White House Proposes New Cybersecurity Plan


White House officials plan to enact a range of initiatives this year that they believe will strengthen computer networks against cyberattacks, but part of the proposal--a big increase in federal spending--could hit a wall because it relies on congressional approval.

Obama administration officials are instituting what they call a cybersecurity national action plan, which would create a federal chief information security officer, establish a new commission that looks for ways to protect computer networks, and increase coordination between federal officials who focus on privacy issues.

They will also look to overhaul outdated computer systems that officials believe are too easy for hackers to penetrate to steal information.

The plan would include an expansion of training and recruiting for federal jobs that focus on cybersecurity, as well as an education-loan forgiveness program for people who remain in certain posts.

Some parts of the plan can be implemented unilaterally, but the White House is seeking a 35% increase in the cybersecurity budget to secure $19 billion in funding for many of these programs next year.

Roughly $3 billion of that amount would go toward an information technology modernization fund, which would update the computer systems used by federal agencies that are most susceptible to attacks.

The money would be used in the fiscal year that begins Oct. 1 and runs through Sept. 30, 2017. President Barack Obama won't be in office for most of that time, and Congress could be reluctant to authorize a lot of new funding for a period that falls mostly beyond his tenure.

Republicans have already signaled that they are not going to consider many parts of the White House's budget request this year, dimming the chances of any new cybersecurity funding being approved.

Hackers have stolen information from the U.S. government, businesses and consumers in recent years using a variety of tactics, outmaneuvering numerous programs meant to rebuff attacks.

Some of these breaches have proved embarrassing and potentially problematic, including the theft of more than 20 million personnel records last year from the Office of Personnel Management. This week, the Justice Department acknowledged that a breach to its network allowed someone to steal and then publish the contact information of 20,000 Federal Bureau of Investigation employees.

For more than a decade, the federal government has tried to overhaul its computer security system to combat such threats, but the process has been slow, expensive and sometimes insufficient to stop sophisticated intrusions and occasionally lone-wolf hackers. Obama administration officials said a new plan was necessary to better coordinate efforts across the federal government, particularly given the rising number of threats.

"The cyberthreat continues to outpace our current efforts," Michael Daniel, the White House's cybersecurity coordinator, told reporters on a conference call.

Many federal jobs and agencies already have responsibility for protecting government networks. Mr. Daniel works closely with Tony Scott, the White House's chief information officer. The Department of Homeland Security is designated the primary agency responsible for coordinating with the public and safeguarding federal civilian agencies from breaches, and the Pentagon and National Security Agency have numerous initiatives in place to protect their networks from attacks.

Despite this, hackers still manage to break in, often through email scams that trick federal employees into downloading malware.

Mr. Daniel said the White House's new action plan, once implemented, wouldn't prevent all future attacks but would reduce the number of successful breaches and improve the government's response.

Write to Damian Paletta at damian.paletta@wsj.com