2 March 2016

The President’s National Cybersecurity Plan: What You Need to Know

BY MICHAEL DANIEL, TONY SCOTT, ED FELTEN
FEBRUARY 9, 2016 

Here are a few answers to questions you might have about the President's new Cybersecurity National Action Plan.

I’m confident we can unleash the full potential of American innovation, and ensure our prosperity and security online for the generations to come.

Today, President Obama is releasing his final budget proposal of his Administration. It's a strong reflection of what investments he believes will move our country forward and keep our country and the American people safe.

A key part of that involves the strength of our nation's cybersecurity. From buying products, to running businesses, to chatting with the people we love, our online world has fundamentally reshaped the way we live our lives. But living in a digital age also makes us more vulnerable to malicious cyber activity.

We have to adapt to this national threat. That's why President Obama has worked for more than seven years to aggressively and comprehensively confront this challenge. So today, he is directing the Administration to implement a Cybersecurity National Action Plan (CNAP) -- the capstone of our national cybersecurity efforts. 

So what's the CNAP all about? How will the President's plan help you protect your identity? What's he calling for in his budget? Here are a few answers to some questions Americans might have about the President's plan to strengthen our cybersecurity: 
What are the cybersecurity threats we currently face? 

From the beginning of his administration, President Obama has made it clear that cybersecurity is one of the most important challenges we face as a nation -- and for good reason. Criminals, terrorists, and countries that wish to do us harm have realized that attacking us online is often easier than physically attacking us in person. And with more and more sensitive data being stored online, the consequences of those cyber incidents are only growing more significant. For example, identity theft is now the fastest growing crime in America. Think about it: Are you on Facebook, or Venmo? Do you use DropBox? While tools like these make our lives much simpler and help power the innovation of today’s world, our personal information exists online in a way it never has before. 

And remember the Sony hack? Our innovators and entrepreneurs have reinforced our global leadership and grown our economy, but with each new story of a high-profile company hacked or a neighbor defrauded, more Americans are left to wonder whether technology’s benefits could risk being outpaced by its costs. 

The President believes that meeting these new threats is necessary and within our grasp. But it requires a bold reassessment of the way we approach security in the digital age and a significant investment to ensure we can implement the best security strategies. In short, if we’re going to be connected, we need to be protected. That’s what the CNAP is all about. 
What is the President’s Cybersecurity National Action Plan (CNAP)?

It’s the capstone of more than seven years of effort from this administration that takes near-term actions and puts in place a long-term strategy to ensure the federal government, the private sector, and American citizens can take better control of our digital security. 

The President’s plan takes new action both now and in the long-term to help the conditions we need to improve our approach on cybersecurity across the federal government, the private sector, and our personal lives. Here’s a brief look at what it does: 

· Establishes a Commission on Enhancing National Cybersecurity that will bring top strategic, business, and technical thinkers from outside the government to make critical recommendations on how we can use new technical solutions and best practices to protect our privacy and public safety

· Transforms how the government will manage cybersecurity through the proposal of a $3.1 billion Information Technology Modernization Fund and a new Federal Chief Information Security Officer to help retire, replace, and modernize legacy IT across the government

· Empowers Americans to secure their online accounts by using additional security tools – like multi-factor authentication and other identity processing steps – and by working with Google, Facebook, DropBox, Microsoft, Visa, PayPal, and Venmo to secure online accounts and financial transactions

· Invests more than $19 billion for cybersecurity as part of the President’s budget – a more than 35 percent increase from last year’s request to secure our nation in the future

What does his plan do to help protect my privacy online? 

While there is no silver bullet to fully guarantee our data security, the President has done a lot to enhance security measures on a lot of our daily activities to protect our private information. Last year, he took executive action as part of his BuySecure Initiative to help drive the market toward more secure payments by pushing companies to use microchips instead of magnetic strips or PINs on credit, debit, and other payment cards.

Building on those actions, the President called on Americans to think differently about how they log on. For example, instead of just a basic password, Americans should leverage multiple factors of authentication when logging-in to online accounts. Have a Gmail account? Check out their two-step authenticator as a way to better protect your privacy. Are you on Twitter? Your account can have two-step verification, too.

