Governance & Risk Management

The President's 10-Point Cybersecurity Action Plan

Obama to Name IT Security Adviser
The President's 10-Point Cybersecurity Action Plan
President Barack Obama on Friday presented a 10-point near-term action plan aimed at securing the federal government's and the nation's critical IT infrastructure.

"This new approach starts at the top, with this commitment from me: From now on, our digital infrastructure - the networks and computers we depend on every day - will be treated as they should be: as a strategic national asset," Obama said. "Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage."

Though he said he would personally pick a cybersecurity adviser, no choice has been made. That person, though, will not report directly to the president, which could disappoint those on Capitol Hill seeking a higher ranking adviser.

Still, initial reaction from Congress was positive, even among those who had hoped for a more senior-level cybersecurity adviser.

"This White House report is a good starting point for the work that lies ahead and incorporates many of the CSIS (Center for Strategic and International Studies) recommendations, including increased coordination between the private and public sectors and within various government agencies," Rep. Jim Langevin, the Rhode Island Democrat who co-chairs the House Cyber Security Caucus as well as the CSIS's Commission of Cybersecurity for the 44th Presidency said in a statement. "I am especially pleased to hear President Obama refer to our cyber infrastructure as a strategic national asset a top national security priority."

Karen Evans, who served as the de facto federal chief information officer for more than five years until this past January, said she was excited by Obama's remarks, which recognize the importance of cybersecurity to the entire nation. What impressed her, she wrote in an e-mail message, was the coordination of IT security policy between the new cybersecurity director and the federal CIO and chief technology officer. Plus, she said, there's accountability. "The difference I see now is there is one person the president will hold accountable to address this issue to ensure all aspects are being addressed throughout the country while also addressing the economic impact of any future policy direction," she said.

The president assured Americans that the government will not monitor private-sector networks or Internet traffic. "We will preserve and protect the personal privacy and civil liberties that we cherish as Americans," he said. "Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be - open and free."

In his White House speech, Obama said he plans to:

1. Appoint a cybersecurity policy official responsible for coordinating the nation's cybersecurity policies and activities; establish a strong National Security Council directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the National Economic Council, to coordinate interagency development of cybersecurity-related strategy and policy.

2. Sign off on an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of Comprehensive National Cybersecurity Initiative activities and, where appropriate, build on its successes.

3. Designate cybersecurity as one of his key management priorities and establish performance metrics.

4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate.

5. Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the federal government.

6. Initiate a national public awareness and education campaign to promote cybersecurity.

7. Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.

8. Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement.

9. In collaboration with other Executive Office of the President entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.

10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation.

"The task I have described will not be easy," Obama said. "Some 1.5 billion people around the world are already online, and more are logging on every day. Groups and governments are sharpening their cyber capabilities. Protecting our prosperity and security in this globalized world is going to be a long, difficult struggle demanding patience and persistence over many years.

"But we need to remember: We're only at the beginning. The epochs of history are long - the Agricultural Revolution; the Industrial Revolution. By comparison, our Information Age is still in its infancy. We're only at Web 2.0. Now our virtual world is going viral. And we've only just begun to explore the next generation of technologies that will transform our lives in ways we can't even begin to imagine."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.