On February 9, 2016, President Obama directed his administration to implement a Cybersecurity National Action Plan (CNAP). The CNAP sets forth both a near and long-term strategy for improving cybersecurity, privacy, and economic and national security. Among the CNAP’s primary goals are the following:
- (1) Modernize government information technology by replacing legacy technology and establishing the Federal Chief Information Security Officer position to oversee the transition;
- (2) Improve cybersecurity awareness by enhancing training and education efforts for agency employees, encouraging collaboration among agencies, increasing the number of cybersecurity advisors for the private sector, and creating programs to allow for the private sector to test the security of systems;
- (3) Deter cybercrime and malicious activities by investing in law enforcement efforts to identify and disrupt cyber attacks;
- (4) Improve responses to cyber incidents by applying best practices and developing a policy for national cyber incident coordination to assist agencies to respond consistently to cyber threats;
- (5) Secure citizens’ digital technology by focusing on multi-factor authentication processes to provide extra layers of security; and
- (6) Invest in federal cybersecurity infrastructure by proposing a 35% increase in cybersecurity funds in the Fiscal Year 2017 budget.
As part of the CNAP, President Obama also announced the 2016 Federal Cybersecurity Research and Development Strategic Plan to develop new methods and tools for addressing cyber threats.
In furtherance of the CNAP, President Obama issued two Executive Orders to establish the Commission on Enhancing National Cybersecurity (“Commission”) and the Federal Privacy Council (“Council”). The Commission will be composed of industry leaders with knowledge of cybersecurity, national security and law enforcement, privacy, and other areas determined to be of value to the Commission by the President, and will be charged with identifying and addressing the nation’s vulnerabilities to cyber attacks and other incidents. The Commission will also be responsible for making detailed recommendations regarding actions to be taken over the next decade to bolster federal cybersecurity, including delivering specific findings and recommendations to the President by the end of the year. The National Institute of Standards and Technology will support the Commission in these efforts.
Similarly, the Council will serve as an interagency body to support agencies in privacy protection. The Council will be chaired by the Deputy Director for Management of the Office of Management and Budget and will be composed of the Senior Agency Officials for Privacy from various federal agencies. The Council will also be supported by the Federal Chief Information Officers Council, as well as other interagency councils. The Council is intended to provide expertise to agencies, to promote the exchange of best practices, and to educate the workforce regarding privacy protections.
These latest cybersecurity initiatives come on the heels of the passage of the Cybersecurity Act of 2015, which was passed in December 2015 to bolster the nation’s cybersecurity by, among other things, improving information sharing between the private sector and the federal government.