Law may boost info security

ORLANDO, Fla. -- Information security should lead the list of considerations for new investments, and changing the law to require it may help agencies improve systems, a House subcommittee staff director said today.

The House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee is looking at amending the language of the Clinger-Cohen Act of 1996 to mandate that information security and enterprise architecture be identified when making new investments, according to subcommittee staff director Bob Dix.

"Information security is a very, very risky business these days," Dix said, speaking today at the Information Processing Interagency Conference sponsored by the Government Information Technology Executive Council.

All stakeholders should be involved in securing critical systems, Dix said, adding that government officials can learn from the private sector's best practices. An information security working group, created by the subcommittee to include government, private-sector and security organizations, is examining ways to better protect critical systems.

Rep. Adam Putnam (R-Fla.), subcommittee chairman, drafted legislation last year that would have required publicly traded companies to follow and report on a list of security requirements. However, before the legislation was passed, Putnam formed a group to study whether companies can do the work on their own. The group is expected to present a list of recommendations for best practices and procurement practices to the chairman in two days, Dix said.

Included in the group's work is determining whether Clinger-Cohen should include language about information security. By meeting with technology companies, subcommittee officials found that the companies doing the best in information security are those regulated by law, Dix said

The federal enterprise architecture plays a leading role in moving the government into adopting a business model mentality, he said. Mapping investments to reference models in the architecture opens the door for information sharing and agency collaboration, Dix said.

"A lot of people on the Hill don't understand many of the issues in information technology, but this blueprint...is producing, or is about to produce, some pretty remarkable results," he said.