2002; Vol. 21 No. 7

Clarke: IT security is 3 to 5 years away

By William Jackson
Government Computer News

The president's proposed fiscal 2003 budget puts much-needed money behind efforts to improve IT security, presidential cybersecurity adviser Richard Clarke told industry representatives at FOSE 2002.

The history of government trying to achieve IT security is a sad one, Clarke said. We have to start putting our money where our policy is.

The budget proposal earmarks 8 percent for security out of $52 billion in IT funds. But Clarke said the funds actually available will depend on congressional appropriations.

Executive branch officials are not allowed to solicit the private sector to lobby Congress, Clarke said, so I'm not going to tell you it would be helpful.

Improving federal IT security will take three to five years of continuous attention before we get into a comfort zone, he said.

The 2003 budget request follows major changes in the federal budgeting process. Under the Government Information Security Reform Act, agencies must assess IT security in their annual budget requests and make security part of their financial planning.

The Office of Management and Budget reviews the requests. This year for the first time, OMB sent back requests that did not address security deficiencies, and it shifted money from other areas into security, Clarke said.

I'm not going to name names of federal departments we did this to, he said, but he said the increase in money requested for IT security reflects what happened.

Clarke stressed the need for private-sector cooperation in the quest for security. He stumped for proposed amendments to the Freedom of Information Act that would exempt IT vulnerabilities reported by companies to the government.

He also said the Critical Infrastructure Protection Board, in cooperation with the General Services Administration, will host informal lunches with selected security companies so government officials can learn about new technologies and products.