FBI bets on new IT initiative for security

Anticipating no new money for information security, the FBI is hoping a major computer project currently hung up in Congress will provide the new technology needed to make its information more secure, a top agency official said last week.

Mark Tanner, information resources manager at the FBI, said he expected no "enhancement and maybe some reduction" for information assurance in its fiscal 2000 budget, which Congress has yet to pass. "We need more [money], but doesn't everybody?" he said.

But many of the agency's concerns stem from its reliance on outdated computers and networks. The Information Sharing Initiative, waiting for funding from Congress, would address that problem, Tanner said.

ISI was designed to give investigators quick access to the many databases and computer files now scattered on systems across the bureau, improving the speed and quality of their work. The program would equip FBI employees with up-to-date desktop computers, software and networking technology.

Tanner, speaking Thursday at a meeting of the Industry Advisory Council, said an up-to-date computer infrastructure was an essential piece to assuring the quality and security of information. "I think we need to maintain a modern infrastructure," he said. "We need to have a well-stocked toolbox."

The quality of some components of the FBI toolbox is "awful," said Tanner in an interview after his presentation. He said the agency still has many older, slower 486 PCs and that some of the agency's routers and network equipment is as old as 10 years.

FBI officials have requested $430 million for ISI over five years. In the latest version of the bill to fund the FBI, however, Congress, concerned about the FBI's mismanagement of other major information technology projects, has set aside only $20 million for ISI in fiscal 2000, plus an additional $60 million the agency did not use in fiscal 1999.

Still, technology may not be an adequate defense, said James Litchko, a Kensington, Md.-based information security consultant.

"You can put a lot of technology in place, but if you don't test it, there could be something in there that could cause you problems," he said. "You can wall yourself, but somebody's going to dig a hole."

But agency and industry officials say the FBI is not alone in feeling the budget squeeze when it comes to information security, given the tight spending caps in place since 1997.

"The funding [for information security] isn't there to do anything significant and probably isn't going to be there for another one or two years," said Donald Hagerling, information systems security program manager at the Treasury Department, speaking at an event last month sponsored by the Bethesda, Md., chapter of Armed Forces Communications and Electronics Association International.

"I'm not getting a sense from any of the agencies that I call on that there is program money set for the acquisition of specifics within [information] assurance and protection," said Charles Viator Jr., sales manager for Protegrity Inc., a software company that sells information security products. Tanner said the FBI spends about $200 million annually on IT, but he could not say how much the agency spends on security.