OMB takes new tack on security budget requests

  • By Diane Frank
  • Mar 26, 2000

Related Links

Clinton draws line on security

Concerned about the lack of oversight for multiagency initiatives to secure

the nation's critical computer systems, the Office of Management and Budget

and the National Security Council have formalized a process for coordinating

requests for security funding.

President Clinton's recently released National Plan for Information

Systems Protection depends, to a large extent, on the ability of individual

agencies to collaborate on security initiatives. But for those initiatives

to work, each agency involved in the work must be able to obtain funding.

If Congress refuses to grant the funds for just one agency involved in the

program, the initiative is jeopardized.

OMB and the NSC, concerned that such problems could threaten any number

of the administration's critical infrastructure protection initiatives,

developed the new budget process to avoid such pitfalls.

The process requires agencies "to envision their requests in conjunction

with the requests of other agencies and how they add up to a total program,"

said Margaret Evans, chief of command, control, communications and intelligence

at OMB.

"Departments and agencies each develop their own budgets with their

own priorities, but there are equities that cut across all departments that

are important for the senior officials to look at...on a programmatic and

mission level," said an administration official.

Agencies begin the process by providing OMB with a list of proposed

projects that qualify as critical infrastructure protection initiatives,

as required by the Presidential Decision Directive 63. Because agencies

have had difficulty with this step in past years, OMB is providing them

with guidelines and definitions for deciding what programs qualify.

OMB organizes these reports into logical groupings and submits them

to a three-step review process:

n Interagency working groups, chaired by the NSC or the Office of Science

and Technology Policy, review the projects in a governmentwide context,

looking for any overlapping programs or gaps in the overall security requirements.

n Budget review groups, made up of agency program and budget staff and

OMB examiners, determine realistic cost estimates for each initiative.

n The main interagency group prioritizes the program budget requests

and sends its final report to the agencies involved so they can consider

the security programs in their budget development process.

The process often hits a snag before it really begins. OMB has found

that many agencies are finding it difficult to develop project-specific

details on their critical infrastructure protection programs because they

do not yet collect information on the details.

Convincing agencies to reveal information about their potential budget

requests before those requests have even been put into their own budgets

also is not the easiest of tasks, Evans said.

Additionally, the priorities set forth by the interagency group often

differ from that of individual agencies.

Projects identified as key by the group "are considered not core to

the central mission and they cannot successfully compete against what agencies

consider to be a more central element of their mission," Evans said.

"CIP is not necessarily a front-burner issue for everyone, but I think

this is helping people recognize it is an important issue," the official

said. "It's got to have a maturation period where people grow to understand

how important this is."

OMB expects agencies to factor the interagency group's decisions into

its budget decisions, Evans said. Should an agency decide not to include

in its budget submission a project the interagency working group deemed

important, OMB could still decide to require the agency fund that program,

she said.

While the formal review process ends when the administration sends its

budget requests to Capitol Hill, OMB and the NSC are not stopping there.

They recognize that the whole process could break down because Congress

does not have a similar cross-cutting process for reviewing security initiatives.

OMB and the NSC have held a series of meetings with Hill staff and committee

members to educate them on the need for this new viewpoint.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected