Just days after yet another big government data leak, President Obama announced a sweeping proposal that would make cybersecurity a major government priority, boosting infosec spending by 35 percent. The proposal mostly includes long-overdue catch-ups: mandating basic security measures like two-factor authentication, and updating creaky old IT infrastructure that Obama himself called “like an Atari game in an Xbox world.”
The plan also calls for hiring a chief information security officer—a position that has existed in most private organizations for a decade—to drive these changes. Noticeably absent: mandating endpoint data backup, a critical step in building the government’s breach response protocol.
Cybersecurity budget boost shows commitment to fighting cyber threats
Though industry experts are quick to point out that the government can’t simply spend its way to security, the proposed $5 billion budget increase—at a time when most budgets are flat or shrinking—shows how seriously the White House views cyber threats. In a Wall Street Journal piece, Obama promised, “protecting America’s digital infrastructure is going to remain a top national-security priority,” saying it’s critical to protecting America’s competitive advantage and leadership in the global economy. The proposal is a bold move for a president at the end of his tenure—and the biggest cybersecurity push from Obama, who talked about cybersecurity on the 2008 campaign trail.
The major financial commitment leaves many questions. Namely, how will the money be spent to improve cybersecurity? The $19 billion 2017 budget isn’t broken down by agency, and Obama did not outline top priorities. It isn’t yet clear how new initiatives relate to existing cybersecurity efforts in various government agencies. Without this detail, Congress will have a tough time considering the proposal—and that’s assuming that the plan doesn’t get caught in the adversarial gridlock that currently dominates the legislature.
Engaging Silicon Valley in the cybercrime defense
Identifying and implementing solutions will take time. How can big, lumbering government keep up with the breakneck pace at which malware and cyber threats evolve?
Perhaps the brightest hope is the proposal’s focus on bringing the “brightest minds” to bear on government IT challenges. This includes targeted recruiting initiatives, scholarships and student loan forgiveness. Obama even joked, “we’ll even let them wear jeans to the office.” The plan also aims to enhance partnerships with the private sector, building on the (mandated and questionable) collaboration enabled by the Cyber Information Sharing Act (CISA) passed in late 2015. The government has already made some more under-the-radar inroads on this public-private cybersecurity work, creating a permanent Department of Defense unit in Silicon Valley—the Defense Innovation Unit Experimental (DIUx) —in October 2015. This unit includes around a dozen people whose job is to seek out new technologies and establish relationships with top digital security minds to help solve government IT problems.
Can big government keep up with evolving threats?
Overall, it’s hard not to be cynical about the fruits of these efforts. The IT updates are bare necessities—and not yet proactive protection. It is definitely time to focus the nation’s brightest minds on government IT problems. But when these experts make their recommendations, will the government be able to move fast enough?
In the meantime, the private sector would be wise to remain wary of government data leaks. If your organization regularly exchanges data with government agencies, don’t let the government’s weak spots put you at risk. Make sure you have the proper tools in place, from first-line antivirus defenses to an endpoint data backup solution, to ensure the integrity of and visibility into all of your data.
Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.