DOT sees security short-changed

DOT information security site

The Transportation Department is working with the Bush administration to ensure that information security is not left behind as increasing amounts of money go to strengthen the other forms of security throughout the department, top information technology officials said Jan. 14.

DOT, and particularly the Federal Aviation Administration, received a good portion of the emergency supplemental funding made available by Congress to address homeland security after the Sept. 11 terrorist attacks. But despite numerous requests, none of that money has gone to information security needs, said Eugene Taylor, DOT's deputy chief information officer, at the Transportation Research Board's annual meeting in Washington, D.C.

The department has shifted a lot of resources within the chief information officer's budget to the security program for initiatives such as performing vulnerability analyses on all systems, establishing departmentwide standards, and creating a single incident response center, Taylor said.

Lisa Schlosser, the new associate CIO for information security, is taking advantage of the charter to create a Transportation Security Administration to move forward on several cybersecurity programs that the department and the administration can use, Taylor said.

This has meant slicing funding for programs that may end up getting into trouble later because of unexpected cuts, but that decision had to be weighed against getting into immediate trouble because of security shortcomings, he said.

DOT will ask again for money from the remaining supplemental funds, and "if we don't get emergency supplemental funding, we'll continue to bump along," Taylor said.

It does look as if increased information security funding will come in the fiscal 2003 budget request, which Bush will submit to Congress next month, he said. "So if we can get through the next nine months, then I think we can really do some good," he said.

The FAA, meanwhile, is meeting this week with Richard Clarke, the president's cyberspace security adviser, on a number of issues, and funding will be a major topic of the discussion, said Daniel Mehan, FAA's CIO.

The agency has more money for information security than even two years ago, enabling the CIO's Office to establish an around-the-clock computer security incident response center and to perform certification and accreditations on all new systems — but such efforts are still "sparsely funded," he said.

That means cutting back on FAA's ability to meet governmentwide requirements, such as being able to review groups of systems, rather than the required review for every system, Mehan said.