The President’s new Cybersecurity National Action Plan (CNAP) is building upon lessons learned from cybersecurity trends, threats, and intrusions. This plan directs the Federal Government to take new action now and establishes new programs to help foster long-term improvements in the cybersecurity approach across the Federal Government, the private sector, and our personal lives.
Here are the highlights of the CNAP:
- Establish a Commission focused on Enhancing National Cybersecurity.
- Initiate a $3.1 billion Information Technology Modernization Fund, to replace and modernization of legacy IT solutions
- Formation of a new position – the Federal Chief Information Security Officer – to drive these changes across the Government.
- Encourage the deployment of multi-factor authentication.
- Invest over $19 billion for cybersecurity as part of the President’s Fiscal Year (FY) 2017 Budget. This represents a more than 35 percent increase from FY 2016 in overall Federal resources for cybersecurity
These actions build upon the foundation laid by the Cybersecurity Cross-Agency Priority Goals and the 2015 Cybersecurity Strategy and Implementation Plan.
- The Administration is requiring agencies to identify and prioritize their highest value and most at-risk IT assets and then take additional concrete steps to improve their security.
- Focus put on to increase government-wide shared services for IT and cybersecurity, with the goal of taking each individual agency out of the business of building, owning, and operating their own IT departments.
- Increase the number of Federal civilian cyber defense teams to a total of 48. These standing teams will protect networks, systems, and data across the entire Federal Civilian Government by conducting penetration testing and proactively hunting for intruders, as well as providing incident response and security engineering expertise.
$62 million of CNAP’s budget will focus on bringing new graduates into cybersecurity by:
- Expanding the Scholarship for Service program by establishing a CyberCorps Reserve program, which will offer scholarships for Americans who wish to obtain cybersecurity education and serve their country in the civilian Federal government;
- Developing a Cybersecurity Core Curriculum that will ensure cybersecurity graduates who wish to join the Federal Government have the requisite knowledge and skills; and,
- Strengthening the National Centers for Academic Excellence in Cybersecurity Program to increase the number of participating academic institutions and students, better support those institutions currently participating.
- Enhancing student loan forgiveness programs for cybersecurity expertsjoining the Federal workforce;
- Catalyzing investment in cybersecurity education as part of a robust computer science curriculum through the President’s Computer Science for All Initiative.
Empower Individuals & Businesses
The following new actions build on the President’s 2014 BuySecure Initiative to strengthen the security of consumer data.
- The President is calling on Americans to move beyond just the password to leverage multiple factors of authentication when logging-in to online accounts.
- The Federal Government is accelerating adoption of strong multi-factor authentication and identity proofing for citizen-facing Federal Government digital services.
- Reduce its use of Social Security Numbers as an identifier of citizens.
- Relaunch of IdentityTheft.gov to serve as a one-stop resource for victims to report identity theft.
- The Small Business Administration (SBA), will offer cybersecurity training to reach over 1.4 million small businesses.
Enhance Critical Infrastructure Security and Resilience
- Establish a National Center for Cybersecurity Resilience where companies can replicate and test the security of systems in a replica electric grid.
- Double the number of cybersecurity advisors available to assist private sector organizations with implementation of best practices.
- Develop a Cybersecurity Assurance Program to test and certify networked IoT devices.
- Creation of a National Cybersecurity Center of Excellence, a public-private research and development partnership that will allow industry and government to work together to develop and deploy technical solutions for high-priority cybersecurity challenges and share those findings for the benefit of the broader community.
Improve Cyber Incident Response
- 23 percent increased funding for the Department of Justice & FBI cybersecurity-related activities to identify, disrupt, and apprehend malicious cyber actors.
- Build a Cyber Mission Force of 133 teams assembled from 6,200 military, civilian, and contractor support personnel from across the military departments to support U.S. Government.
- Release a severity methodology for evaluating cyber incidents so that government agencies and the private sector can communicate effectively and provide an appropriate and consistent level of response.
Protect the Privacy of Individuals
- Created a permanent Federal Privacy Council, which will bring together the privacy officials from across the Government to help ensure the implementation of more strategic and comprehensive Federal privacy guidelines.
Funding Federal Cybersecurity
In order to implement these sweeping cybersecurity changes, the Federal Government will need to invest an additional $19 billion – a more than 35 percent increase over the 2016 enacted level. These resources will enable agencies to raise their level of cybersecurity, help private sector organizations and individuals better protect themselves, disrupt and deter adversary activity, and respond more effectively to incidents.