President Obama's Cybersecurity National Action Plan (CNAP), a comprehensive plan to address the nation's cybersecurity challenges through increased funding, a more robust cybersecurity workforce, and education initiatives, was announced on February 9, 2016. Highlights of CNAP include:

  • Creating an Information Technology Modernization Fund: The President’s 2017 budget proposes a $3.1 billion fund which will enable the retirement, replacement, and modernization of legacy IT infrastructure, networks, and systems that are difficult to secure and expensive to maintain.
  • Creating a Federal Chief Information Security Officer (CISO): The CISO will be responsible for driving cybersecurity policy, planning, and implementation across the federal government.
  • Empowering individuals: The National Cybersecurity Awareness Campaign launched by the National Cyber Security Alliance (Alliance) is designed to educate individuals so that they can protect themselves in an increasingly digital world. The Alliance will partner with leading technology firms and financial services companies to make it easier for users to secure their online accounts and make transactions more secure.
  • Investing in cybersecurity: The President’s fiscal year (FY) 2017 budget designates more than $19 billion to cybersecurity, a more than 35 percent increase from FY 2016 in overall federal resources for cybersecurity.
  • Expanding the cybersecurity workforce: The President’s budget also calls for enhancing student loan forgiveness programs for cybersecurity experts who join the federal workforce and investing in cybersecurity education as part of the “Computer Science for All” initiative. The initiative is designed to give all students in the United States the chance to learn computer science in school. 

A significant aspect of CNAP is the creation of a bipartisan federal Commission on Enhancing National Cybersecurity (Commission). The Commission, created by Executive Order on February 9, 2016, is to be comprised of “top strategic, business, and technical thinkers” and is tasked with “mak[ing] detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices.” The Executive Order requires the Commission to submit a final advisory report to the President by December 1, 2016. At a minimum, the report will include the Commission’s recommendations regarding:

  • How best to bolster the protection of systems and data, including how to advance identity management, authentication, and cybersecurity of online identities;
  • Ensuring that cybersecurity is a core element of Internet of Things and cloud computing technologies, and that the policy and legal foundation for cybersecurity in the context of the Internet of Things is stable and adaptable;
  • Further investments in research and development initiatives that can enhance cybersecurity;
  • Increasing the quality, quantity, and level of expertise of the cybersecurity workforce in the federal government and private sector, including through education and training;
  • Improving broad-based education of commonsense cybersecurity practices for the general public; and
  • Any other issues that the President requests the Commission to consider. 

President Obama has selected former national security advisor Thomas E. Donilon to serve as chairman of the Commission. Samuel J. Palmisano, formerly IBM’s CEO, will serve as vice-chairman of the Commission. 

Ballard Spahr's Privacy and Data Security Group monitors legislative and regulatory developments at both the federal and state levels and can assist with establishing or enhancing cybersecurity programs. We are also available to offer specific guidance on sharing and receiving cyber threat information with governmental entities. 

Copyright © 2016 by Ballard Spahr LLP.
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.