Login | April 19, 2024
Federal government moves forward on cybersecurity and data breach issues
RICHARD WEINER
Technology for Lawyers
Published: September 2, 2016
Under new recently guidelines promulgated by the White House, the federal government is streamlining how data breaches are handled, and seeking far more money to help fight this growing problem.
The guidelines and funding are a part of the president’s Cybersecurity National Action Plan (CNAP), which came out of the bipartisan Cybersecurity Act of 2015.
In conjunction with rolling CNAP out, the Obama Administration has announced that it is seeking $19 billion for cybersecurity in 2017, an increase of $5 billion dollars. Much of that money will be dedicated to updating current equipment, and funding a new government position, to be called the federal chief information security officer.
In addition, in late July, President Obama announced a centralized plan for how the federal government should respond to cybersecurity breaches in an attempt to clarify what governmental agencies should be handling these matters.
The guidelines first separate data breaches into two categories: a “cyber incident” and a significant cyber incident.” The latter is capable of inflicting “serious harm” to U.S. interests, the economy, etc.
A new response group, dubbed the Cyber Unified Coordination Group (UCG), will facilitate coordination among government agencies after a significant breach. The heavy lifting will be done by departments of Homeland Security and the Office of the Director of National Intelligence.
The directive laid out five types of approaches to these breaches, all of which attempt to balance the interests of the government, private industry, private citizens affected by a breach, and the public’s right to know.
According to the directive, the document recognizes that all parties share an interest in and responsibility for preventing cyberattacks and in responding to them appropriately. The government will take responsibility for triaging incidents and assigning resources appropriately. The government will respect the privacy of enterprises and individuals to the extent possible under the law. All agencies involved will share information with all other agencies in a timely fashion. All responses will be constructed in such a way to return victims to normalcy as soon as possible.
So there you go?
A full overview of CNAP can be found here: https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan.