Obama administration plans new high-level cyber official

February 9, 2016 byTami Abdollah

The Obama administration is creating a new high-level federal official to coordinate cybersecurity across civilian agencies and to work with military and intelligence counterparts, as part of its 2017 budget proposal announced Tuesday.

The $19-billion increase in cybersecurity funding across all government agencies—up more than from 35 percent from last year—is entitled the "Cybersecurity National Action Plan" and is an effort touted by the White House as the "capstone" of seven years of often faltering attempts to build a cohesive, broad federal cybersecurity response. Measures include more training for the , emphasizing measures such as password and pin authentication to sign onto tax data and government benefits. The budget also proposes that the government reduce the use of Social Security numbers for identification.

The tasking of a single high-level official with tracking down cyber intruders in federal government networks establishes a position long in place at companies in the private sector. The lack of such a government role has been especially notable after hackers stole the personal information of 21 million Americans, whose information was housed at the Office of Personnel Management. The U.S. believes the hack was a Chinese espionage operation.

"Today our model is every agency, and in fact, in some cases, sub-agency, is building their cyber defenses pretty much on their own," said Tony Scott, the U.S. Chief Information Officer, who would supervise the new cybersecurity official inside the Office of Management and Budget. He said every agency ends up with varying levels of expertise and capabilities, while small agencies with limited resources struggle with the same challenges a larger agency with more resources does. "That's just frankly a bad model of how to defend against these critical adversaries."

The chief information security officer position, which was posted Tuesday, is expected to be filled in 60 to 90 days, Scott said.

"The bottom line, it's great to have more senior executive-level attention on the issue but the challenge is whether that person will almost certainly be vested with any actual authorities and so it always kind of boils down to that," said Jacob Olcott, a former congressional legal adviser on cybersecurity.

The budget notes that U.S. Cyber Command is building a Cyber Mission Force of 133 teams assembled from 6,200 military, civilian and contractors from across military and defense agencies. The force will be fully operational in 2018 but has already been used for some cyber operations.

The president also proposed a $3.1 billion effort to modernize the often antiquated federal technical infrastructure and networks, replacing legacy systems that have frequently serve as critical gaps in cybersecurity. While many of the proposals such as the new cybersecurity official can be done through existing appropriations or executive authorities, the modernization effort will require congressional approval, said Michael Daniel, special assistant to the president and cybersecurity coordinator.

The White House expects broad support for what has not been a partisan issue.

The budget includes more cybersecurity advisers, a roughly fourfold increase in civilian cyber defense teams at the U.S. Department of Homeland Security, charged with security for the .gov domain, to 48.

The Department of Homeland Security plans to expand its EINSTEIN system, which was created to detect and block cyberattacks on federal agencies. The program received a scathing review last month by the Government Accountability Office, which said the system can only detect known threats but can't deal with more complex threats such as previously unknown "zero-day exploits" or problematic system behavior that could signify an attack.

The president signed an executive order Tuesday creating a permanent Federal Privacy Council, which will bring together privacy officials from across government to help with implementing comprehensive federal privacy guidelines. The president is also establishing a Commission on Enhancing National Cybersecurity that would involve congressional and private sector leaders who will be tasked with making recommendations in government cybersecurity for the next decade.

Rep. Jim Langevin, a Rhode Island Democrat who is co-chairman of the Congressional Cybersecurity Caucus, praised the administration's cybersecurity efforts in the 2017 and for "laying the groundwork for his successor to continue to make needed policy reforms to protect federal infrastructure from the serious threats we face in cyberspace."

Explore further: Congress passes long-stalled cybersecurity bill

Related Stories

Congress passes long-stalled cybersecurity bill

December 18, 2015

Congress on Friday passed legislation to fight cyber threats, pushing the measure through by tucking it into a sprawling government funding bill, after earlier failed attempts.

Obama enlists Pentagon to overhaul security clearance system

January 22, 2016

The Obama administration asked the Pentagon on Friday to help overhaul the federal security clearance system, aiming to turn the page on a devastating data breach that exposed a major vulnerability for U.S. national security.

Long-stalled cybersecurity bill poised for US approval

December 18, 2015

Legislation designed to fight cyber threats appeared poised for congressional passage following several failed attempts, with the White House on track to prevail despite objections from privacy activists.

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

Recommended for you

Engineers use replica to pinpoint California dam repairs

June 26, 2017

Inside a cavernous northern Utah warehouse, hydraulic engineers send water rushing down a replica of a section of a dam built out of wood, concrete and steel—trying to pinpoint what repairs will work best at the tallest ...

Google to stop scanning Gmail for ad targeting

June 23, 2017

Google said Friday it would stop scanning the contents of Gmail users' inboxes for ad targeting, moving to end a practice that has fueled privacy concerns since the free email service was launched.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.