The White House Has A $19 Billion Cybersecurity Plan

President Obama's last budget calls for a new Chief Information Security Officer  (CISO) and $62 million to help hire 10,000 new workers. The White House recently proposed spending 35 percent more on IT security efforts in 2017 and announced an immediate opening for a US chief information security officer.

The funding and personnel adjustments come after a year of constant disclosures about agency hacks that, in the most egregious case, compromised 21.5 million background check records maintained by the Office of Personnel Management. Most recently, a Justice Department computer breach allegedly led to a leak of professional contact information for tens of thousands of FBI and Department of Homeland Security personnel.

A broad Cybersecurity National Action Plan accompanying the budget will detail the new federal crackdown on lax security, as well as consumer-oriented and industry data protection initiatives.

“It is intended to go after the underlying causes of our cybersecurity challenges, not just the symptoms,” Michael Daniel, US cybersecurity coordinator, said, in advance of the budget’s release. “Ultimately, we want to enhance cybersecurity awareness and protections, protect privacy, ensure public safety and economic and national security, and empower Americans to take better control of their digital security.” 

President Barack Obama proposes spending $19 billion on information security programs, up $5 billion from last year’s cyber-funding request.

The new US CISO, which the administration hopes to hire within the next 60 to 90 days, will be perched inside the Office of Management and Budget within 60 to 90 days and report to US Chief Information Officer Tony Scott.

The addition of a federal chief information security officer throws into question the role of the Department of Homeland Security in cyberspace. 

The new official will “work closely with military and intelligence officials across the government,” Scott said. “That’s a key role that many private sector companies have long implemented and is good practice for the federal government.”

The addition of a federal CISO throws into question the role of the Department of Homeland Security in cyberspace. Congress in late 2014 assigned DHS the permanent task of overseeing civilian cybersecurity operations, including federal network protection.  Scott said the CISO’s responsibility differs from DHS’ duty in that the chief must exercise power of the purse. 

“One of the things that’s unique about OMB,” he said, “is that, even just given its name, it has both management and budget responsibilities. And those are both two powerful things that can help shape and influence practice in each agency.”

Along with the new hire comes a request for $62 million to support federal cybersecurity hires across the board. Scott has previously said the government will need to fill about 10,000 openings for cyber professionals in 2016. 

“We’ve all understood quite acutely that there’s a shortage of people skills with the right cybersecurity education and skills across the federal government,” Scott said Monday. The money would go toward programs, grants and scholarships “designed to enhance the quality of people and the quality of the skills in the cybersecurity workforce that are available to the government.”

The White House expects to publish a policy for national cyber-incident coordination, with a companion ‘severity methodology,’ later in the spring. 

The government will work on a cybersecurity core curriculum to make sure graduates entering the federal government have the proper knowledge and capabilities. 

The president’s proposals include retiring antiquated federal servers and IT systems and shaking up R&D efforts to ensure that next-generation technologies are more secure from the start.

But the plan has some big gaps. For one thing, while his new study commission includes a nod to national security in its mission statement, it does not explicitly include a mandate to create policies that will combat terrorists’ use of social networks for recruiting and spreading propaganda.

As for the most recently reported agency hack of DHS phone numbers, US officials are still sorting through what happened, said Daniel, who called the incident a “breach.” 

“The truth is that no matter how good that we get, we will never stop 100 percent of all intrusions,” so the plan also includes incident response elements, he added.

The White House, by this spring, expects to publish a policy for national cyber-incident coordination across the public and private sectors, with a companion “severity methodology.” The hack scale is intended to help the government and industry describe the impact of situations in a way that will prompt a consistent level of response. 
DefenseOne: http://bit.ly/1V8SkGy
Technology Review: http://bit.ly/20U1V7E

« Protecting US Innovation From Cyberattack
Snowden Leaks Spill Over Into The Courts »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

Intensity Analytics

Intensity Analytics

Intensity Analytics is a software firm that develops next-generation, physical user and entity behavioral authentication ("physical UEBA") security software technology.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

Go Grow

Go Grow

Go Grow is a business oriented accelerator program at Copenhagen School of Entrepreneurship. Targeted technologies include IoT, AI and Cybersecurity.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.