[ISN] Cybersecurity standardization moves forward

InfoSec News isn at c4i.org
Thu Mar 31 01:39:34 EST 2005


http://www.govexec.com/dailyfed/0305/033005p2.htm

By Daniel Pulliam
March 30, 2005 

The Office of Management and Budget launched a task force on
cybersecurity consolidation last week with the goal of increasing
computer security and cutting costs.

Tim Young, OMB's associate administrator for e-government and
information technology, said at a conference in Falls Church, Va.,
Tuesday that the consolidation effort has strong support among
agencies. He said that the question of whether agencies can share
common processes associated with information technology security is
meant to spark a dialogue in the IT security community.

"We want to improve our security, but we want to spend fewer dollars,"  
Young said at a conference sponsored by Reston, Va.-based IT
consulting firm INPUT. "It's a good story if you're a taxpayer, but
maybe not a good story if you're supporting these back-office
functions."

The task force consists of two representatives from each Cabinet-level
agency. An information and budget data request is due in April.  
Specific goals include identifying problems and solutions for
cybersecurity risks, improving cybersecurity processes and reducing
costs by eliminating duplication.

The task force will analyze various elements, including training
activities, threat awareness, program management and the
implementation of security products.

In September 2005, the task force will send agencies' business cases
to OMB as part of the fiscal 2007 budget process. By December, OMB
will have reviewed the business cases and will make resource
decisions.

Agencies have struggled to improve the security of their information
technology systems while surveys have shown cybersecurity to be a top
priority for agencies' chief information officers. A score card from
the House Government Reform Committee showed that across government,
cybersecurity improved slightly, but agencies such as the Energy and
Homeland Security departments failed dismally.

Cybersecurity experts have said that compliance with the 2002 Federal
Information Security Management Act is an expensive and frustrating
process for agencies, but the results are intended to provide
significant benefits to computer security. Young said a reason for
exploring cybersecurity standardization is the vastly different sums
of money that agencies of similar size are spending on FISMA
compliance.

Despite OMB's optimism that consolidating back-office functions such
as payroll and human resources will improve services and reduce costs,
Young said he does not know whether cybersecurity ever will be fully
consolidated. "We'll see what the task force says," he said,
suggesting that a hybrid approach might be the end result.

Young said the administration's fiscal 2006 budget request--in which
the percentage of funds requested for back office functions fell
slightly from 32 percent to 31 percent and spending for mission areas
increased slightly from 55 percent to 56 percent--shows a shift in
priorities.

Young said the consolidations that started last year are seeing
results, and that total spending on OMB's consolidation projects is
projected to increase from $11 billion to $12.1 billion.

"Agencies are adopting the concept of shared services," Young said.  
"Are we outsourcing all of this? No, but in the long term? Not really,
but there will be more opportunities for the private sector to offer
solutions."





More information about the ISN mailing list