Condon: Agencies lack understanding of security directive
- By Frank Tiboni
- Sep 28, 1998
VIRGINIA BEACH, Va.Presidential Decision Directive 63 is playing up the
importance of computer security, systems officials said this month at the Interagency
Resources Management and Chief Information Officers Council Conference.
But systems managers must do more to increase awareness and offer training in computer
security, said Mary Ellen Condon, the Justice Departments director of information
management and security staff, and a member of the CIO Councils Security Committee.
Employees say they need more guidance on PDD 63, Condon said. We have
to figure out how to reach out to them.
Issued in May, the directive requires federal agencies to develop security plans for
protecting the nations critical infrastructures. Agencies must submit their plans by
Employees who attended a security session at the conference questioned whether the
presidential directive affects only those agencies running highly sensitive systems.
Condon was precise in her answer: No. PDD 63 is across all government.
In his directive, the president ordered all agencies to appoint chief information
assurance officers. The CIAOs must ensure that the governments systems are not
vulnerable to physical attack or cyberattack.
The directive also established the position of a national security coordinator. The
national coordinator will run the Critical Infrastructure Assurance Office at the Commerce
Department and oversee development of a national infrastructure security plan. The office
also will help coordinate legislative issues and a national education and awareness
program, Condon said.
Meanwhile, the National Infrastructure Protection Center at the FBI will receive
support from the Secret Service, intelligence agencies, the private sector and the
departments of Energy and Transportation, Condon said.
Employees can learn more about the directive on a CIAO Web site at http://www.ciao.gov.
The site provides information and helpful tips, Condon said.
The General Services Administration also will hold a PDD 63 information session on Oct.
13 in the GSA auditorium, she said.
Computer security continues to be a troublesome issue for agencies, Condon said. She
noted that the Federal Computer Incident Response Capability handled 400 computer threats
between October and April.
FedCIRC attributes the rising number of reports it receives to agencies linking more
systems and to more agencies using intrusion detection tools to identify system breaches,
Additionally, more agencies recognize the value of sharing incident information, she