President Obama's Cybersecurity National Action Plan (CNAP), a comprehensive plan to address the nation's cybersecurity challenges through increased funding, a more robust cybersecurity workforce, and education initiatives, was announced on February 9, 2016. Highlights of CNAP include:

• Creating an Information Technology Modernization Fund: The President’s 2017 budget proposes a $3.1 billion fund which will enable the retirement, replacement, and modernization of legacy IT infrastructure, networks, and systems that are difficult to secure and expensive to maintain.
• Creating a Federal Chief Information Security Officer (CISO): The CISO will be responsible for driving cybersecurity policy, planning, and implementation across the federal government.
• Empowering individuals: The National Cybersecurity Awareness Campaign launched by the National Cyber Security Alliance (Alliance) is designed to educate individuals so that they can protect themselves in an increasingly digital world. The Alliance will partner with leading technology firms and financial services companies to make it easier for users to secure their online accounts and make transactions more secure.
• Investing in cybersecurity: The President’s fiscal year (FY) 2017 budget designates more than $19 billion to cybersecurity, a more than 35 percent increase from FY 2016 in overall federal resources for cybersecurity.
• Expanding the cybersecurity workforce: The President’s budget also calls for enhancing student loan forgiveness programs for cybersecurity experts who join the federal workforce and investing in cybersecurity education as part of the “Computer Science for All” initiative. The initiative is designed to give all students in the United States the chance to learn computer science in school.

A significant aspect of CNAP is the creation of a bipartisan federal Commission on Enhancing National Cybersecurity (Commission). The Commission, created by Executive Order on February 9, 2016, is to be comprised of “top strategic, business, and technical thinkers” and is tasked with “mak[ing] detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices.” The Executive Order requires the Commission to submit a final advisory report to the President by December 1, 2016. At a minimum, the report will include the Commission’s recommendations regarding:

• How best to bolster the protection of systems and data, including how to advance identity management, authentication, and cybersecurity of online identities;
• Ensuring that cybersecurity is a core element of Internet of Things and cloud computing technologies, and that the policy and legal foundation for cybersecurity in the context of the Internet of Things is stable and adaptable;
• Further investments in research and development initiatives that can enhance cybersecurity;
• Increasing the quality, quantity, and level of expertise of the cybersecurity workforce in the federal government and private sector, including through education and training;
• Improving broad-based education of commonsense cybersecurity practices for the general public; and
• Any other issues that the President requests the Commission to consider.

President Obama has selected former national security advisor Thomas E. Donilon to serve as chairman of the Commission. Samuel J. Palmisano, formerly IBM’s CEO, will serve as vice-chairman of the Commission.