Following the announcement of the President’s Cybersecurity National Action Plan (CNAP), an initiative designed to “enhance cybersecurity capabilities within the Federal Government and across the country,” the White House has released a fact sheet outlining the different components of the CNAP. The announcement of the CNAP follows the President’s request for $19 billion in funding for cybersecurity initiatives in fiscal year 2017, an increase of 35% over the previous year’s request. The CNAP includes a mixture of near-term measures and long-term objectives, with the ultimate goal of enhancing the federal government’s cybersecurity posture while encouraging private citizens and businesses to do the same. Some of the most significant aspects of the CNAP, discussed further below, include:
- The launch of a cybersecurity awareness campaign to promote the use of multi-factor authentication;
- A “systematic” review by the White House to identify areas where the federal government can reduce the use of Social Security Numbers as individual identifiers;
- Plans for the development of a Cybersecurity Assurance Program to test and certify connected devices against certain security standards;
- The creation of a Chief Information Security Officer (CISO) position within the federal government, coupled with a $3.1 billion initiative to modernize federal agencies’ IT systems and applications;
- The establishment of a commission of private sector cybersecurity experts to offer recommendations on cybersecurity initiatives; and
- The establishment of a Federal Privacy Council, composed of representatives from various key federal agencies, to coordinate guidelines for the federal government’s collection and storage of data.