Where's the money?

It's a story federal information technology managers are all too familiar with: Congress mandates that they must secure their networks from cyberattacks, but fails to appropriate the money needed to properly safeguard systems.

The latest story of shortfalls in IT security spending — and this one is especially troubling — comes from the National Nuclear Security Administration (NNSA). This Energy Department agency was formed in 2000 to manage programs in nuclear weapons, nuclear nonproliferation and naval reactors. Its mission represents "the most significant information and physical security challenge in the nation, if not the world," according to a former information assurance expert at the National Security Agency.

With that kind of security risk, the nation should expect the agency to have the necessary funding to properly secure its IT systems. It doesn't. Of the $72 million NNSA has requested from Congress for cybersecurity for fiscal 2003, the agency expects to get only $66 million, according to a DOE official. The official, however, says the agency needs an additional $30 million — almost 50 percent more — to do the job right.

Security experts say NNSA's situation is not unique; it occurs at agencies across the government and private sector. Information systems that support the foundations of the economy are at high risk, and despite the events of Sept. 11, 2001, they remain so.

However, not all the news is bad. Last month, the Defense Department issued its first-ever wireless security policy, which officials hope will prevent unauthorized users from gaining access to classified information. DOD officials view the increasing use of wireless devices and networks as a potential security threat and are taking progressive steps to secure them.

Congress should do the same before a cyber disaster occurs. Cybersecurity may not have the same sizzle as physical security in that you can't see a firewall or a public-key infrastructure, but Americans can get burned just the same.



  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.