Justice official says agencies spend way too little on systems security

Justice official says agencies spend way too little on systems security

By Christopher J. Dorobek

GCN Staff

DALLAS'The government must spend more money on security if it expects to protect its critical infrastructures, a senior Justice Department official said recently.

Most organizations, including federal agencies, should be spending 10 to 15 percent of their total information technology budget on security, said Scott Charney, chief of the Computer Crime and Intellectual Property Section for Justice's Criminal Division. But most organizations are barely spending 1 or 2 percent, he said.

'We have to get to policy and budget people so they expend funds on security,' Charney said at the Federation of Government Information Processing Council's Management of Change Conference. 'We have to start thinking of security as an integral process.'

'People at the top ' don't understand this stuff at all,' he said.

Agencies need to improve basic security implementation, policies and procedures, Charney said. That includes social engineering and training agency personnel. He said crackers can gain access to an organization's network by merely calling employees portraying an official and asking for the employee's password.

Agencies must ensure they have separate systems for their public-access networks and their internal networks, Charney said.

Agencies must encrypt their sensitive data, he said, and establish some kind of public-key infrastructure.

Obvious target

The government has been the target of many coordinated attacks recently. Charney said the frequency is not diminishing the significance of the individual attacks. 'I'm not sure they're getting blase. They're overwhelmed,' he said.

Many senior executives are realizing such hacks are inherent in public Web sites, he said. The accessibility of data online only serves to make security more difficult and more important, Charney said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.