President Barack Obama on Feb. 9 proposed spending more than $19 billion over the next year on cyber-security initiatives as part of a new plan to better protect the computers, networks and data of U.S. citizens, businesses and government agencies.
The initiatives, which the administration wove together in its 2016 budget proposal as the Cybersecurity National Action Plan (CNAP), aim to secure government computers and increase the security of corporate networks and citizens’ data. The White House earmarked $19 billion in its proposed budget for cyber-security, an increase of 35 percent over the previous year, Michael David, special assistant to the President and cyber-security coordinator, said in a statement posted to the official White House site.
“The President believes that meeting these new threats is necessary and within our grasp,” David said. “But it requires a bold reassessment of the way that we approach security in the digital age and a significant investment to ensure we can implement the best security strategies.”
The cyber-security spending increase is part of the $4.1 trillion federal budget proposal Obama sent to Congress on Feb. 9.
The plan follows yet another abysmal year for American citizens’ efforts to protect their personal data. The U.S. Office of Personnel Management reported in June that hackers had compromised its systems and stolen extremely sensitive information on federal employees and job seekers—information which included the contents of background checks.
In November, federal authorities charged three men with infiltrating and stealing data from nine financial institutions and publishers, including JPMorgan, Dow Jones, Scottrade and eTrade. Information on more than 100 million customers was compromised in the breaches.
A variety of initiatives make up the Cybersecurity National Action Plan. The Obama Administration plans to establish a panel of experts to advise the government on ways to improve its cyber-security and to protect citizens’ data. The administration also proposed a federal chief information security officer (CISO) to identify weak spots in the infrastructure. The White House also intends to expand education initiatives to make consumers more security aware, such as teaching people that passwords are not enough.
Security firms applauded the Obama Administration’s efforts, but also pointed out numerous shortcomings of the plan. The CISO, for example, will be ineffective, unless given direct power over the government's cyber-security infrastructure.
“The CISO needs to be both a leader and a recognized cyber-security expert who can move the needle quickly and make decisions on behalf of the entire federal government,” Mark Weatherford, chief strategist for cyber-security firm vArmour, said in a statement sent to eWEEK. “Without this level of authority, there is no chance for any real success.”
Before joining vArmour, Weatherford served in the Department of Homeland Security as its first deputy undersecretary for cyber-security.
Avivah Litan, research vice president with business intelligence firm Gartner, agreed that a federal CISO needs to have power to require agencies to secure their infrastructure.
“Obviously it is a step in the right direction, but in many ways, it is just one more level of bureaucracy,” she told eWEEK.
Pointing to reports from last year that showed the Internal Revenue Service paid out more than $5 billion to fraudsters as part of tax-refund fraud schemes, Litan argued that security improvements at the IRS could easily pay for themselves in reduced losses due to fraud.
“They should not have to allocate extra money for the civilian agencies,” she said.