Security funding foiled by politics

The Clinton administration is urgently seeking a 15 percent increase in

funding for critical infrastructure protection initiatives in its fiscal

2001 budget, but its request is being blocked by election-year politics

and partisan paralysis, according to experts.

A panel of security experts at the Cyber Security Planning Summit sponsored

by Carnegie Mellon University last week complained that Congress lacks a

basic understanding of the cyberthreat facing the nation. Some experts went

as far as to say that the Republican-dominated Congress has refused the

money in order to rob presidential candidate Vice President Al Gore of any

political capital that could be gained from the programs.

In an unpublished report obtained by FCW that was dated May 18 and delivered

to Congress, the Office of Management and Budget said the administration

and Congress must come up with new approaches to dealing with the threats.

"Without a holistic approach to program management and funding, we risk

underfunding these critical missions or poorly coordinating their various

facets," the report stated.

The report — the government's most comprehensive to date on critical

infrastructure initiatives — outlined the Clinton budget proposals. It included

$2 billion in critical infrastructure protection and cyber- crime initiatives.

It included $606 million for long-term research and development.

However, "that doesn't look like it's going to happen," said Terry Kelly,

senior national security officer at the White House Office of Science and

Technology. Kelly, who spoke last week at the summit in Pittsburgh, said

the administration faces a "congressional dilemma," because the process

of obtaining the funding needed for security programs is complicated by

the large number of congressional committees in Congress that "have to be

convinced."

Kelly said that the "initial operational capability" to meet Presidential

Decision Directive 63, a 1998 order requiring agencies to to protect their

most critical information systems from cyber- and physical attacks, would

be in place by the end of this year. But Congress denied the administration

funding for initiatives that some say are key to the success of the directive.

Clinton's budget included $50 million for the establishment of an Institute

for Information Infrastructure Protection within the National Institute

of Standards and Technology. However, the Republican-led Congress killed

it earlier this year.

"Part of the problem is that the institute got caught up in election-year

politics," said William Mehuron, director of the Information Technology

Laboratory at NIST. "No one [in Congress] really wanted to give the current

administration something to wave around."

However, members of Congress say they are working to fund security.

Sen. Rick Santorum (R-Pa.) pledged $5 million for a new cybersecurity institute

during his keynote speech at the security summit. He also announced that

he succeeded in securing $15 million for a cybercorps educational program.

The House passed both measures as part of the fiscal 2001 Defense appropriations

bill.

John Tritak, director of the Critical Infrastructure Assurance Office,

said awareness of cyber- security issues is still a major problem. "What

brought us to the table in PDD 63 was a national security concern," he said.

"That doesn't necessarily translate well into a business case." Even if

agencies and industry could make a clear business case, "you could still

have the problem of a Congress that doesn't get this," Tritak said.