The White House Has A $19 Billion Cybersecurity Plan

Uploaded on 2016-02-18 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

President Obama's last budget calls for a new Chief Information Security Officer  (CISO) and $62 million to help hire 10,000 new workers. The White House recently proposed spending 35 percent more on IT security efforts in 2017 and announced an immediate opening for a US chief information security officer.

The funding and personnel adjustments come after a year of constant disclosures about agency hacks that, in the most egregious case, compromised 21.5 million background check records maintained by the Office of Personnel Management. Most recently, a Justice Department computer breach allegedly led to a leak of professional contact information for tens of thousands of FBI and Department of Homeland Security personnel.

A broad Cybersecurity National Action Plan accompanying the budget will detail the new federal crackdown on lax security, as well as consumer-oriented and industry data protection initiatives.

“It is intended to go after the underlying causes of our cybersecurity challenges, not just the symptoms,” Michael Daniel, US cybersecurity coordinator, said, in advance of the budget’s release. “Ultimately, we want to enhance cybersecurity awareness and protections, protect privacy, ensure public safety and economic and national security, and empower Americans to take better control of their digital security.” 

President Barack Obama proposes spending $19 billion on information security programs, up $5 billion from last year’s cyber-funding request.

The new US CISO, which the administration hopes to hire within the next 60 to 90 days, will be perched inside the Office of Management and Budget within 60 to 90 days and report to US Chief Information Officer Tony Scott.

The addition of a federal chief information security officer throws into question the role of the Department of Homeland Security in cyberspace. 

The new official will “work closely with military and intelligence officials across the government,” Scott said. “That’s a key role that many private sector companies have long implemented and is good practice for the federal government.”

The addition of a federal CISO throws into question the role of the Department of Homeland Security in cyberspace. Congress in late 2014 assigned DHS the permanent task of overseeing civilian cybersecurity operations, including federal network protection.  Scott said the CISO’s responsibility differs from DHS’ duty in that the chief must exercise power of the purse. 

“One of the things that’s unique about OMB,” he said, “is that, even just given its name, it has both management and budget responsibilities. And those are both two powerful things that can help shape and influence practice in each agency.”

Along with the new hire comes a request for $62 million to support federal cybersecurity hires across the board. Scott has previously said the government will need to fill about 10,000 openings for cyber professionals in 2016. 

“We’ve all understood quite acutely that there’s a shortage of people skills with the right cybersecurity education and skills across the federal government,” Scott said Monday. The money would go toward programs, grants and scholarships “designed to enhance the quality of people and the quality of the skills in the cybersecurity workforce that are available to the government.”

The White House expects to publish a policy for national cyber-incident coordination, with a companion ‘severity methodology,’ later in the spring. 

The government will work on a cybersecurity core curriculum to make sure graduates entering the federal government have the proper knowledge and capabilities. 

The president’s proposals include retiring antiquated federal servers and IT systems and shaking up R&D efforts to ensure that next-generation technologies are more secure from the start.

But the plan has some big gaps. For one thing, while his new study commission includes a nod to national security in its mission statement, it does not explicitly include a mandate to create policies that will combat terrorists’ use of social networks for recruiting and spreading propaganda.

As for the most recently reported agency hack of DHS phone numbers, US officials are still sorting through what happened, said Daniel, who called the incident a “breach.” 

“The truth is that no matter how good that we get, we will never stop 100 percent of all intrusions,” so the plan also includes incident response elements, he added.

The White House, by this spring, expects to publish a policy for national cyber-incident coordination across the public and private sectors, with a companion “severity methodology.” The hack scale is intended to help the government and industry describe the impact of situations in a way that will prompt a consistent level of response. 
DefenseOne: http://bit.ly/1V8SkGy
Technology Review: http://bit.ly/20U1V7E

« Protecting US Innovation From Cyberattack
Snowden Leaks Spill Over Into The Courts »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF) is a business and labour market lobbying organization that promotes the competitiveness and business conditions of Finland’s most crucial export industry.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

Stratascale

Stratascale

Stratascale is a consultant, systems integrator, and technology advisor with expertise in Automation, Cloud Ascension, Cybersecurity, Data Intelligence, and Digital Experience solutions.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.

modePUSH

modePUSH

modePUSH is a cybersecurity company focused on end-to-end breach response from Digital Forensics to Restoration across the enterprise and cloud environments.