Board calls for more funding for security unit

NIST Computer Security Division

GAITHERSBURG, Md. -- If the United States is to keep up with the ever-growing number of security problems and pitfalls, the government's computer security experts must get more support than the fiscal 2004 budget provides, according to a federal advisory board.

Seven of 13 appropriations bills have stalled as Congress argues over a federal budget that is tight across the board, so the National Institute of Standards and Technology's Computer Security Division is not the only agency still awaiting final word on its fiscal 2004 money. But given the ramp-up in security concerns and awareness, it was a surprise to the Information Security and Privacy Advisory Board to learn that initial estimates of the division's base funding project a decrease from the current year.

The almost $10 million currently slated to go to the division in fiscal 2004 is down from almost $15 million in fiscal 2003. The hit appears even more significant once federal pay raises are taken into account, said Ed Roback, chief of the security division.

A reduction, Roback said, would force the division to slow down or delay projects, such as a certification program for vendors that perform security certification and accreditation so that agencies know they can trust the companies that are telling them to trust their networks.

Roback and others were speaking today at a meeting of the advisory board.

NIST supports not just federal security needs, but also companies, academia and the rest of the world, said Howard Schmidt, a member of the board, and chief information security officer at eBay. The division's standards -- such as the system classification and minimum-security requirement standards currently under development -- are often the basis for international standards efforts, he said.

"It's important for Congress to understand that they're cutting off the knees of the organizations that support everything," said Charisse Castagnoli, a member of the board and vice president for business and development at Layer N Networks. Wireless security, something that NIST and the world are just beginning to tackle, will definitely be affected by reduced capabilities at the division, she said.

The Computer Security Division's base funding doesn't even cover all the salaries for its staff, Roback said. The rest of the money for operating expenses comes from payments from agencies and other NIST divisions for security services, in addition to guidance and standards, he said. These services include the Computer Security Expert Assist Team (CSEAT), which evaluates agencies' networks and security controls.

Other board members expressed their concern that working with appropriators to increase the funding will be an even harder battle now than before. With the Office of Management and Budget saying that agencies are improving their security practices and Rep. Adam Putnam (R-Fla.) recently releasing a security report card that brings the governmentwide security score up from an F to a D, appropriators may incorrectly think that the division is doing fine with the money it has, said Rebecca Leng, deputy assistant inspector general for information technology and computer security at the Transportation Department.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.