Key components of the Obama administration’s multipronged cybersecurity initiative keep falling into place.
One of the most recent developments was the formation of a federal Commission on Enhancing National Cybersecurity. Another was the formal introduction in Congress of the administration’s information technology investment plan, which is heavily tilted toward cybersecurity protection. Both are elements of the Cybersecurity National Action Plan, or CNAP, which was launched earlier this year.
Earlier this month, President Obama appointed 12 people to the commission, including representatives from private sector IT companies such as Microsoft, IBM, Facebook,CrowdStrike andFrontier Communications.
The goal of the panel is to make recommend actions that can be taken over the next decade to enhance cybersecurity awareness and protections throughout government and the private sector, according to a White House statement.
“I have charged the commission with the critically important task of identifying the steps that our nation must take to ensure our cybersecurity in an increasingly digital world,” Obama said.
The commission will issue a set of recommendations by December.
The selection of commission members involved the participation of congressional leaders for both major parties, the administration emphasized. Another goal was to ensure the positive participation of the private sector.
The chairman of the commission will be Tom Donilon, former assistant to the president and national security adviser, while Sam Palmisano, former CEO at IBM, will serve as vice chair.
Panel Has Short Deadline
“So with a chairman who understands government and national security issues, a vice chairman from the private sector who understands the intimacies of computing, of the digital world, the economic aspects of this, I think we’ve got two of the best possible people to head up this effort,” Obama said.
Panel members are “going to be thinking about everything from how do we keep the huge databases that exist in the federal government more secure to how do we more effectively work with critical sectors of our economy, whether it’s the financial sector or our critical infrastructure, like utilities, to make sure their systems are more secure,” he said.
“There is a lot of optimism regarding the CNAP, and we are pleased to see a strong representation of the industry on the commission. We are hopeful that the commissioners will be able to complete their tasks in the limited time that they have been given,” said Elizabeth Hyman, vice president for public advocacy atCompTIA.
“There is only a six-month window, and commissioners are voluntary and part-time, so it is a heavy lift. That said, we hope the commissioners will vigorously consult their colleagues in the industry that are not on the commission to help reach their goals and to come up with technology-neutral solutions that can keep up with the rapidly changing threat landscape,” she told the E-Commerce Times.
“It is imperative that we lay the groundwork for the safer and more resilient use of emerging technologies and digital information for generations to come. Doing so involves solving hard problems with no easy answers, but that doesn’t mean there aren’t answers. I’m optimistic that we can find those answers if we pull together with a unity of purpose,” said commission member Steven Chabinsky, CrowdStrike’s chief risk officer.
The panel will “be soliciting comments from the public, as we seek to recommend actionable steps that balance the often competing demands of security, privacy, functionality, convenience and cost — all within a dynamic, interoperable, expansive and international context,” he noted.
Modernization Plan Mirrors Private Sector
Another component of the initiative is a proposal to upgrade federal IT, concentrating on cybersecurity. Rep. Steny Hoyer, D-Md., the Democratic Party minority whip, this month introduced the Information Technology Modernization Act on behalf of the Obama administration.
The bill, HR 4897, proposes spending US$3.1 billion for IT cybersecurity and modernization projects in fiscal year 2017 through a revolving fund. Federal agencies would return to the fund future savings from upgrades to develop a continuing, sustainable financial vehicle. Projects would be vetted through a board of federal experts in cybersecurity and all aspects of project management.
The fine print of the legislation addresses an issue of longstanding concern in federal IT management: the elimination of redundant IT systems that are inefficient and potentially insecure in favor of improved resources that can be shared by federal agencies on a common basis.
“This bill will rapidly upgrade our federal IT systems that are most in need of upgrading, either from being cybersecurity risks, inefficient or costly to maintain. It will implement the upgrades using the latest best practices from our innovation economy in Silicon Valley and all across our country,” Hoyer said.
The funding and management model of the ITMF is “a novel proposal for the government, though it is one that has an already established track record of success in the private sector when it comes to modernizing services, increasing cybersecurity and bringing costs down over the long term,” he said.
Additional Cybersecurity Protections
“A key goal of the bill is to upgrade legacy IT systems, which we applaud,” said Tina Stewart, vice president of marketing atVormetric.
“Our overall take is that the effectiveness of the modernization fund will rest on how the money is spent. To be most effective, funds should be used to replace legacy systems and invest in solutions that protect the data running our country,” she told the E-Commerce Times.
Additional solutions could improve cybersecurity, Vormetric suggested in a recently released analysis of the federal environment conducted with 451 Research. Bolstering network and endpoint protection should be reinforced with other safeguards for existing data at rest. Tools such as encryption and privileged access controls would be appropriate.
“We primarily focus our public sector efforts at the state and local level, but we strongly encourage any scenario where the federal government elevates a priority of our membership, like IT modernization, as it sets a good example for the states,” said CompTIA’s Hyman.
“Our members believe that whenever government IT systems are consolidated and modernized, there needs to be a centralized strategy that has enterprise-wide authority and insight. We are encouraged to hear that the federal government plans to use a centralized board and the 18F unit within the General Services Administration to accomplish the strategic planning,” she said.
The 18F unit was established to expedite federal IT contracting by providing agencies with technical assistance and innovative acquisition approaches.