Hill delivers ? some ? security funding
- By Diane Frank
- Nov 05, 2000
The Clinton administration received only about half of what it wanted for
many of its key governmentwide information security programs. Nevertheless,
many federal security officials are not grousing.
In fact, many are happy that Congress funded information security at
"We feel like this is manna from heaven," said Sallie McDonald, acting
director of the Office of Information Assurance and Critical Infrastructure
Protection at the General Services Administration. "It's amazing how your
perspective changes when you think you're not going to get anything."
GSA received $8 million to fund the Federal Computer Incident Response
Capability, which warns civilian agencies about cyberattacks and tracks
such attacks. GSA plans to use the money to enhance FedCIRC's offerings,
including developing a long-planned central analysis center to determine
patterns of cyberattacks across government. "We've had a very successful
program, but we haven't been able to put the resources behind it that it
needs, and now we can move forward," said McDonald, who also serves as the
deputy associate administrator of GSA's Information Systems Security Center.
This summer, the administration began to fear that Congress would not
fund any of its security programs. In many of the reports accompanying House
and Senate appropriations bills, the security programs highlighted by President
Clinton received no funding. In August, administration officials criticized
Congress for failing to fund the initiatives.
No security program received full funding, but some initiatives within
programs — such as the Scholarship for Service initiative, which is part
of the Federal Cyber Services training and education program — were fully
Security officials were pleased that many programs got any funding at
all, in particular the scholarship initiative, which will provide money
to students pursuing information security degrees in return for working
for the federal government upon graduation. "[The scholarship funding] indicates
that the concerns that some people had that no new programs would be funded
is not true," said John Tritak, director of the Critical Infrastructure
Assurance Office (CIAO). "Congress is considering things on their merits."
But the Office of Personnel Management received no money for this initiative,
meaning that the agency will only be able to support the scholarship program
in a limited capacity, according to an OPM official. Also, OPM did not receive
funding for the other initiatives under the Federal Cyber Services, including
training and certification for current federal security professionals.
"We are exploring options to continue getting the program moving, but
obviously we will be going slower," said Shirley Malia, Federal Cyber Services
program director at the CIAO. "We will be going back the second year when
we can show progress."
The Treasury Department also received only partial funding for governmentwide
public-key infrastructure initiatives to use digital certificates to authenticate
and authorize users. Most of the $3.5 million it received, which represents
half of what the administration asked for, will be used to start up the
Federal Bridge Certification Authority. This is the mechanism developed
by the Federal PKI Steering Committee to enable any agency to accept certificates
issued by any other agency.
The Commerce Department's National Institute of Standards and Technology,
which is in charge of several government-wide security initiatives, could
receive some money once the funding bill for the department is passed and
Included in the bill is $3 million for an Expert Review Team, which
will provide assistance to agencies developing critical infrastructure protection
plans under Presidential Decision Directive 63. The directive requires
agencies to protect systems supporting the nation's critical infrastructure.
NIST received no funding for the Institute for Information Infrastructure
Protection, which the administration intended to create to serve as a center
for critical infrastructure protection research and development grants that
would fill the gaps in government and commercial research.