Along with your personal information, it’s also important that you protect your financial transactions with businesses. As of today, we have supplied over 2.5 million more secure Chip-and-PIN payment cards, more than any other country in the world, and under his new plan we will also offer cybersecurity training to reach over 1.4 million small businesses.

We’re doing a lot to prevent cybercrime, but if you’re a victim of identity theft, you don’t have to deal with the consequences alone. Check out IdentityTheft.gov to report identity theft, create a personal recovery plan, and print pre-filled letters and forms to send to credit bureaus, businesses, and debt collectors.
What about the personal info I give the government to receive benefits or services it provides? Is that safe? 

Make no mistake: safeguarding data in the possession of the U.S. Government, preventing its theft, and ensuring privacy is fundamental to preserving the trust of the American public. That is why the President directed the Administration to put in place a plan that will accelerate simple, secure, user-friendly access to public-facing consumer services and information -- like your tax data or benefit information -- while protecting your privacy. 

And the President is setting up a Federal Privacy Council to make sure that the government does a better job of protecting your privacy online. 
There are a lot of devices or systems that rely on an online network – like electric grids or some medical devices. What is the President doing to protect them? 

This is a major national security and economic security issue and the President has been working since day one to ensure our systems are secure. That’s why he issued executive orders to protectcritical infrastructure in 2013 and information sharing in 2015

The President’s CNAP takes a few vital steps to enhance our resilience by creating a National Center for Cybersecurity Resilience where companies and sector-wide organizations can test the security of systems in a contained environment, like by subjecting a replica electric grid to cyber attack.

It will also double the number of cybersecurity advisors available to help private sector organizations implement best practices. It ensures the U.S. government and industry partners develop a Cybersecurity Assurance Program to test and certify networked devices within the “Internet of Things,” whether they be refrigerators or medical infusion pumps, so that when you buy a new product, you can be sure that it has been certified to meet security standards. For a full rundown of what CNAP will do for our infrastructure, go here
What about cyber criminals and bad actors? What is the President doing to go after them? 

President Obama recently took executive action to provide the U.S. government with a way to prevent the worst cybercriminals around the world from damaging our critical infrastructure, disrupting or hijacking our networks, stealing trade secrets from American companies, or compromising the personal information of American citizens. It’s one of the latest tools to combat the most significant cyber threats, and you can read about it here

Building on that action, the Administration is increasing funding for cybersecurity-related activities by more than 23 percent for the Department of justice, including the Federal Bureau of Investigation, to improve their capabilities to identify, disrupt, and apprehend cyber criminals and bad actors. We are also building a Cyber Mission Force that’s 6,200 people strong to support U.S. government objectives across the spectrum of cyber operations. The Cyber Mission Force will be fully operational in 2018.

But cybercrime knows no borders. We must pursue cybercriminals in concert with our allies and partners around the world to effectively deter and disrupt their malicious activities. In 2015,members of the G20 joined with the United States in affirming important norms, including the applicability of international law to cyberspace, the idea that states should not conduct the cyber-enabled theft of intellectual property for commercial gain, and in welcoming the report of a United Nations Group of Governmental Experts, which included a number of additional norms to promote international cooperation, prevent attacks on civilian critical infrastructure, and support computer emergency response teams providing reconstitution and mitigation services. The Administration intends to institutionalize and implement these norms through further bilateral and multilateral commitments and confidence building measures.

Those are some of the key areas that the CNAP delves into, but the President’s plan is so much more comprehensive. From improving our incident response to enhancing student loan forgiveness programs for cybersecurity experts joining the federal workforce, the CNAP – and the President’s budget – will go a long way to help ensure that America is secure, resilient, and prepared to combat the threats and protect the opportunities of the 21st century. And through the new Commission on Enhancing National Cybersecurity, the President is helping set forth a roadmap for how to tackle these challenges in the decades to come.


Michael Daniel is a Special Assistant to the President and Cybersecurity Coordinator. Tony Scott is the U.S. Chief Information Officer. Dr. Ed Felten is the Deputy U.S. Chief Technology Officer. 

No comments: