SECURITY HEATS UP
SECURITY HEATS UP
- By William Jackson
- Nov 02, 2001
Homeland Security chief Ridge looks for continuity of efforts.
Experts say funding is the key to protecting infrastructure
Clarke to coordinate
Security plans moved to the front burner last month in Congress and at agencies throughout Washington, with systems security among the hottest topics.
At a Washington conference sponsored by the Computer Security Institute, Sen. Robert Bennett (R-Utah) said the challenge now is 'the same as it was with year 2000: convincing top management that it is a management problem, not a technical problem.
'In a declining economy with a shrinking budget surplus, companies and government may have to
go into debt to secure themselves. If we don't do the things we need to do, we may see another 5,000 people killed' by terrorists, Bennett said.
At a separate gathering of IT experts and congressional staff, several speakers said the new President's Critical Infrastructure Protection Board will not succeed without financial backing.
'Time and again the government has identified the problem and come up with totally inadequate resources,' said IT and telecommunications consultant Warren Suss at a gathering of congressional staff in Washington. 'It's going to be nothing but more talk' unless there is funding to strengthen the infrastructure.
Not that talk is all bad. 'It's a very powerful tool,' said Harris N. Miller, president of the Information Technology Association of America. 'It's the power to embarrass,' which Miller said John Koskinen exercised skillfully as the government's front man for year 2000 preparations.
John Spotila, chief operating officer and general counsel of GTSI Corp. of Chantilly, Va., said Koskinen's ability to persuade'without authority'state and local governments and companies to take year 2000 conversion seriously was 'a great success story. There is some history of getting industry and government to work together.'
Executive Order 13231, which established the infrastructure protection board on Oct. 18, kicked up the attention being paid to the issue. It came a week after President Bush named Richard A. Clarke his cybersecurity adviser. Clarke will chair the board, whose job is to coordinate government and private-sector security efforts. But agency heads will still have responsibility for their own security, and the Office of Management and Budget will continue to oversee governmentwide security policy.
The heads of 20 executive branch departments, agencies and offices will designate representatives to the board. The coordinating committee consists of John Tritak, director of the Commerce Department's Critical Infrastructure Assurance Office; James Flyzik, Treasury Department CIO and vice chairman of the Federal CIO Council; Joan Avalyn Dempsey, CIA deputy director for community management; Ronald Dick, director of the National Infrastructure Protection Center; Air Force Lt. Gen. Harry D. Raduege, manager of the National Communications System; and the information assurance director of the National Security Agency. There is no timetable for appointing the rest of the board, according to a White House spokesman.
Clarke reports to Homeland Security director Tom Ridge, who is charged with coordinating domestic defense efforts.
ITAA has advocated a cybersecurity czar for some time, Miller said, although Clarke has rejected use of the term.
'You need one throat to choke,' Miller said. 'We have some nits to pick, but they're not really worth talking about. We have a man in charge with the backing of the president. Now let's move forward with this.'
The president's continued backing will be crucial, said Spotila, former administrator of OMB's Office of Information and Regulatory Affairs. 'What we're seeing here is an evolution' from former President Clinton's Presidential Decision Directive 63, Spotila said, and the executive order 'ratchets it up in emphasis. It's not just a money problem, but it's important that there be adequate funding. And that historically has been a challenge.'Show us the money
Suss, president of Suss Consulting Inc. of Jenkintown, Pa., said government computer security has been an issue for more than a decade, 'and yet the government has not ponied up adequate resources.' He said cybersecurity and survivability would require redundant physical infrastructures and dedicated hardware security devices. 'There is no way to get it cheap,' he said.
The new board is a step in the right direction, but the government still needs trained IT workers, said Gail Hamilton, executive vice president of Symantec Corp. of Cupertino, Calif. She recommended expanding the Federal Cyber Service scholarship program.
William Jackson is freelance writer and the author of the CyberEye blog.