OMB offers dim view of security

The Office of Management and Budget's report on the first mandated agency security assessments supports the poor view of federal security outlined by auditors over the past few years, a top OMB official said Jan. 24.

The OMB report will be submitted to Congress next month with President Bush's fiscal 2003 budget.

Agency chief information officers and inspectors general in September submitted to OMB the first self-assessments required under the Government Information Security Reform Act of 2001.

OMB is required to provide a summary report to Congress, but this first set of reports revealed "nothing new," Glenn Schlarman, a senior security policy analyst at OMB, said at the General Services Administration's Securing Critical Federal Infrastructure conference.

Agencies spent about $3 billion on security out of the $45 billion spent on IT products across government, with 80 percent of agencies spending 1 percent to 3 percent of their budgets on security.

However, Schlarman said there is no way to tell if the agencies spending a higher percentage of their budgets on security are any more secure than those spending less.

The OMB assessments found that:

* Agency managers at all levels are not measuring the performance of security programs and systems.

* The security education and training in place at agencies is weak, making it hard to hold employees or managers accountable.

* Many technical problems still exist, including a lack of programs to apply security patches and a lack of organized incident handling and response.

Good components do exist within agencies, where a single office or group has a high level of security capability, but "one component can't save an entire agency," Schlarman said.

Featured

  • Federal 100 Awards
    Federal 100 logo

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

Stay Connected