Recognizing National Cyber Security Awareness Month – which takes place every October – couldn’t be more vital given the constant spate of data breaches we hear about day in and day out.
National Cyber Security Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber event, according to the U.S. Department of Homeland Security.
Given the significance of this month, let’s take a look back at President Obama’s initiatives surrounding cybersecurity and the ways in which the government is focusing on securing the sensitive information for individuals, organizations and countries around the world.
Back in February of 2013, President Obama signed Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which was designed to increase the level of core capabilities for the U.S.’s critical infrastructure to manage cyber risk. Three areas the executive order focused on included information sharing, privacy and the adoption of cybersecurity practices.
“I signed an Executive Order directing the administration to take steps to improve information sharing with the private sector, raise the level of cybersecurity across our critical infrastructure, and enhance privacy and civil liberties,” President Obama said.
NIST Cybersecurity Framework
The executive order signed in February 2013 also tasked the National Institute of Standards and Technology – the federal technology agency that works with industry to develop and apply technology, measurements and standards – to work with the private sector to identify existing voluntary consensus standards and industry best practices and build them into a cybersecurity framework, which was announced one year later in February 2014.
The framework helps organizations to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment, and establish a plan for improving or maintaining their cybersecurity. In addition, the framework offers a methodology to protect privacy and civil liberties to help organizations incorporate those protections into a comprehensive cybersecurity program.
It’s important to note that the NIST cybersecurity framework is viewed as a living document, meaning it will need to be updated to keep pace with changes in technology, threats and other factors, and to incorporate lessons learned from its use.
Cyber Executive Action in 2015
President Obama’s focus on cybersecurity has continued in 2015 with two additional executive orders. In February, an executive order was signed to encourage and promote cybersecurity threat information sharing within the private sector and between the private sector and government.
That executive order laid out a framework for expanded information sharing designed to help companies work together – and with the federal government – to quickly identify and protect against cyberthreats.
And in April, President Obama issued an executive order which creates a new, targeted authority for the U.S. government to better respond to the most significant of these threats, particularly in situations where malicious cyber actors may operate beyond the reach of existing authorities.
In addition, the executive order:
- Declares a national emergency with respect to the unusual and extraordinary threat to the national security, foreign policy and economy of the U.S. posed by the increasing prevalence and severity of malicious cyber-enabled activities; and
- Authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on individuals or entities that engage in significant malicious cyber-enabled activities that are “reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the U.S.”
For more on National Cybersecurity Awareness Month 2015, click here to read , How to Be Prepared for a Cyber Attack, Key Stats on Cybersecurity, and Which Countries Are Hacking the Most.