The Obama administration is creating a new high-level federal official to coordinate cybersecurity across civilian agencies and to work with military and intelligence counterparts, as part of its 2017 budget proposal announced today.
The USD 19-billion increase in cybersecurity funding across all government agencies up more than from 35 per cent from last year is entitled the "Cybersecurity National Action Plan" and is an effort touted by the White House as the "capstone" of seven years of often faltering attempts to build a cohesive, broad federal cybersecurity response.
Measures include more training for the private sector, emphasising measures such as password and pin authentication to sign onto tax data and government benefits. The budget also proposes that the government reduce the use of Social Security numbers for identification.
The tasking of a single high-level official with tracking down cyber intruders in federal government networks establishes a position long in place at companies in the private sector. The lack of such a government role has been especially notable after hackers stole the personal information of 21 million Americans, whose information was housed at the Office of Personnel Management. The US believes the hack was a Chinese espionage operation.
"Today our model is every agency, and in fact, in some cases, sub-agency, is building their cyber defenses pretty much on their own," said Tony Scott, the US Chief Information Officer, who would supervise the new cybersecurity official inside the Office of Management and Budget.
He said every agency ends up with varying levels of expertise and capabilities, while small agencies with limited resources struggle with the same challenges a larger agency with more resources does. "That's just frankly a bad model of how to defend against these critical adversaries."
The chief information security officer position, which was posted Tuesday, is expected to be filled in 60 to 90 days, Scott said. The White House said that person will "drive cybersecurity policy, planning, and implementation for IT systems across" the federal government and set and monitor performance goals for agencies.
"The bottom line, it's great to have more senior executive-level attention on the issue but the challenge is whether that person will almost certainly be vested with any actual authorities and so it always kind of boils down to that," said Jacob Olcott, a former congressional legal adviser on cybersecurity.
The budget notes that US Cyber Command is building a Cyber Mission Force of 133 teams assembled from 6,200 military, civilian and contractors from across military and defense agencies. The force will be fully operational in 2018 but has already been used for some cyber operations.
