Today President Obama unveiled his new Cybersecurity National Action Plan as part of his 2017 budget proposal to Congress. The Plan has a broad scope designed to address many of the cybersecurity issues that gained high visibility in 2015. In particular, the Plan focus on issues with Federal cybersecurity infrastructure: modernizing antiquated software and systems vulnerable to cyber attacks, developing uniform cybersecurity practices, and developing best practices for Federal agencies to follow in managing both data security and data privacy.
A strong piece of the Plan involves the Commission on Enhancing National Cybersecurity, which the President established today by executive order. The President will appoint up to twelve people to the Commission, with recommendations from Congressional leadership. The Commission will issue a report before the end of the year making recommendations in a number of cybersecurity areas including IT procurement and modernization practices, best practices for networking security, and cybersecurity risk management for Federal agencies, as well as for business and consumers. The Plan also explains implementation of Commission recommendations.
The President’s proposed budget requests $3.1 billion to modernize Federal agency IT, and to fund the creation of a new Federal Chief Information Officer. The Federal CIO will be tasked with coordinating cybersecurity practices across the Federal Government.
President Obama also signed an executive order directing the Office of Management and Budget to refresh the guidelines and qualifications for Senior Agency Officials for Privacy (SAOP), and for federal agencies to designate SAOPs that meet the revised guidelines. Last, a Federal Privacy Council composed of the SAOPs will be tasked with providing advice to the Office of Management and Budget on good privacy practices, which may form the basis for formal guidance across all Federal agencies.