Clarke floats options for GovNet

The Bush administration last week laid out a range of options for securing critical government information systems, including everything from simply beefing up security on existing systems to building a governmentwide intranet that would wall off systems from the Internet.

The Critical Infrastructure Protection Board, which oversees security of federal information systems, developed the options after the General Services Administration last month briefed board chairman Richard Clarke on industry suggestions for securing government systems (see box).

GSA's Federal Technology Service reviewed more than 160 industry responses to an October 2001 request for information on the creation of a governmentwide intranet called GovNet, which the White House proposed last year after the Sept. 11 terrorist attacks.

"GovNet is a question," said Clarke, who is also President Bush's cyberspace security adviser, at an April 17 conference sponsored by GSA during which he unveiled the list of options. "It is a question that may lead to programs."

The government learned a great deal from the industry responses, said an agency official on the Critical Infrastructure Protection Board. "When you put out an idea, people come back with better ideas," said the official, who asked not to be identified.

The options resulting from the briefing are important because they are "options for practical application," the official said, adding that GovNet is a great vision, but this is a sign that it is truly possible.

The administration is giving equal consideration to all options, according to an administration official.

Some experts have claimed that GovNet would be too technically difficult and expensive to develop and would make managing government services more challenging. However, Clarke said GovNet is technically feasible because secure, separate intranets already exist in the government, including the Defense Department's Secret Internet Protocol Router Network and the intelligence community's intranet.

A virtual private network, which many GovNet critics suggest should be pursued instead of a separate network, will not protect against all Internet attacks, Clarke said.

The board will develop a core set of requirements for GovNet and develop questions for a feasibility study that GSA will conduct to determine architecture options and costs, the administration official said.

GSA is waiting for Congress to appropriate $5 million for the study, an amount requested in the agency's fiscal 2003 budget.

***

Options for securing federal networks

Richard Clarke, President Bush's cyberspace security adviser, last week unveiled five options for securing government systems that officials will study in the coming months.

1. Improve security on existing individual networks and do not develop a separate governmentwide intranet.

2. Connect some civilian agency networks to the Defense Department's and the intelligence community's secure intranets.

3. Allow agencies to develop separate intranets for their use only.

4. Create a governmentwide intranet as a backup system.

5. Develop a series of vendor contracts that agencies can tap into for security services or intranets.