WASHINGTON (AP) - The federal government is relying on archaic computers systems to protect reams of critical data from cyberattacks, President Barack Obama warned Tuesday as he announced a new, centralized effort to boost cybersecurity.
Obama, asking Congress for $3.1 billion for cybersecurity, said some cyber infrastructure is downright ancient, with the Social Security Administration relying on systems from the 1960s, making them vulnerable to attacks.
"That's going to have to change," Obama said, flanked by top national security advisers in the Roosevelt Room. Thanks to the explosion of the Internet and widespread access to technology, he said, "We're going to have to play some catch-up."
Obama's comments came after the release Tuesday of his 2017 budget proposal, which unveiled a new high-level federal official to coordinate cybersecurity policy across civilian agencies and to work with military and intelligence counterparts. Obama is asking Congress for a $19-billion boost in cybersecurity funding across all government agencies - an increase of more than from 35 percent from last year.
Dubbed the "Cybersecurity National Action Plan," the effort is being touted by the White House as the "capstone" of seven years of often faltering attempts to build a cohesive, broad federal cybersecurity response. Obama said some problems could be fixed relatively quickly, but added he was directing his advisers to focus also on anticipating future threats so cybersecurity protections can adapt.
"I'm going to be holding their feet to the fire to make sure they execute on this in a timely fashion," Obama said.
Measures include more training for the private sector, emphasizing measures such as password and pin authentication to sign onto tax data and government benefits. The budget also proposes the government reduce the use of Social Security numbers for identification. None of the suggestions appeared groundbreaking or entirely novel. In fact, many were previously suggested in both government and think tank reports and even replications of previous efforts.
The tasking of a single high-level official with tracking down cyber intruders in federal government networks establishes a position long in place at companies in the private sector. The lack of such a government role has been especially notable after hackers stole the personal information of 21 million Americans, whose information was housed at the Office of Personnel Management. The U.S. believes the hack was a Chinese espionage operation.
Director of National Intelligence James Clapper warned lawmakers Tuesday during his annual assessment of top dangers facing the country that U.S. information systems are vulnerable to cyberattacks by foreign powers - specifically naming Russia, China, Iran and North Korea as the most potent threats.
The chief information security officer position is expected to be filled in 60 to 90 days, said Tony Scott, the U.S. chief information officer. The White House said that person will set and monitor performance goals for agencies. However, it remains to be seen whether the person will be vested with the authority to tackle such a critical role, said Jacob Olcott, a former congressional legal adviser on cybersecurity.