As the need for cybersecurity comes into focus, agencies hope money will follow

As the need for cybersecurity comes into focus, agencies hope money will follow

By Christopher J. Dorobek

GCN Staff

As agencies move beyond year 2000 fixes to focus on cybersecurity, information technology executives hope one lesson learned is that the government should put money where the pronouncements are.

Only months after the year 2000 success, some security experts say they wonder whether the same kind of effort will be directed at cybersecurity.

In a recent survey of IT executives conducted by the Information Technology Association of America of Arlington, Va., chief information officers said they do not have the resources in their base budgets to tackle critical infrastructure security with the speed needed.

The IT security matter is different from the year 2000 problem'it does not have a deadline, officials note, but is instead a concern that will plague IT users for some time.

State Department CIO Fernando Burbano said the denial-of-service attacks against prominent Web sites have underscored the necessity of cybersecurity and convinced senior management that the matter is important.

The attacks were followed by the Environmental Protection Agency's decision to shut down its Web site temporarily because of security concerns.

But many agency executives stress that for a cybersecurity effort to be effective it must be backed by money.

The key to the success of year 2000 preparations was the emergency spending that let many agencies meet the deadline, Burbano said.

'Without the year 2000 supplemental, a lot of agencies would have been in trouble,' Burbano said recently at a luncheon sponsored by the Association for Federal Information Resources Management.

'Management authority is definitely there,' he said. 'It's funding the costs. That's the key.'

Many agencies are working on electronic government initiatives, and some experts suggest that security will become critically important to them.

One task facing agencies is to make security a management issue so it becomes part of system development rather than an afterthought, said James V. Edwards, director of technology integration service at the Veterans Affairs Department's Office of Information and Technology.

The CIO Council is working with Rep. Steve Horn (R-Calif.), chairman of the Government Reform Subcommittee on Government Management, Information and Technology, on a framework that would let Congress monitor agency progress, much as Horn did with his year 2000 report cards.

Czar power

The ITAA survey shows that CIOs favor the appointment of a cybersecurity czar'a role similar to the one played by John A. Koskinen for the year 2000 problem' because they believe that would help focus attention and money on the issue.

There is concern, however, that the structure of government is not well-suited to dealing with cybersecurity because the problems cut across many organizations.

The Senate leadership, for example, is debating a proposal by Sen. Robert F. Bennett (R-Utah), chairman of the Senate Special Committee on the Year 2000 Technology Problem, to form an IT committee that would look at technology matters more broadly, as was done with the year 2000 problem.

But some committee's chairmen raised concerns that such a move would encroach on their committees' jurisdictions. Some IT executives suggested security funding could get lost in such a turf war.

inside gcn

  • cyber hygiene (Lucky Business/Shutterstock.com)

    Cleaning up cyber hygiene

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group