WASHINGTON >> The federal government is relying on archaic computer systems to protect reams of critical data from cyberattacks, President Barack Obama warned Tuesday as he announced a new, centralized effort to boost cybersecurity.
Obama, asking Congress for $3.1 billion for cybersecurity, said some cyber infrastructure is downright ancient, with the Social Security Administration relying on systems from the 1960s, making them vulnerable to attacks.
"That's going to have to change," Obama said, flanked by top national security advisers in the Roosevelt Room. Thanks to the explosion of the Internet and widespread access to technology, he said, "We're going to have to play some catch-up."
Obama's comments came after the release Tuesday of his 2017 budget proposal, which unveiled a new high-level federal official to coordinate cybersecurity policy across civilian agencies and to work with military and intelligence counterparts. Obama is asking Congress for a $19-billion boost in cybersecurity funding across all government agencies — an increase of more than from 35 percent from last year.
Dubbed the "Cybersecurity National Action Plan," the effort is being touted by the White House as the "capstone" of seven years of often faltering attempts to build a cohesive, broad federal cybersecurity response. Obama said some problems could be fixed relatively quickly, but added he was directing his advisers to focus also on anticipating future threats so that cybersecurity protections can adapt.
"I'm going to be holding their feet to the fire to make sure they execute on this in a timely fashion," Obama said.
Measures include more training for the private sector, emphasizing measures such as password and pin authentication to sign onto tax data and government benefits. The budget also proposes that the government reduce the use of Social Security numbers for identification. None of the suggestions appeared groundbreaking or entirely novel. In fact, many were previously suggested in both government and think tank reports and even replications of previous efforts.
"Not to be overly critical, but my initial reaction was a lot of this stuff is not new, and in fact they point to things as if to say... 'We've got to do this,' and private industry is already doing it," said Randy Sabett, a former National Security Agency crypto-engineer. Sabett worked on a think tank commission that provided advice to Obama's presidency on cybersecurity in 2008. "Tying all these pieces together again to me goes back to that leadership component of the administration. The window dressing is there, now what's behind the curtains."
The tasking of a single high-level official with tracking down cyber intruders in federal government networks establishes a position long in place at companies in the private sector. The lack of such a government role has been especially notable after hackers stole the personal information of 21 million Americans.