Obama seeks $3.1 billion for cybersecurity
Government systems are archaic, president says
WASHINGTON — President Barack Obama said Tuesday he is asking Congress for $3.1 billion to update the government’s archaic computer systems to protect them from cyberattacks as part of a new, centralized effort to boost cybersecurity.
Obama said he will hire a new chief information security officer — but whose salary would be paltry compared to those paid by big businesses — and expand the government’s troubled “Einstein” intrusion-prevention technology. Obama said some infrastructure is downright ancient, with the Social Security Administration relying on systems from the 1960s that are vulnerable.
“That’s going to have to change,” Obama said, flanked by top national security advisers in the Roosevelt Room. “We’re going to have to play some catch-up.”
Across town, the director of national intelligence, James Clapper, warned Congress that Russia, China, Iran and North Korea are the most serious threats to U.S. information systems. Clapper also said increasingly connected devices and appliances make the country vulnerable in new ways.
Obama’s comments came after the release of his 2017 budget proposal. Obama is asking Congress for $19 billion more in cybersecurity funding across all government agencies — an increase of more than from 35 percent from last year.
Dubbed the “Cybersecurity National Action Plan,” the White House touted the plan as the “capstone” of seven years of work to build a cohesive federal cybersecurity response — an effort that has often faltered in the past.
Obama said some problems could be fixed relatively quickly, but added he was directing his advisers to focus also on anticipating future threats so that cyberse- curity protections can adapt.
“I’m going to be holding their feet to the fire to make sure they execute on this in a timely fashion,” Obama said.
Other plans would make it less convenient — but ostensibly more secure — for citizens to access their personal records by increasing use of passwords and PIN authentication. The budget also proposes that the government reduce the use of Social Security numbers for identification. None of the suggestions appeared groundbreaking or entirely novel. Many were previously suggested in government and industry reports, and some appeared to replicate previous efforts.
“A lot of this stuff is not new,” said Randy Sabett, a former National Security Agency crypto-engineer. Sabett worked on a cybersecurity commission report that advised Obama on the subject in 2008. Success would depend on administration leadership, he said, adding: “The window dressing is there; now what’s behind the curtains.”
The hiring of a single high-level official to deal with cyber intruders in federal government networks establishes a position long in place at companies in the private sector. The job posting Tuesday indicated it will pay between $123,000 and $185,000 — although the largest companies pay far more for the same job.
The lack of such a government role has been especially notable after hackers stole the personal files of 21 million Americans from the Office of Personnel Management. The new security job is expected to be filled in 60 to 90 days, said Tony Scott, the U.S. chief information officer. The White House said that person will report to Scott and set and monitor performance goals for agencies. Scott said the person would make sure strategies are consistently applied across agencies.
It remains to be seen whether the person will have enough authority, said Jacob Olcott, a congressional cybersecurity adviser.