A group of federal technology managers last week said one of the biggest obstacles to making the government's computer systems more secure is lack of money and that Congress should fund security efforts in much the same way it funded the effort to fix federal computers for the Year 2000 problem.
Donald Hagerling, information systems security program manager for the Treasury Department, said federal leaders knew years in advance that they had to devote resources to the Year 2000 problem but reallocated money internally until budget decision-makers had realised that additional money from Congress was needed to upgrade agencies' computer systems.
"Right now, there is a willingness to take that same approach with security," he said. "The funding isn't there to do anything significant and probably isn't going to be there for another one or two years."
Hagerling was among a number of security experts from agencies such as Treasury and the FBI who were on a security panel sponsored by the Bethesda, Maryland chapter of the Armed Forces and Communications Electronics Association International, an organization that focuses on federal information technology.
Federal computers have suffered increasing cyberattacks from individuals and groups such as thrill-seeking teenagers and suspected state-sponsored terrorists. Hagerling described US computer infrastructures as "wide open to attack" for people who want "to impact our way of life."
Agencies may be forced to take money from other programs to fund information security efforts, according to panelists. William Hotop, chief of the FBI's information systems security unit, told FCW that FBI objectives for law enforcement require information security, and the agency has no choice but to find information security funds, whether through appropriations or reallocations. "If [the mandates] are funded or not, we still have to meet them," he said.
The Clinton administration continues to work to get funding for broad information security projects. In September, the administration proposed a US$39 million amendment to the fiscal 2000 budget to fund IT initiatives, including a proposed computer network for monitoring attempted intrusions into federal systems.
The network, called the Federal Intrusion Detection Network, would receive $8.4 million under the amendment, while $US16.9 million would go toward training, retaining and recruiting information security experts.
But one Senate staff member said that given the tight spending caps that resulted from a 1997 budget agreement between the president and Congress, some agencies may have a difficult time getting extra money to spend on information security technology.
The staff member said agencies that want more money to spend on technology will have to "trade off" the new appropriations by reducing their number of employees. "[Agencies] are not willing to consider the inevitable trade between people and technology," the staff member said.
Robert Guerra, an IT procurement consultant, said agencies and Congress will be resourceful in finding information security funds. "Somebody will find it. It's too important not to," he said.