Security funding foiled by politics
- By Dan Verton, Judi Hasson
- Jul 31, 2000
The Clinton administration is urgently seeking a 15 percent increase in
funding for critical infrastructure protection initiatives in its fiscal
2001 budget, but its request is being blocked by election-year politics
and partisan paralysis, according to experts.
A panel of security experts at the Cyber Security Planning Summit sponsored
by Carnegie Mellon University last week complained that Congress lacks a
basic understanding of the cyberthreat facing the nation. Some experts went
as far as to say that the Republican-dominated Congress has refused the
money in order to rob presidential candidate Vice President Al Gore of any
political capital that could be gained from the programs.
In an unpublished report obtained by FCW that was dated May 18 and delivered
to Congress, the Office of Management and Budget said the administration
and Congress must come up with new approaches to dealing with the threats.
"Without a holistic approach to program management and funding, we risk
underfunding these critical missions or poorly coordinating their various
facets," the report stated.
The report — the government's most comprehensive to date on critical
infrastructure initiatives — outlined the Clinton budget proposals. It included
$2 billion in critical infrastructure protection and cyber- crime initiatives.
It included $606 million for long-term research and development.
However, "that doesn't look like it's going to happen," said Terry Kelly,
senior national security officer at the White House Office of Science and
Technology. Kelly, who spoke last week at the summit in Pittsburgh, said
the administration faces a "congressional dilemma," because the process
of obtaining the funding needed for security programs is complicated by
the large number of congressional committees in Congress that "have to be
Kelly said that the "initial operational capability" to meet Presidential
Decision Directive 63, a 1998 order requiring agencies to to protect their
most critical information systems from cyber- and physical attacks, would
be in place by the end of this year. But Congress denied the administration
funding for initiatives that some say are key to the success of the directive.
Clinton's budget included $50 million for the establishment of an Institute
for Information Infrastructure Protection within the National Institute
of Standards and Technology. However, the Republican-led Congress killed
it earlier this year.
"Part of the problem is that the institute got caught up in election-year
politics," said William Mehuron, director of the Information Technology
Laboratory at NIST. "No one [in Congress] really wanted to give the current
administration something to wave around."
However, members of Congress say they are working to fund security.
Sen. Rick Santorum (R-Pa.) pledged $5 million for a new cybersecurity institute
during his keynote speech at the security summit. He also announced that
he succeeded in securing $15 million for a cybercorps educational program.
The House passed both measures as part of the fiscal 2001 Defense appropriations
John Tritak, director of the Critical Infrastructure Assurance Office,
said awareness of cyber- security issues is still a major problem. "What
brought us to the table in PDD 63 was a national security concern," he said.
"That doesn't necessarily translate well into a business case." Even if
agencies and industry could make a clear business case, "you could still
have the problem of a Congress that doesn't get this," Tritak said.