New White House national cybersecurity plan is better late than never
Washington, D.C. — In the immediate wake of yet another high-profile government data breach, the White House has announced the Cybersecurity National Action Plan, a series of steps meant to harden United States government systems and provide additional resources for the private sector. The plan announced today is the roadmap that we could have used at the beginning of President Obama’s term of office. However, it is better to take these necessary steps late than not take them at all.
“The announcements today reflect important and necessary steps toward ensuring the security of our data and systems, both in the U.S. and globally. This is the comprehensive thinking we should have seen several years ago from this administration,” said Amie Stepanovich, U.S. Policy Manager at Access Now. “Transparency will be key in implementing this strategy, and there is still much to be done.”
The plan includes creating a new Chief Information Security Officer position for the White House and increasing spending on cybersecurity by 35%. The additional funding would, among other things, help modernize federal government information technology systems.
In addition, the plan creates a “Commission on Enhancing National Cybersecurity,” which will be made up of private sector representatives, and which will report back this year on next steps needed for cybersecurity. There will also be an ad campaign to push for increased use of multi-factor authentication, including on government websites.
These are welcome developments. Several of the announcements today reflect the joint recommendations in a letter Access Now spearheaded nearly two years ago. In our joint letter, we and our partners urged President Obama to veto privacy-invasive, information-sharing “cybersecurity” legislation, and instead support policy and legislation that would actually increase security. Unfortunately, members of Congress and the administration then spent years pushing through just this type of information-sharing legislation, which most security experts agree has only minor benefits, while containing provisions that not only harm our privacy but also have potential to harm our cybersecurity.
“The federal government has consistently shown itself to be unprepared to face cybersecurity challenges, as this latest breach shows. These new steps are overdue, badly needed, necessary steps to shore up our government systems and the broader cybersecurity system as a whole,” said Drew Mitnick, Policy Counsel at Access Now.
Also released was a new Executive Order to create a privacy council to examine issues around federal privacy guidelines and the push for common standards. The order requires each agency to have on staff a “Senior Agency Official for Privacy,” to serve the equivalent purpose of a Chief Privacy Officer.
Attributable to Amie Stepanovich, U.S. Policy Manager at Access Now:
“In addition, the president’s Executive Order on privacy will hopefully lead the way forward to a consistent, strong approach to protecting privacy. Privacy rights should be applied with the same robustness whether it is by domestic services, law enforcement, or intelligence agencies. The importance of a consistent approach to privacy is only growing as more information flows across the world wide web.”
Amie Stepanovich, U.S. Policy Manager, Access Now
Drew Mitnick, Policy Counsel, Access Now