“America’s economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property. Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas.”
Five Things to Know: The Administration's Priorities on Cybersecurity
- Protecting the country's critical infrastructure — our most important information systems — from cyber threats.
- Improving our ability to identify and report cyber incidents so that we can respond in a timely manner.
- Engaging with international partners to promote internet freedom and build support for an open, interoperable, secure, and reliable cyberspace.
- Securing federal networks by setting clear security targets and holding agencies accountable for meeting those targets.
- Shaping a cyber-savvy workforce and moving beyond passwords in partnership with the private sector.
Cyberspace touches nearly every part of our daily lives. It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. It's the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history. We must secure our cyberspace to ensure that we can continue to grow the nation’s economy and protect our way of life.
The Administration is employing the following principles in its approach to strengthen cybersecurity:
- Whole-of-government approach
- Network defense first
- Protection of privacy and civil liberties
- Public-private collaboration
- International cooperation and engagement
On February 12, 2013, President Obama signed Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” Read more about Executive Order 13636.
Protect Critical Infrastructure
The government must work collaboratively with critical infrastructure owners and operators to protect our nation’s most sensitive infrastructure from cybersecurity threats. Specifically, we are working with industry to increase the sharing of actionable threat information and warnings between the private sector and the U.S. Government and to spread industry-led cybersecurity standards and best practices to the most vulnerable critical infrastructure companies and assets.
- The Administration issued E.O. 13636, Improving Critical Infrastructure Cybersecurity, in 2013
- The Administration launched a follow-on Cybersecurity Framework, a guide developed collaboratively with the private sector for private industry to enhance their cybersecurity, in 2014
Improve Incident Reporting and Response
We must enhance our ability to detect and characterize cyber incidents, share information about them, and respond in a timely manner. These efforts encompass network defense, law enforcement, and intelligence collection initiatives, so we can better understand our potential adversaries in cyberspace.
- Awareness of a cyber threat or incident – and quickly acting on that information -- are critical prerequisites to effective incident response. As directed in E.O. 13636, the U.S. Government has developed systems and procedures to increase the timeliness and quality of cyber threat information shared with at-risk private sector entities. We are placing great emphasis on unity of effort by agencies with a domestic response mission
Because cyberspace crosses every international boundary, we must engage with our international partners. We will work to create incentives for, and build consensus around, an international environment where states recognize the value of an open, interoperable, secure, and reliable cyberspace. We will oppose efforts to restrict internet freedoms, eliminate the multi-stakeholder approach to internet governance, or impose political and bureaucratic layers unable to keep up with the speed of technological change. An open, transparent, secure, and stable cyberspace is critical to the success of the global economy.
We are continuing to pursue the policy objectives laid out in the U.S. International Strategy for Cyberspace including:
- Developing international norms of behavior in cyberspace
- Promoting collaboration in cybercrime investigations (Mutual Legal Assistance Treaty modernization)
- International cybersecurity capacity building
Secure Federal Networks
We must improve the security of all federal networks by setting clear targets for agencies and then hold them accountable to achieve those targets. We are also deploying improved technology to enable more rapid discovery of and response to threats to federal data, systems, and networks.
- The Cybersecurity Cross Agency Priority (CAP) Goal represents the Administration's highest cybersecurity priorities for securing unclassified federal networks.
Shape the Future Cyber Environment
We are also looking to the future. We are working to develop a cyber-savvy workforce and ultimately to make cyberspace inherently more secure. We will prioritize research, development, and technology transition and harness private sector innovation while ensuring our activities continue to respect the privacy, civil liberties and rights of everyone.
- The federal government is partnering with the private sector and academia to encourage and support the innovation needed to make cyberspace inherently more secure.
Cybersecurity Policies and Initiatives
- Presidential Policy Directive 28 (PPD-28) "Signals Intelligence Activities," 2014
- Executive Order (E.o.) 13636 "Improving Critical Infrastructure Cybersecurity," 2013
- Presidential Policy Directive 21 (PPD-21) "Critical Infrastructure Security and Resilience," 2013
- Presidential Policy Directive 8 (PPD-8) "Structural Reformts to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information," 2011
- Cyberspace Policy Review, 2009
From the BlogSee All
- September 19, 2014
- August 20, 2014
- July 02, 2014
From the PressroomSee All
- March 26, 2014
- February 12, 2014
- February 12, 2014
- National Security Strategy, 2010
- National Strategy for Information Sharing and Safeguarding, 2012
- International Strategy for Cyberspace, 2011
- Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity R&D Program, 2011
- National Strategy for Trusted Identities in Cyberspace, 2011
- NIST Cybersecurity Framework, 2013
- DoD Strategy for Operating in Cyberspace, 2011
- DHS Blueprint for a Secure Cyber Future, 2011
- The National Initiative for Cybersecurity Education