Board calls for more funding for security unit

NIST Computer Security Division

GAITHERSBURG, Md. -- If the United States is to keep up with the ever-growing number of security problems and pitfalls, the government's computer security experts must get more support than the fiscal 2004 budget provides, according to a federal advisory board.

Seven of 13 appropriations bills have stalled as Congress argues over a federal budget that is tight across the board, so the National Institute of Standards and Technology's Computer Security Division is not the only agency still awaiting final word on its fiscal 2004 money. But given the ramp-up in security concerns and awareness, it was a surprise to the Information Security and Privacy Advisory Board to learn that initial estimates of the division's base funding project a decrease from the current year.

The almost $10 million currently slated to go to the division in fiscal 2004 is down from almost $15 million in fiscal 2003. The hit appears even more significant once federal pay raises are taken into account, said Ed Roback, chief of the security division.

A reduction, Roback said, would force the division to slow down or delay projects, such as a certification program for vendors that perform security certification and accreditation so that agencies know they can trust the companies that are telling them to trust their networks.

Roback and others were speaking today at a meeting of the advisory board.

NIST supports not just federal security needs, but also companies, academia and the rest of the world, said Howard Schmidt, a member of the board, and chief information security officer at eBay. The division's standards -- such as the system classification and minimum-security requirement standards currently under development -- are often the basis for international standards efforts, he said.

"It's important for Congress to understand that they're cutting off the knees of the organizations that support everything," said Charisse Castagnoli, a member of the board and vice president for business and development at Layer N Networks. Wireless security, something that NIST and the world are just beginning to tackle, will definitely be affected by reduced capabilities at the division, she said.

The Computer Security Division's base funding doesn't even cover all the salaries for its staff, Roback said. The rest of the money for operating expenses comes from payments from agencies and other NIST divisions for security services, in addition to guidance and standards, he said. These services include the Computer Security Expert Assist Team (CSEAT), which evaluates agencies' networks and security controls.

Other board members expressed their concern that working with appropriators to increase the funding will be an even harder battle now than before. With the Office of Management and Budget saying that agencies are improving their security practices and Rep. Adam Putnam (R-Fla.) recently releasing a security report card that brings the governmentwide security score up from an F to a D, appropriators may incorrectly think that the division is doing fine with the money it has, said Rebecca Leng, deputy assistant inspector general for information technology and computer security at the Transportation Department.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.