I give President Obama credit for the attention he has paid to cybersecurity over his two-term tenure. Only a few months into his first term, on 29 May 2009, Obama gave his first major speech solely focused on securing America’s digital infrastructure, during which he proclaimed, “cyber threat is one of the most serious economic and national security challenges we face as a Nation,” and makes reference to the 60-day Cyberspace Policy Review going forward. There have been several cybersecurity-related Executive Orders, Presidential Policy Directives, Acts, Frameworks, Blueprints, Strategies, and other policies and plans launched out of the White House since that speech. You can see all the Administration’s 2015 cybersecurity accomplishments here and here. This past week, we may have seen one of Obama’s last major cybersecurity efforts in office with the unveiling of the Cybersecurity National Action Plan (CNAP). The White House itself calls it the “capstone of our national cybersecurity efforts.”
The President is directing his Administration to implement a Cybersecurity National Action Plan (CNAP) that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.
Too often we see great ideas and plans throughout all levels of our government and military that aren’t executable due to lack of money and resources. It appears that CNAP intends to avoid this situation committing 19 billion dollars to CNAP for the Fiscal Year 2017 budget. That’s with a B not an M. I imagine every government organization with the word “cyber” anywhere in its mission statement or list of functions will be trying to get a piece of the very large CNAP pie.
The CNAP fact sheet is linked above, but what the White House says you need to know about CNAP is here.
Two new organizations to be formed as a result of CNAP are the Commission on Enhancing National Cybersecurity and the Federal Privacy Council. The prior will be established in the Department of Commerce, have no more than 12 members appointed by the President, and will essentially make recommendations of actions achievable within the next decade to strengthen both public and private sector cybersecurity. The latter is an interagency forum chaired out of the Office of Management and Budget whose membership consists of the Senior Agency Officials for Privacy at 24 named major departments and agencies (at a minimum). Much like the Commission on Enhancing National Cybersecurity, the Federal Privacy Council will be a recommendations body, making recommendations related to Federal government privacy policies and requirements.
While many other areas of our government and military are taking budget cuts, cyber continues to see significant budget increases. I recommend checking out the CNAP Fact Sheet as there are many other embedded initiatives not discussed in this post. I expect we will see the impact of CNAP trickle down throughout government and military cyber organizations, and industry as well.
Lastly, if you are looking for a new job, perhaps being the first ever Federal Chief Information Security Officer (CISO), a position created by CNAP, is right for you. You can find the job posting at the USAJobs site here. But hurry, the application period ends 26 February.
needsmorecyber 