Carrying a big stick

The punishment was more than a year in the making. Last February, the Office of Management and Budget warned agencies that it would withhold fiscal 2002 funding for any information technology system that didn't include information security in its architecture. That got agencies' attention — at least, momentarily — but soon other topics, such as the IT pay raise, the race for the presidency and the protracted Florida election results, pushed OMB's threat to the back burner.

That is, until OMB began reviewing agency budgets for 2002. Earlier this month, an OMB official indicated that funding would be halted for some systems under development, as well as some legacy systems, if they lacked sufficient security measures.

For agencies on the security hit list, all is not lost — at least not yet. Those with systems that don't comply have until President Bush submits his detailed budget in April to prove that the designs incorporate the required security safeguards.

But as Bush pushes to take even more government functions online, citizens must believe that their interactions are confidential and secure. That's no easy task, given recent media reports of computer hackers and identity thieves. In order to provide services, state, local and federal governments must gather and store personal information; in return, the public must believe that information is properly protected.

And therein lies the dilemma. Although we believe OMB is justified in tying funding to information security, we also realize that it takes considerable funding to maintain, update and replace existing IT systems. Meanwhile, the agencies still have a mandate to provide services at a time when the public demands online access to government resources.

Just how many agencies and systems are on OMB's security hit list remains to be seen. But once the list is out, OMB needs to do more than cut funding, kill noncompliant systems and send the agencies packing. Officials must also conduct an assessment to determine what it will take to bring those systems into compliance and, if necessary, ask lawmakers for more money.

When it comes to information security, there's no reason to cut fiscal corners.

Featured

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected