Security group seeks funding

Having lined up just three agency clients so far, the government's central security
incident center is searching for a finance plan that will let it stay on the job.

The Federal Computer Incident Response Capability (FedCIRC) began offering agencies
incident alert and security consulting services last November after receiving $2.8 million
in seed money from the Government Information Technology Services Board's Innovation Fund

The GITS Board cash advance gave FedCIRC a chance to prove that agencies would be
willing to pool their resources to meet individual security needs and satisfy mandatory
security planning and incident management requirements.

The National Institute of Standards and Technology manages FedCIRC, and the Energy
Department's Computer Incident Advisory Capability, and the Software Engineering
Institute's Computer Emergency Response Team supplies the technical expertise.

Yet so far, only the Customs Service, the General Services Administration's Federal
Supply Service and the Agriculture Department's National Finance Center have subscribed.
Marianne Swanson, FedCIRC's program manager, said the program's future hinges on devising
an new financing plan.

"What we need is a steady stream of funding. We have funding for operations
through March 1998," Swanson said. "If we get another funding mechanism, we can
provide a steady level of services, training and conferences. Then if people want
something more specific for on-site training or systems evaluations, we can do it for a

Swanson said FedCIRC has not drafted any new funding proposals. But Rep. Constance
Morella (R-Md.) has introduced legislation that would boost NIST's computer security
budget, and the National Computers Systems Security and Privacy Advisory Board has
recommended that NIST expand its security alert capabilities.

Despite the dearth of subscribers, Swanson said there is no lack of agencies needing
security advice. FedCIRC's latest activities report said the organization received 131 hot
line calls and e-mail requests for incident handling assistance.

Mail spamming and spoofing comprised most the of e-mail incidents. FedCIRC's report
said intrusion incidents ranged from stolen passwords and password files to attacks on
software vulnerabilities.

Swanson said that as more agencies establish Internet links and develop increasingly
sophisticated applications, users need more training and assistance.

"Agencies have to be aware of the threats on the Internet. There's a lot of
spamming and spoofing," Swanson said.

FedCIRC began one-day seminars on the hottest security topics last month, she said,
starting with World Wide Web security and current trends.

Swanson said FedCIRC's Web site also provides information about trends and security
resources. FedCIRC's information is accessible through NIST's security Web site at

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.