Security shifting to enterprise

Incorporating and Funding Security in Information Systems Investments

New Office of Management and Budget requirements aimed at better showing how agencies are securing individual systems are also highlighting how security is changing as agencies focus more on the enterprise, Kamela White, an OMB policy analyst, said Feb. 19.

In the past two years, agencies have had to indicate the percentage of security funding included in the budget request for every information technology system. This reporting requirement for Exhibit 53, the portion of an agency's budget submission that details IT budget requests, is intended to get agencies to focus on including security in a system's planning.

Security funding across agencies has risen from $2.7 billion in fiscal 2002 to $4.2 billion in fiscal 2003. But some of that increase may simply be caused by agencies finally complying with the requirement, White said at the Digital Government Institute's Capital Planning and Control seminar in Washington, D.C.

"For the '03 budget, all agencies reported IT security costs for all their systems, and that was definitely not that case in '02," she said.

This demonstrates that the push to get agencies to develop enterprise architecture plans and complete capital planning and investment control processes is working, White said.

The focus on enterprise solutions, however, now includes enterprise security, including agencywide public-key infrastructures for transaction authentication. Such security investments are not tied to a particular system, making it hard to work them into the Exhibit 53 report, one agency official pointed out.

This enterprise issue came up several times during the evaluations of agencies' budget requests, White said.

Although OMB has not yet developed guidance, agencies should make sure to fully explain any such apparent discrepancies in their budget documentation, including any methods to prorate enterprise security into the requests for specific systems, she said.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.