Not just another report

The governmentwide information security report released last month by the Office of Management and Budget is the first serious effort to bring together the executive and legislative branches to solve the monumental job of securing federal systems, which, admittedly, have as many holes as Swiss cheese.

The report, required by the Government Information Security Reform Act of 2000, was refreshingly honest. Indeed, many federal systems have serious security weaknesses. But that wasn't the big news laid out in the GISRA report. Rather, the report now organizes secu.rity data into a matrix that the White House and Capitol Hill can use to pinpoint problems and work toward a solution.

The report should provide a blueprint for Congress, which, as a whole, has shown that it does not fully understand the shortcomings of federal information security and its consequences. It was just a few years ago, when compiling the Defense Department's fiscal 1999 budget, that the Senate Appropriations Committee nearly zeroed out DOD's $70 million budget to fight information warfare and replaced it with a $500,000 line item for software security research. The budget was later reinstated. Agencies have not been without fault, either. Many are just now putting in place security policies required by the 15-year-old Computer Security Act.

One of security's key problems was that it was one of the first budget items to be cut when agencies faced making financial trade-offs, and agencies have always had to make financial trade-offs. As a result, security has languished, and many did not see the benefit in educating themselves about the problems.

No more. Now Congress and agencies have the data to begin making real progress. OMB has already made security part of the funding process. Agencies must also include security in their performance metrics and as part of enterprise architecture plans. Such intense scru.tiny of security — making it part of the planning process from the beginning — is the only way agencies will begin to secure information systems.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected