Agencies are told to tap existing budgets for cyberterrorism security
- By Christopher J. Dorobek
- Nov 23, 1998
At least for the coming year, agencies will have to use their own funds for
cyberterrorism security efforts, officials working on the Clinton administrations
critical infrastructure protection initiative said.
The word came just before 14 agencies were to submit vulnerability studies on Nov. 18.
Eight more agencies must submit similar studies in February.
The fiscal 1999 omnibus budget bill included $4.3 million for the FBIs National
Infrastructure Protection Center, which will create a warning system in case of a
cyberattack on any critical national system.
But Jeffrey Hunker, director of the Critical Infrastructure Assurance Office, said that
other funds for the administrations security effort will have to come from existing
budgets. He suggested that agencies coordinate with the Office of Management and Budget on
what funds to spend on critical infrastructure protection efforts.
Thomas Burke, assistant commissioner for information security at the General Services
Administrations Federal Technology Service, said the level of compliance with
Presidential Decision Directive 63 will vary among the participating agencies. The
directive established a series of organizations to work on the critical infrastructure
initiative and required participation by 22 agencies in setting protection plans.
Some agencies, such as the Energy Department, have nearly completed their plans. But
others are busy working on year 2000 efforts, and security issues have taken a back seat,
said Burke, who has been named GSAs critical infrastructure assurance officer.
Both Burke and Hunker said agencies should use the inventories done for date code
efforts to prepare the vulnerability reports.
The first step for any agency is assigning responsibility for IT security, Burke said.
Many agencies, such as GSA, are appointing critical infrastructure assurance officers.
Others are working through their chief information officer organizations, he said.
CIAO and GSA are creating a team of security experts that will be available as agencies
develop their cyberterrorism plans. GSA is also working with Booz, Allen & Hamilton
Inc. of McLean, Va. to help agencies develop their plans, Burke said.