What the CNAP (Cybersecurity National Action Plan) Means for You

Earlier this month, President Obama promulgated his Cybersecurity National Action Plan (CNAP) to try to bring alive some of the things mentioned in the Cybersecurity Act of 2015, which the U.S. Congress passed last December. It primarily encourages the private sector to share security events with one another and the federal government.

Six Changes

It starts with creating a blue-ribbon Commission on Enhancing National Cybersecurity, which serves to provide a series of recommendations and actions that strengthen cybersecurity in both the private sector and federal agencies.

Second is a new $3.1-billion Information Technology Modernization Fund, to be included in next year's federal budget for the modernization of various government IT systems.

CNAP will thirdly create a Federal Chief Information Security Officer, the first such position in the federal bureaucracy (although in the past they've had federal CIOs in various agencies). The top salary offered is $185,000 and the position will be based in the OMB office. Candidates were recruited in February.

Launching a National Cybersecurity Awareness Campaign is fourth, and will include (among other things) promoting authentication tools and techniques for private citizens to improve their account-access security. Part of this will incorporate efforts to stop using social security numbers as an identifier of citizens by select federal agencies.

Fifth? Adding $19 billion (more than a one-third increase) to next year's federal budget for a variety of federal programs related to cybersecurity.

Lastly, CNAP aims to double the number of federal civilian cyber-defense teams in the Department of Homeland Security to a total of 48. This also means trying to recruit the best cybersecurity heads from across the federal government and private sector for these teams.

Why They Matter

Is this something you should care about? Yep, no matter what your politics or place of employment. CNAP has, in a few cases, some great ideas that every business should implement. Some things to ponder:

• First, take a look at the new National Center of Cybersecurity Excellence, based in Rockville, Maryland. Run by the National Institute of Standards and Technology (NIST), it has numerous interesting projects that anyone can get involved in. These include a workshop on secure payments, a call for contributions to the Secure DNS project and a host of mobile-device security efforts.
• If you haven't started looking at multifactor authentication to secure your users' accounts, now is the time to do so. A review of several products for Network World is worth reading as you start your own evaluation.
• Third, one of the CNAP elements will be a new CyberCorps Reserve program, which will offer scholarships for Americans who wish to obtain cybersecurity education and work for the government. Once this is put in place, you should apply for financial aid if interested.

Finally, under StaySafeOnline's website called StopThinkConnect, the federal government has a number of pamphlets mostly intended for the public that have some supporting information on using multifactor authentication, among other cybersecurity keep-in-minds.