Security initiatives net funding

President Bush's first budget sets aside funds for two Clinton administration information security projects and provides modest gains for governmentwide security initiatives.

The Scholarship for Service program, designed to increase the number of information security professionals, netted $11.2 million for 2002. The scholarships pay for the education of students willing to serve as federal security professionals after graduation. The SFS program, managed by the National Science Foundation, will award its first grants in June.

Bush also set aside funds to support his predecessor's critical infrastructure protection initiatives, even though Presidential Decision Directive 63 expires at the end of fiscal 2001.

The $5 million proposed for the Critical Infrastructure Assurance Office shows that Bush intends to extend PDD-63 beyond its expiration date, said John Tritak, director of the CIAO.

Sallie McDonald, assistant commissioner of the General Services Administration's Office of Information Assurance and Critical Infrastructure Protection, said that Bush's budget may be just the beginning of information security funding. Recent congressional hearings, such as one earlier this month in the House Energy and Commerce Committee, showed that lawmakers are paying more attention to security and critical infrastructure protection, McDonald said.

Under Bush's plan, the Federal Computer Incident Response Center (FedCIRC), the central organization for civilian cyberattack warnings and response, received a $3 million boost for 2002. Those funds are earmarked for the continued development of a secure network to communicate with agencies about vulnerabilities and for a high-speed voice and fax system to send out alerts when networks are compromised.

Some of the proposed 2002 money will help create a central data correlation and analysis center at FedCIRC where agencies will voluntarily feed incident information, said David Jarrell, director of FedCIRC.

GSA also is slated to get $3.5 million for a federal public-key infrastructure (PKI) program, which is aimed at getting agencies to use digital certificates to provide authentication, confidentiality and authorization for electronic transactions. The program moved to GSA late last year from the Treasury Department, along with the PKI Steering Committee and the Federal Bridge Certification Authority, which will allow agencies to recognize the authenticity of other agencies' certificates.

Some of the 2002 funding will stay at Treasury, which still oversees the bridge's Policy Authority, McDonald said. The bridge is expected be operational in the next month.

"With that funding, we'll have the opportunity to supply some seed money to agencies to start some pilots using the bridge next year," she said.

Individual agencies are clearly responding to the new requirements handed down in the Government Information Security Reform Act, passed last October. The act requires agencies to implement good security practices and conduct annual self-assessments.

The Office of Management and Budget is now requiring agencies to include security plans in their system requests. The security line items at agencies such as the Federal Aviation Administration, the Education Department and the Environmental Protection Agency will rise in 2002.