Task force to focus on common security

Officials from the Homeland Security Department and the Office of Management and Budget will lead an intra-agency task force on developing common solutions for cybersecurity. The task force is slated to begin meeting in March, said Karen Evans, OMB's administrator for e-government and information technology.

Cybersecurity is one of two new lines of business that Bush administration officials are adding to five similar cross-agency, cost-cutting initiatives.

"We think we're at kind of a plateau now" concerning some agencies' cybersecurity efforts, said an OMB official who spoke to reporters during a budget briefing on condition of anonymity. As of fiscal 2004, 77 percent of agency IT systems met security guidelines. Bush administration officials want to push that number to 90 percent by the end of this fiscal year.

Preliminary analysis shows that up to 40 percent of the more than $4 billion the government spends annually on IT security systems is for tasks with common processes, the official said. That leaves room for potentially significant savings by discovering a common cross-agency solution, the official said.

"There's a lot of similar administrative functions ... that are replicated, duplicated across every agency," the official added. Task force members will have the independence to refute a common solutions approach, the official said. Although OMB officials believe a common solution exists, possibly ranging from common service centers to maximizing the government's buying power, "we're not leading the witness," the official said.

Cross-agency solutions do not necessarily equal common service centers such as those that the financial and human resources management lines of business task forces created, Evans said. "The common solution may be that we'll agree to do things in this particular way," she said. "If it leads to consolidation of activities, that's yet to be determined."

The task force will also examine possible ways to better report agency compliance with the Federal Information Security Management Act, Evans added.

The information sharing line of business focuses on execution of an executive order that requires the widest possible dissemination of counterterrorism intelligence information across the federal government, Evans said.

A move toward a common information sharing solution does not make information sharing a line of business, the OMB official said. Rather, the underlying methodology used to create cross-agency cooperation makes it a line of business, the official said.

OMB officials have a parallel information sharing effort in the data reference model portion of the federal enterprise architecture. The data reference model is a considerably more complicated undertaking, a second OMB official said. Counterterrorism information, although vitally important, represents a small fraction of the total information the government collects. Under ideal conditions, government officials would have the luxury of first crafting an information sharing model for the entire government and then applying it to intelligence community specifics, the second official said.

Instead, officials leading the information sharing line of business aim to coordinate intelligence community information sharing architectures with federal enterprise architecture efforts, Evans said. "What we're doing is working with [the intelligence community] on their models to bring it in to the overall" federal enterprise architecture, she added.