[ISN] DOT sees security short-changed

From: InfoSec News (isnat_private)
Date: Tue Jan 15 2002 - 22:12:48 PST

  • Next message: InfoSec News: "[ISN] Microsoft server glitch prevents users from downloading critical security patches for Windows"

    By Diane Frank 
    Jan. 15, 2002
    The Transportation Department is working with the Bush administration
    to ensure that information security is not left behind as increasing
    amounts of money go to strengthen the other forms of security
    throughout the department, top information technology officials said
    Jan. 14.
    DOT, and particularly the Federal Aviation Administration, received a
    good portion of the emergency supplemental funding made available by
    Congress to address homeland security after the Sept. 11 terrorist
    attacks. But despite numerous requests, none of that money has gone to
    information security needs, said Eugene Taylor, DOT's deputy chief
    information officer, at the Transportation Research Board's annual
    meeting in Washington, D.C.
    The department has shifted a lot of resources within the chief
    information officer's budget to the security program for initiatives
    such as performing vulnerability analyses on all systems, establishing
    departmentwide standards, and creating a single incident response
    center, Taylor said.
    Lisa Schlosser, the new associate CIO for information security, is
    taking advantage of the charter to create a Transportation Security
    Administration to move forward on several cybersecurity programs that
    the department and the administration can use, Taylor said.
    This has meant slicing funding for programs that may end up getting
    into trouble later because of unexpected cuts, but that decision had
    to be weighed against getting into immediate trouble because of
    security shortcomings, he said.
    DOT will ask again for money from the remaining supplemental funds,
    and "if we don't get emergency supplemental funding, we'll continue to
    bump along," Taylor said.
    It does look as if increased information security funding will come in
    the fiscal 2003 budget request, which Bush will submit to Congress
    next month, he said. "So if we can get through the next nine months,
    then I think we can really do some good," he said.
    The FAA, meanwhile, is meeting this week with Richard Clarke, the
    president's cyberspace security adviser, on a number of issues, and
    funding will be a major topic of the discussion, said Daniel Mehan,
    FAA's CIO.
    The agency has more money for information security than even two years
    ago, enabling the CIO's Office to establish an around-the-clock
    computer security incident response center and to perform
    certification and accreditations on all new systems  but such efforts
    are still "sparsely funded," he said.
    That means cutting back on FAA's ability to meet governmentwide
    requirements, such as being able to review groups of systems, rather
    than the required review for every system, Mehan said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 02:17:23 PST