On February 9, 2016, the Obama administration released its final budget, which includes a request for $19 billion to fund the Cybersecurity National Action Plan (CNAP). The CNAP sets forth a variety of cybersecurity and privacy initiatives, the headliners of which are detailed in two executive orders released alongside the budget.
First, Executive Order 13718 establishes a twelve member Commission on Enhancing National Cybersecurity (Commission). In short, the Commission is charged with making recommendations to strengthen cybersecurity in the public and private sectors by studying the behavior of technology users and providers, improving awareness of cybersecurity risks and improving access to the knowledge needed to make informed risk management decisions. Specifically, by December 1, 2016, the Commission is to develop recommendations in at least five substantive areas:
- bolstering protection of systems and data, including through the advancement of identity management;
- stabilizing security in the context of the Internet of Things;
- identifying research and development initiatives that can enhance cybersecurity;educating and training the cybersecurity workforce in the federal government and the private sector; and
- improving cybersecurity education in the general public.
In his Budget Message President Obama recognized the need to take “bold, aggressive action” on cybersecurity by empowering government, companies and individuals while protecting privacy. Indeed, the executive actions are well-timed, as they come just one day after the latest breach of federal employees’ personal information. In light of persistent cybersecurity risks, companies should monitor the recommendations of the Commission and the Privacy Council and ensure their actions are consistent with best practices.