WASHINGTON (07/18/2000) - The White House Monday called for Congress to "pick up the pace" on funding information security initiatives within government in the fiscal 2001 budget, while putting forward legislation to help law enforcement track and prosecute cybercriminals.
In a speech at the National Press Club, White House Chief of Staff John Podesta criticized congressional appropriators for not funding the security initiatives proposed by President Clinton in January in the National Plan for Information Systems Protection.
"Good security needs to be updated constantly, and it costs money," Podesta said.
In the plan and the fiscal 2001 budget, Clinton proposed more than US$90 million for several new cybersecurity initiatives, including the Federal Intrusion Detection Network (FIDNet), which would monitor federal systems for cyberattacks; the security research and development Institute for Information Infrastructure Protection, the Federal Cyber Service training and recruitment program; and the Expert Review Team to help federal agencies review their security plans.
Each of those initiatives is under a different agency and in a different appropriations bill. So far, none of them have made it through the appropriations committees.
"Unfortunately, to date, the Congress still refuses to appropriate one dime to put these initiatives in place," Podesta said. "It's time they picked up the pace and provided the protections that are essential to America's cybersecurity."
Podesta also unveiled four new pieces of legislation that Clinton will send to Congress to expand on bills already going through committees. Key points of the legislation include:
* Amending hardware-specific wiretap statutes to apply equal standards to both hardware and software surveillance.
* Equalizing the legal standards that apply to law enforcement's access to e-mails, telephone calls and cable services * Updating the "trap and trace" laws that allow law enforcement to track the path of cybercriminals on the Internet.
* Updating the Computer Fraud and Abuse Act to treat multiple small attacks as a single attack and eliminate mandatory jail time for less-serious attacks.
The administration is still looking at possible uses for the Computer Electronic Security Act (CESA), which Clinton proposed last year to balance the loosening encryption export controls with the needs of law enforcement and national security, Podesta said. But for now, the new proposed legislation will stand in to handle the law enforcement issues, he said.
"We hope that we'll have a fair hearing on them and we believe that if we work together [with Congress], then we can bridge the gaps between the members currently considering this on the Senate Judiciary committee by balancing privacy with the needs of law enforcement and that we can have some legislation enacted this year," Podesta said.