This week is a big one for cybersecurity.
President Obama is using the week before his State of the Union to highlight the importance of cybersecurity and to outline the steps this Administration is taking to tackle this problem head-on. As many companies and government agencies know far too well, the cyber threat is only increasing in breadth, pace, sophistication, and impact. The events of the past year, including numerous breaches into major retailers, a widespread encryption vulnerability known as Heartbleed, and the recent destructive and coercive cyber attack against Sony Pictures Entertainment, clearly demonstrate the need to accelerate collective efforts to increase our nation’s cybersecurity and to preserve and protect our core values as a nation.
Since taking office, this Administration has made cybersecurity a priority. We have focused on better protecting our critical infrastructure, improving the security of federal networks, enhancing our ability to respond to and manage incidents, building international coalitions, and shaping cyberspace to be more secure in the future. Many of my previous blog posts have highlighted our efforts in these areas, and we have indeed made progress. As we start 2015, though, it is clear that a lot more remains to be done. This Administration will continue to pursue all appropriate efforts to defend our citizens, our companies, and our nation from those threats.
So this week, the President is kicking off the new year by launching a series of key policy initiatives designed to tackle some of our most pressing cybersecurity problems in these priority areas. Yesterday, the President focused on consumer protection and privacy. Those actions will help cybersecurity as well, because the more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy. This week, the President is announcing several specific cybersecurity steps, which in turn will also improve consumer protection and privacy, as better cybersecurity results in better data protection. These efforts are mutually reinforcing.
In 2014, Congress passed important cybersecurity measures focused on improving how the federal government protects its own networks and how we are organized to carry out our cybersecurity missions, including: the Federal Information Security Modernization Act of 2014, the National Cybersecurity Protection Act of 2014, the Cybersecurity Enhancement Act of 2014, and the Cybersecurity Workforce Assessment Act of 2014. The passage of these bills, which the Administration strongly supported, demonstrates that when the politics are put aside, we can do a lot together on cybersecurity. The Members who worked on these bills deserve credit for working diligently to ensure that these important bills made it through at the very end of the term.
Congress should build on this momentum and pass additional legislation to increase information sharing with the government, modernize the tools needed by law enforcement to fight cybercrime, and standardize the requirements for when companies must notify customers of data breaches. Yesterday, the Administration released an updated legislative proposal that addresses these three areas:
Cybersecurity is an inherently shared mission between the government and the private sector. No single agency within the government can undertake cybersecurity alone, but even more importantly, the federal government cannot address the cybersecurity threat by itself. We must truly collaborate with the private sector on many levels in order to make our cybersecurity efforts effective.
In that vein, the President also announced that we are planning a White House Cybersecurity Summit, which will take place on February 13 at Stanford University. This event was previewed in October, when the President launched the BuySecure Initiative, and it is the next step in the Administration’s ongoing work to build consumer confidence by enhancing public and private sector consumer financial protection efforts. The Summit will bring together major stakeholders on cybersecurity and consumer financial protection issues -- including senior leaders from the White House and across the federal government, CEOs from a wide range of industries including the financial services industry, technology and communications companies, computer security companies and the retail industry, as well as state government leaders, law enforcement officials, consumer advocates, technical experts, and students. Topics at the Summit will include increasing public-private partnerships and cybersecurity information sharing, creating and promoting improved cybersecurity practices and technologies, and improving adoption and use of more secure payment technologies.
We know that a robust cyber workforce is needed to ensure that we have enough trained professionals to meet the nation’s growing need for cyber defenders. Right now, there is a large and growing demand for these workers chasing a smaller supply. Acknowledging that this is a problem for everyone -- the federal government, state and local governments, and the private sector -- we have been working to develop a unity of effort to accelerate progress in this area. In this spirit, the Vice President will announce on Thursday that the Department of Energy will provide $25 million in grants over the next five years to support a cybersecurity education consortium consisting of 13 Historically Black Colleges and Universities and two national labs. This will build on our existing work under the National Initiative for Cybersecurity Education.
Collectively, this week’s announcements kick off a new year in which we intend to make real progress in improving the nation’s cybersecurity. These actions demonstrate that we are taking steps to mobilize every element of our nation to rise to the challenge. I look forward to continued progress across all our cybersecurity priority areas in the run up to the Cybersecurity Summit and beyond. Over the coming year, the Administration will continue to press forward doing everything it can to improve cybersecurity, both domestically and internationally. We know that legislation, education, and a summit by themselves won't solve the cybersecurity problem. So the actions outlined above are just the start of our work in 2015 -- we've got more to come.