives us a competitive advantage in the global economy. However, our advantage is threatened by foreign governments, criminals and lone actors who are targeting our computer networks, stealing trade secrets from American companies and violating the privacy of the American people.”

He goes on to cite a few of the well know data breaches in the last few months, and the fact that surveys have found that nine out of 10 Americans say they feel like they’ve lost control of their personal information. In fact, it is actually surprising that it isn’t 100 percent, at least of those who engage in e-commerce transactions.

Following the reasons why cyberthreats pose such a clear present and future danger to national security as well as national economic vitality, the president highlights a few of the steps that have already been taken to shore up our cyber defenses, including the signing of legislation in December that is aimed at better sharing of information between government and industry. 

The president also notes that those with malicious intent are getting more sophisticated and their attacks more pernicious, and that the U.S. needs to invest more in protecting our personal and corporate information. 

As a result, he announced a new Cybersecurity National Action Plan. “Backed by my proposal to increase federal cybersecurity funding by more than a third, to over $19 billion, this plan will address both short-term and long-term threats, with the goal of providing every American a basic level of online security.”

The specifics are as follows:

  1. A $3 billion fund to kick-start an overhaul of federal computer systems.  The impetus is not misplaced. In fact, the analogy drawn of our government as “an Atari game in an Xbox world,” is unfortunately true.  Indeed, he cites the Social Security Administration’s use of systems and code from the 1960s.
  2. The creation of a new federal position, Chief Information Security Officer, to copy what most large enterprises are already putting in place.
  3. Increased efforts to attract and keep talented cyber professionals in the government.
  4. A new cybersecurity Center of Excellence, which will bring together industry and government experts to research and develop new cutting-edge cyber technologies.
  5. Establishment of a national testing lab, where companies can test their systems’ security under simulated attacks. And because every enterprise is potentially vulnerable, the Small Business Administration is offering cybersecurity training to over 1.4 million small businesses and their workers.
  6. In partnership with industry, the administration is launching a new national awareness campaign to raise awareness of cyberthreats and encourage more Americans to move beyond passwords. This is being done in conjunction with tech firms like Google, Facebook, Dropbox and Microsoft, which are making it easier for millions of users to secure their online accounts, while credit-card and payment companies such as Visa, MasterCard and PayPal are making transactions more secure.
  7. The creation of a bipartisan Commission on Enhancing National Cybersecurity to focus on long-term solutions.

Those are the broad strokes. For those interested in more granularity, the White House has also released an FAQ called The President’s National Cybersecurity Plan: What You Need to Know.

As you might expect, my inbox has been flooded with comments from cybersecurity experts on the announcement.  Two that I thought are worth sharing follow.

Jon Oberheide, CTO of Duo Security noted: "We're encouraged to see that the Federal Government is taking a proactive approach to security. Within this initiative is the use of two-factor authentication, which is a basic step to significantly improving the overall security hygiene and protecting against data breaches. We'd like to encourage that organizations of all sizes, across all industries consider adding basic security measures to protect their corporate data and two-factor is a great first step."

After a government official acknowledged that just “throwing money at the problem” will not work, and that “You’ve got to do business differently,” Oberheide responded that: "The acknowledgement that 'just throwing money at the problem will not work' is right on. We've seen a huge increase in spending in the area of cybersecurity and yet the breaches continue. It's about finding security solutions that are manageable and that your employees will use. Otherwise, without adoption by employees and contractors, these security measures don't have a chance of being effective against a breach. We're pleased to see that the government is rethinking the idea of cybersecurity and improving their overall security hygiene."

Jeff Hill, Channel Marketing Manager at STEALTHbits Technologies had an interesting take that is real food for thought.  He noted that:

“In absolute terms, the figures released by the White House are encouraging, as $19 billion is nothing to sneeze at, nor is a $5 billion year-over-year budget increase…More telling, however, is that the Federal Government spends about $700 billion annually on Defense, Intelligence, and Homeland Security.  So the cybersecurity budget is proposed to increase from 2 percent ($14 billion in FY2016) of the overall budget for protecting our nation’s interests and its people to 2.7 percent ($19 billion in FY2017). 

This budget priority reality begs the question:  do cyber-attacks – from organized state actors, to well-healed crime syndicates, to independent hackers looking to make a name for themselves – represent a mere 2 or 3 percent of the risk to our nation’s economy and the safety of its citizens?  Three percent priority might be progress, but we’ve got a long way to go.”

I chose these from the multitudes received because they hit on two important points. The first is that we all have to do our fair share as individuals and IT administrators to use common sense and readily available best practices like anti-virus and anti-malware software, two-factor authentication, encryption, etc. The reason as every IT security professional agrees is that while no set of security solutions is fail-safe, the goal is to force bad actors to really work to create mischief and hopefully to make them look for softer targets.

Second, that issue of whether we are spending enough, even with the new proposals, to protect our national security and economic vitality is a good one.  Hill’s last sentence about what can be viewed as an incremental increase in spending on cybersecurity given the risk is not just astute, but should be a call to action for the industry to keep the pressure on for an even more aggressive approach.

Many years ago, at one of the first public security conferences I attended, a distinguished panel of experts was asked to choose the nightmare scenario from, as memory serves me, the following options:

  • Dirty nuclear bomb in a major port city
  • Poisoning of a large metropolitan area water supply
  • Destruction of a chemical manufacturing facility
  • A sarin gas attack on a transit system
  • A cyber attack on the electrical grid

Obviously, all of the options really are nightmares. However, the panel was unanimous in selecting the last one.  And it must be noted that this was before the mass adoption of the Internet. In the intervening years, access to the Internet has become pervasive and bad guys of all types, as we are painfully aware, have become extremely sophisticated.  In short, the stakes of what is at risk have risen exponentially. 

This is certainly true for the U.S. federal government, where the number of daily hacker attempts has become almost mind-boggling, and where aged computer systems that hold absolutely critical information are highly vulnerable and common. It is equally true for enterprises where customer data and intellectual property has been pilfered at alarming rates.  

Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More