With the framework explained for a number of government cybersecurity-related initiatives, now it’s time to talk money.
The White House anted up strong in 2015 with proposals for a new data breach notification standard, as well as plans to facilitate information-sharing between the public and private sector, and a determination to clean up and lock down federal networks.
This week, the proposed federal IT budget includes requests for considerably more money for cybersecurity totaling $14 billion. A chunk of the money would also be allocated toward a new E-Gov Cyber division within the Office of Management and Budget that would oversee federal policy development and enforcement of those mandates.
U.S. chief information officer Lisa Schlosser told government IT publication NextGov that the new unit will work with the National Security Council, the Department of Homeland Security and Commerce Department.
The 2016 federal IT budget sets aside $35 million for the new governance division, a number Congress must approve.
“Persistent cyber threats will remain a challenge for the federal government and actually for the nation,” Schlosser told NextGov. “But through some of these coordinated protection, response mechanisms, close collaboration between all the federal cybersecurity partners, we really believe we are in the position to better mitigate the attacks when they do occur.”
The new group will also oversee breach notification when it comes to intrusions of government networks and personal data loss, and hopes to hold most agencies to a 30-day timeline, depending on whether notification would disrupt law enforcement investigations, for example.
Schlosser said that agencies such as the Pentagon ($5.5 billion allocation) and DHS ($600 million) will get the bulk of the $14 billion. The money will help these pivotal agencies guard against targeted attacks against critical infrastructure such as banking and energy utilities, as well as a continuing network monitoring service.
Data breach notification has also been a centerpiece of not only government-centric policy but also in the wake of 2014’s rash of major commercial data breaches, also on the consumer front.
In early January, President Obama proposed legislation mandating that breached companies notify affected customers within 30 days; the national law would eliminate the current mish-mash of state laws currently governing notification.
Along with the notification standard, the president also announced a consumer privacy bill of rights, which is expected to be unveiled this month. It will identify privacy principles that will provide enterprises the flexibility they need to still innovate, the White House said at the time.
He also announced pending legislation called the Student Digital Privacy Act designed to protect the personal information of school-aged children operating in large part inside of digital classrooms.