Why the White House Wants to Spend $19 Billion on Cyber-Security

President Obama has earmarked $19 billion to fund his Cybersecurity National Action Plan to improve cyber-security. Here are some of the key components of the plan.

President Obama argues in his Cybersecurity National Action Plan that implementing it is critical to national security. In a statement, the White House said “criminals, terrorists, and countries that wish to do us harm” have increasingly discovered that one of the best ways to attack the U.S. is online. And as witnessed in recent years, those online attacks are only increasing in frequency and severity.

One part of the cyber-security plan is to establish what the president is calling the Commission on Enhancing National Security. That commission will be established this year and will include “top strategic, business, and technical thinkers.” Commission members will come from outside government and provide recommendations to the administration on how to improve cyber-security and develop best practices to enhance “public safety.”

As recent hacks on government agencies clearly show, modernizing networks to safeguard against attacks is exceedingly important. Realizing that, the plan includes a $3.1 billion IT Modernization Fund that would be used to buy new hardware, software and other platforms to enhance the government’s security. President Obama also hopes to use those funds to hire a new federal chief information security officer (CISO) to lead that effort.

The president seems resigned to the reality that he cannot achieve his strategic goals without getting help from the private sector. So the plan includes working with some of the technology industry’s biggest companies, including Google, Facebook and Microsoft, to enhance security for American citizens.

In a further effort to help Americans improve their individual privacy and security, the plan calls for an educational component that would remind folks to use enhanced security techniques, including two-factor authentication. President Obama believes that the more secure users keep their data, the safer we all are.

The plan also calls for the establishment of another body, known as the Federal Privacy Council. That council, established through an executive order signed on Feb. 9, will be an “interagency forum” to enhance the government’s own handling of citizen information, so it’s not stolen by hackers. The council will be composed of senior officials at many federal agencies, and its sole purpose will be to institute policies across the government that will safeguard any citizen information that flows through federal computer systems.

To address concerns about attacks on critical infrastructure, like electric grids, the government will work with companies to conduct ongoing tests to analyze and maximize their security. In fact, the president’s plan will build a National Center for Cybersecurity Resilience, where companies will be able to test system security in a secure environment. The White House says it envisions the Center “subjecting a replica electric grid to cyber-attack” to see how the grid might respond to a real attack.

The cyber-security plan targets cyber-criminals in several ways. For one, the plan calls for a 23 percent increase in funding for law enforcement to combat cyber-criminals. In addition, the administration is building a governmental Cyber Mission Force that will be fully operational with 6,200 enforcement officials by 2018. To combat cyber-criminals living overseas, the U.S. is also working with allies to more easily take on hackers and other so-called “bad actors.”

In response to ongoing hacking activity, the White House plans to publicly release this spring a policy for national cyber-incident coordination. While details are slim, the policy will include a scale for a hack’s severity and aim at improving the communication between federal agencies and companies whenever an attack occurs. The hope is to ultimately learn from the mistakes that occurred in a particular attack and implement key findings to reduce the chances of another attack.

As noted, the entire Cybersecurity National Action Plan will get $19 billion in funding under the president’s budget proposal. About $3 billion of that will be spent on IT modernization, but the rest has not yet been earmarked by line item. In a statement, the White House would only say that the sum would be used to fund the aforementioned programs, provide additional resources to government agencies and “help private sector organizations and individuals better protect themselves.”