WASHINGTON (07/31/2000) - The Clinton administration is urgently seeking a 15 percent increase in funding for critical infrastructure protection initiatives in its fiscal 2001 budget, but its request is being blocked by election-year politics and partisan paralysis, according to experts.
A panel of security experts at the Cyber Security Planning Summit sponsored by Carnegie Mellon University last week complained that Congress lacks a basic understanding of the cyberthreat facing the nation. Some experts went as far as to say that the Republican-dominated Congress has refused the money in order to rob presidential candidate Vice President Al Gore of any political capital that could be gained from the programs.
In an unpublished report obtained by FCW that was dated May 18 and delivered to Congress, the Office of Management and Budget said the administration and Congress must come up with new approaches to dealing with the threats.
"Without a holistic approach to program management and funding, we risk underfunding these critical missions or poorly coordinating their various facets," the report stated.
The report - the government's most comprehensive to date on critical infrastructure initiatives - outlined the Clinton budget proposals. It included $2 billion in critical infrastructure protection and cyber- crime initiatives.
It included $606 million for long-term research and development.
However, "that doesn't look like it's going to happen," said Terry Kelly, senior national security officer at the White House Office of Science and Technology. Kelly, who spoke last week at the summit in Pittsburgh, said the administration faces a "congressional dilemma," because the process of obtaining the funding needed for security programs is complicated by the large number of congressional committees in Congress that "have to be convinced."
Kelly said that the "initial operational capability" to meet Presidential Decision Directive 63, a 1998 order requiring agencies to to protect their most critical information systems from cyber- and physical attacks, would be in place by the end of this year. But Congress denied the administration funding for initiatives that some say are key to the success of the directive.
Clinton's budget included $50 million for the establishment of an Institute for Information Infrastructure Protection within the National Institute of Standards and Technology. However, the Republican-led Congress killed it earlier this year.
"Part of the problem is that the institute got caught up in election-year politics," said William Mehuron, director of the Information Technology Laboratory at NIST. "No one [in Congress] really wanted to give the current administration something to wave around."
However, members of Congress say they are working to fund security. Sen. Rick Santorum (R-Pa.) pledged $5 million for a new cybersecurity institute during his keynote speech at the security summit. He also announced that he succeeded in securing $15 million for a cybercorps educational program. The House passed both measures as part of the fiscal 2001 Defense appropriations bill.
John Tritak, director of the Critical Infrastructure Assurance Office, said awareness of cyber- security issues is still a major problem. "What brought us to the table in PDD 63 was a national security concern," he said. "That doesn't necessarily translate well into a business case." Even if agencies and industry could make a clear business case, "you could still have the problem of a Congress that doesn't get this," Tritak said.