When the Obama administration rolled out its new Cybersecurity National Action Plan (CNAP) in February, the only thing surprising about it was the lack of anything surprising. While the plan mainly sticks to basic security principles, it’s a long-awaited first step in addressing the nation’s digital safety concerns. But, does the plan go far enough?
CNAP includes a number of measures that can be grouped into three categories:
- Modernize legacy software and equipment
- Use two-factor authentication
- Boost competency at every level of the government’s agencies
Let’s look at each of the measures.
Modernize Legacy Software and Equipment
The administration proposes to invest the largest share of the plan – to the tune of $3.1 billion – in updates to its systems and software, with a new chief information security officer to oversee the changes. It may surprise many Americans that such a role doesn’t already exist. Reporting to the government’s appointed chief information officer, this individual would develop, manage and coordinate cybersecurity strategy, policy and operations across the federal domain. While CNAP doesn’t spell out which legacy systems will be replaced, consider this: The government still uses Windows XP, a dinosaur of an operating system that Microsoft stopped supporting two years ago.
Use Two-Factor Authentication
According to the government’s chief information officer, more than 80 percent of government employees already use two-factor authentication. Now, the extra security layer will be extended to Americans who interact with the government’s digital services. Part of the CNAP budget would include a campaign to increase awareness of two-factor authentication in the private sector, something those of us in the risk advisory business have been advocating for a long time.
This one appears to be a no-brainer—CNAP calls for cybersecurity to be handled with competence at every level of the government. What the administration really is addressing is the lack of consistency at all levels. To that end, CNAP proposes to create a new generation of cybersecurity professionals by putting $62 million into programs, grants and scholarships to equip enough people with the skills to become cybersecurity experts.
While the CNAP proposal has good intentions, it lacks detail. It stops short of outlining the critical steps needed in the event of a cyberattack. And, given the impending end of this administration and the opposition forces at work in Congress, the future of implementing even these basic security measures remains doubtful.
Is your business ready to take the next step in protecting against cyberattacks? Skoda Minotti Risk Advisory Services is prepared to help you keep your company’s information safe. Contact us at 888-201-4484 or email firstname.lastname@example.org.