[ISN] Security initiatives net funding

From: InfoSec News (isnat_private)
Date: Tue Apr 17 2001 - 22:35:43 PDT

  • Next message: InfoSec News: "[ISN] Australian e-commerce sites insecure: paper"

    BY Diane Frank
    President Bushs first budget sets aside funds for two Clinton
    administration information security projects and provides modest gains
    for governmentwide security initiatives.
    The Scholarship for Service program, designed to increase the number
    of information security professionals, netted $11.2 million for 2002.
    The scholarships pay for the education of students willing to serve as
    federal security professionals after graduation. The SFS program,
    managed by the National Science Foundation, will award its first
    grants in June.
    Bush also set aside funds to support his predecessors critical
    infrastructure protection initiatives, even though Presidential
    Decision Directive 63 expires at the end of fiscal 2001.
    The $5 million proposed for the Critical Infrastructure Assurance
    Office shows that Bush intends to extend PDD-63 beyond its expiration
    date, said John Tritak, director of the CIAO.
    Sallie McDonald, assistant commissioner of the General Services
    Administrations Office of Information Assurance and Critical
    Infrastructure Protection, said that Bushs budget may be just the
    beginning of information security funding. Recent congressional
    hearings, such as one earlier this month in the House Energy and
    Commerce Committee, showed that lawmakers are paying more attention to
    security and critical infrastructure protection, McDonald said.
    Under Bushs plan, the Federal Computer Incident Response Center
    (FedCIRC), the central organization for civilian cyberattack warnings
    and response, received a $3 million boost for 2002. Those funds are
    earmarked for the continued development of a secure network to
    communicate with agencies about vulnerabilities and for a high-speed
    voice and fax system to send out alerts when networks are compromised.
    Some of the proposed 2002 money will help create a central data
    correlation and analysis center at FedCIRC where agencies will
    voluntarily feed incident information, said David Jarrell, director of
    GSA also is slated to get $3.5 million for a federal public-key
    infrastructure (PKI) program, which is aimed at getting agencies to
    use digital certificates to provide authentication, confidentiality
    and authorization for electronic transactions. The program moved to
    GSA late last year from the Treasury Department, along with the PKI
    Steering Committee and the Federal Bridge Certification Authority,
    which will allow agencies to recognize the authenticity of other
    agencies certificates.
    Some of the 2002 funding will stay at Treasury, which still oversees
    the bridges Policy Authority, McDonald said. The bridge is expected be
    operational in the next month.
    "With that funding, well have the opportunity to supply some seed
    money to agencies to start some pilots using the bridge next year,"
    she said.
    Individual agencies are clearly responding to the new requirements
    handed down in the Government Information Security Reform Act, passed
    last October. The act requires agencies to implement good security
    practices and conduct annual self-assessments.
    The Office of Management and Budget is now requiring agencies to
    include security plans in their system requests. The security line
    items at agencies such as the Federal Aviation Administration, the
    Education Department and the Environmental Protection Agency will rise
    in 2002.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 23:11:12 PDT