Board calls for more funding for security unit

NIST Computer Security Division

GAITHERSBURG, Md. -- If the United States is to keep up with the ever-growing number of security problems and pitfalls, the government's computer security experts must get more support than the fiscal 2004 budget provides, according to a federal advisory board.

Seven of 13 appropriations bills have stalled as Congress argues over a federal budget that is tight across the board, so the National Institute of Standards and Technology's Computer Security Division is not the only agency still awaiting final word on its fiscal 2004 money. But given the ramp-up in security concerns and awareness, it was a surprise to the Information Security and Privacy Advisory Board to learn that initial estimates of the division's base funding project a decrease from the current year.

The almost $10 million currently slated to go to the division in fiscal 2004 is down from almost $15 million in fiscal 2003. The hit appears even more significant once federal pay raises are taken into account, said Ed Roback, chief of the security division.

A reduction, Roback said, would force the division to slow down or delay projects, such as a certification program for vendors that perform security certification and accreditation so that agencies know they can trust the companies that are telling them to trust their networks.

Roback and others were speaking today at a meeting of the advisory board.

NIST supports not just federal security needs, but also companies, academia and the rest of the world, said Howard Schmidt, a member of the board, and chief information security officer at eBay. The division's standards -- such as the system classification and minimum-security requirement standards currently under development -- are often the basis for international standards efforts, he said.

"It's important for Congress to understand that they're cutting off the knees of the organizations that support everything," said Charisse Castagnoli, a member of the board and vice president for business and development at Layer N Networks. Wireless security, something that NIST and the world are just beginning to tackle, will definitely be affected by reduced capabilities at the division, she said.

The Computer Security Division's base funding doesn't even cover all the salaries for its staff, Roback said. The rest of the money for operating expenses comes from payments from agencies and other NIST divisions for security services, in addition to guidance and standards, he said. These services include the Computer Security Expert Assist Team (CSEAT), which evaluates agencies' networks and security controls.

Other board members expressed their concern that working with appropriators to increase the funding will be an even harder battle now than before. With the Office of Management and Budget saying that agencies are improving their security practices and Rep. Adam Putnam (R-Fla.) recently releasing a security report card that brings the governmentwide security score up from an F to a D, appropriators may incorrectly think that the division is doing fine with the money it has, said Rebecca Leng, deputy assistant inspector general for information technology and computer security at the Transportation Department.

Featured

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected