On Feb.ruary 9,th President Barack Obama released his Cybersecurity National Action Plan, which many accurately described as the culmination of seven years of this administration’s work on a dynamic and critical topic. As breach after breach affected retailers, banks, health insurance companies and the government, the public and media have paid more and more attention to this long-standing problem. Now tThe federal government’s budget is also allocating the appropriate resources, both in money and staffing, needed to mitigate the threats that emanate from cyberspace.
While the public is now more conscious of the threat it faces, resilience in the face of these threats is the next obstacle to tackle. Though it doesn’t come cheap, resiliency measures are critical to ensuring that American businesses and citizens thrive while maintaining their privacy. The federal government plays a key role in securing a cyber environment where the economy can flourish.
While many point to the $3.1 billion for IT modernization — and the $19 billion overall invested in cybersecurity in the fiscal 2017 budget — there were other announcements of equal import that must be highlighted, which will arguably make as much (if not more) of a difference — particularly for the U.S. Department of Homeland Security (DHS).
The increase in the number of Ffederal civilian cyber defense teams is a critical step. These 48 teams can provide on-site incident response for government agencies and private-sector partners to accurately assess the origin of the attack or threat; determine if any data was stolen, deleted, or changed; and arm the affected organizations with the appropriate cyber hygiene steps to help stop future breaches or incidents.
That the fiscal 2017 budget includes money for these teams shows the president’s seriousness and urgency in not only defending networks, but also the forensics behind identifying the perpetrators and restoring networks to working order. Further, the administration’s forthcoming policy for national cyber incident coordination — which will likely outline DHS and their incident response team, led by US-CERT — will be another key element to improve the nation’s cyber resilience.
Cyber hygiene is another piece of this puzzle and layer of security that is an important part of President Obama’s plan that did not receive much attention. The plan’s points concerning multifactor authentication and arming the American public with simple and actionable information to protect themselves in this increasingly digital world are tools the public needs to protect their privacy and secure their information.
Recently in fact, California's Attorney General pointed to the 20 Critical Security Controls as the standard for reasonable measures that must be taken to ensure the security of the public's sensitive data in her annual data breach report and recommendations. This baseline for hygiene is an important starting point upon which DHS and its cyber defenders can build upon.
These important steps leave DHS with several opportunities to improve cybersecurity for both the federal government and ordinary citizens. DHS should brand and align its National Cybersecurity and Communications Integration Center and US-CERT office with other computer emergency response or readiness teams as the nation’s premier cyber incident response unit. This is also the time for DHS to highlight its expertise in vulnerability or compromise assessment and mitigation of malicious activity in cyberspace through programs like Einstein and Continuous Diagnostics and Mitigation. Although the main focus of these programs is to secure federal civilian networks, there are obviously many far-reaching benefits that ought to be better publicized.
I commend the president and his team for engineering a budget that reflects a serious investment in building an infrastructure to secure cyberspace for our nation’s security and economic prosperity. And I know that DHS and Secretary Jeh Johnson will capitalize on this opportunity.
Chris Cummiskey is the CEO of MarkAny Cyber and a former acting under secretary for management at DHS.
Chris Cummiskey is a former Acting Under Secretary at the Department of Homeland Security, who was active in cyber issues and a Senior Fellow at the George Washington University Center for Cyber and Homeland Security
