Obama seeks cybersecurity boost to replace 'ancient' tech (Update)

February 9, 2016 byTami Abdollah
Obama seeks cybersecurity boost to replace 'ancient' tech
President Barack Obama meets with members of this national security team and cybersecurity advisers in the Roosevelt Room of the White House in Washington,Tuesday, Feb. 9, 2016. At right is Lisa Monaco, assistant to the president for Homeland Security and Counterterrorism. (AP Photo/Pablo Martinez Monsivais)

President Barack Obama said Tuesday he is asking Congress for $3.1 billion to update the government's archaic computer systems to protect them from cyberattacks as part of a new, centralized effort to boost cybersecurity.

Obama said he will hire a new chief information security officer—but whose salary would be paltry compared to those paid by big businesses—and expand the government's troubled "Einstein" intrusion-prevention technology. Obama said some infrastructure is downright ancient, with the Social Security Administration relying on systems from the 1960s that are vulnerable.

"That's going to have to change," Obama said, flanked by top national security advisers in the Roosevelt Room. "We're going to have to play some catch-up."

Across town, the U.S. director of national intelligence, James Clapper, warned Congress that Russia, China, Iran and North Korea are the most serious threats to U.S. information systems. Clapper also said increasingly connected devices and appliances make the U.S. vulnerable in new ways.

Obama's comments came after the release of his 2017 budget proposal. Obama is asking Congress for $19 billion more in cybersecurity funding across all government agencies—an increase of more than from 35 percent from last year.

Obama seeks cybersecurity boost to replace 'ancient' tech
A close-up of White House Chief of Staff Denis McDonough's folder shows a personal note written by one of his children, during a meeting with President Barack Obama and members of this national security team and cybersecurity advisers in the Roosevelt Room of the White House in Washington,Tuesday, Feb. 9, 2016. (AP Photo/Pablo Martinez Monsivais)

Dubbed the "Cybersecurity National Action Plan," the White House touted the plan as the "capstone" of seven years of work to build a cohesive federal cybersecurity response—an effort that has often faltered in the past.

Obama said some problems could be fixed relatively quickly, but added he was directing his advisers to focus also on anticipating future threats so that cybersecurity protections can adapt.

"I'm going to be holding their feet to the fire to make sure they execute on this in a timely fashion," Obama said.

Other plans would make it less convenient—but ostensibly more secure—for citizens to access their personal records by increasing use of passwords and pin authentication. The budget also proposes that the government reduce the use of Social Security numbers for identification. None of the suggestions appeared groundbreaking or entirely novel. Many were previously suggested in government and industry reports, and some appeared to replicate previous efforts.

"A lot of this stuff is not new," said Randy Sabett, a former National Security Agency crypto-engineer. Sabett worked on a cybersecurity commission report that advised Obama on the subject in 2008. Success would depend on administration leadership, he said, adding: "The window dressing is there; now what's behind the curtains."

Obama seeks cybersecurity boost to replace 'ancient' tech
President Barack Obama meets with members of this national security team and cybersecurity advisers in the Roosevelt Room of the White House in Washington,Tuesday, Feb. 9, 2016. (AP Photo/Pablo Martinez Monsivais)

The hiring of a single high-level official to deal with cyber intruders in federal government networks establishes a position long in place at companies in the private sector. The job posting Tuesday indicated it will pay between $123,000 and $185,000—although the largest companies pay far more for the same job.

The lack of such a government role has been especially notable after hackers stole the personal files of 21 million Americans from the Office of Personnel Management. The U.S. believes the hack was a Chinese espionage operation.

The new security job is expected to be filled in 60 to 90 days, said Tony Scott, the U.S. chief information officer. The White House said that person will report to Scott and set and monitor performance goals for agencies. Scott said the person would make sure strategies are consistently applied across agencies.

It remains to be seen whether the person will have enough authority, said Jacob Olcott, a former congressional legal adviser on cybersecurity.

The budget said U.S. Cyber Command is building a cyber mission force of 133 teams assembled from 6,200 military, civilian and contractors from across military and defense agencies. The force will be fully operational in 2018 but has already been used for some cyber operations.

Many of the proposals such as the new cybersecurity official can be done through existing appropriations or executive authorities, the White House said.

Obama said he expects broad support for what has not been a partisan issue. He said he'd already spoken to House Speaker Paul Ryan about ways Republicans and Democrats could work together.

The plan also calls for expansion of the Homeland Security Department's "Einstein" system, which was created to detect and block cyberattacks on federal agencies. The program received a scathing review last month by the Government Accountability Office, which said it can't deal with complex threats such as previously unknown "zero-day" exploits or problematic system behavior that could signify an attack.

The president also established through executive order a permanent Federal Privacy Council. It will bring together government privacy officials. Obama was also establishing a Commission on Enhancing National Cybersecurity to make recommendations on government cybersecurity for the next decade.

Explore further: Obama administration plans new high-level cyber official

Related Stories

Obama administration plans new high-level cyber official

February 9, 2016

The Obama administration is creating a new high-level federal official to coordinate cybersecurity across civilian agencies and to work with military and intelligence counterparts, as part of its 2017 budget proposal announced ...

Obama enlists Pentagon to overhaul security clearance system

January 22, 2016

The Obama administration asked the Pentagon on Friday to help overhaul the federal security clearance system, aiming to turn the page on a devastating data breach that exposed a major vulnerability for U.S. national security.

Congress passes long-stalled cybersecurity bill

December 18, 2015

Congress on Friday passed legislation to fight cyber threats, pushing the measure through by tucking it into a sprawling government funding bill, after earlier failed attempts.

Long-stalled cybersecurity bill poised for US approval

December 18, 2015

Legislation designed to fight cyber threats appeared poised for congressional passage following several failed attempts, with the White House on track to prevail despite objections from privacy activists.

Recommended for you

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.