President Obama used his final budget proposal as an attempt to significantly ramp up American cyber defense. His budget plan for the 2017 fiscal year would invest $19 billion in improving the country’s cybersecurity, a notable increase from the previous three years.
The budget request is only part of a much broader push to strengthen America’s cybersecurity that Obama announced Tuesday morning. The coordinated efforts to do this are grouped together as a new “Cybersecurity National Action Plan.”
The request of $19 billion is a sizable jump, up roughly 35 percent from how much the 2016 budget invested in cybersecurity. It was $14 billion then, and only $13 billion for both the 2015 and 2014 budgets. But the administration seeks to not just throw money at the problem, instead they want to develop a comprehensive strategy to get there.
Obama parsed the new plan in a Wall Street Journal op-ed published Tuesday morning, and called for action to defend cyber threats that he labeled as “among the most urgent dangers to America’s economic and national security.”
To kick-start his plan, Obama has proposed $3.1 billion of that cybersecurity fund be designated for revamping old government information technology. The money would help modernize old IT systems. It would be accompanied by a new federal position, a Chief Information Security Officer.
The importance of modernization was fully realized last summer, when the Office of Personnel Management suffered a data breach that compromised the personal information of roughly 22 million current and former federal employees. The massive hack highlighted how much damage could come from the preservation of outdated computer systems.
To combat aging IT systems, the White House is also requiring federal agencies to find their highest valued and most at-risk IT assets and make sure they beef up their security for them.
“The Social Security Administration uses systems and code from the 1960s. No successful business could operate this way,” Obama said in his op-ed. “Going forward, we will require agencies to increase protections for their most valued information and make it easier for them to update their networks.”
The CISO, a position that exists at most companies, will be in charge of ensuring these tech updates spread throughout the government. This would be the first time a senior federal official is tasked with developing and coordinating cybersecurity policies throughout the American government.
The creation of the post underlines how Obama wants to use the private sector as a model for cybersecurity enhancement as the government has gradually fallen behind using “code from the 1960s,” as he puts it.
Obama’s plan sees the private sector as more than just an example to follow. The plan would also coordinate the federal government’s efforts in cyberspace with American businesses and the American people in an attempt to cultivate better data security culture on all levels.
With the news that Republicans in Congress plan to completely ignore Obama’s final budget request, this may be the area of his cybersecurity initiative that sees the most action if the $19 billion he seeks fails to materialize.
On Tuesday morning, Obama signed an executive order to establish the “Commission on Enhancing National Cybersecurity.” The commission will be made up of 12 leading experts in cybersecurity with knowledge of a bevy of other issues, including the digital economy, national security, law enforcement, and privacy, among others.
The commission will develop detailed recommendations about how the public and private sectors can strengthen cyberdefenses over the next 10 years. The commission will be tasked with filing their report to Obama by Dec. 1.
The President will appoint these 12 members, and the House speaker, House minority leader, the Senate majority leader and Senate minority leader will be allowed to make one recommendation for the panel. The National Institute of Standards and Technology will support the commission to help develop their guidelines, and the commission itself will be established within the Department of Commerce.
In his broader Cybersecurity National Action Plan, Obama will also seek to involve Americans in bolstering their own personal cybersecurity. Through a new awareness campaign, the White House will attempt to encourage Americans to use multi-factor authentication. Through partnerships with companies including Google, Facebook, Visa and PayPal, the plan seeks to move away from simply using passwords to protect personal accounts.
ELSEWHERE IN THE BUDGET
Obama’s push to expand computer science for all students appeared in the form of a $4 billion request in this year’s budget. That $4 billion would support states’ development of computer science programs for all students over the next three years.
The Department of Agriculture’s broadband loan program, which helped construct and improve broadband equipment in rural areas, was cut from this year’s budget proposal. Last year, $5 million was allotted to the program, but this year the administration elected to give it $0.
The budget also requests $12 million to renovate the lab facilities at the National Institute of Standards and Technology. It projects that the government will need to dedicate $14 million, $16 million, and $32 million in the subsequent three years before that number drops down again.
It additionally asks for $152 billion for research and development, up 4 percent from last year. That R&D, according to a White House fact sheet, would aim to develop supercomputing, “Big Data,” and robotics, among many other burgeoning fields.
The budget will also help push forward research and development of self-driving cars, though Transportation Secretary Anthony Foxx announced the $4 billion push within the 2017 budget in mid-January. The $4 billion will be used over 10 years to develop driverless cars.