More money needed for cybersecurity

The government needs to beef up its spending on network and information systems security as well as better focus the available funds, according to federal security officials who called for better efforts in the wake of the massive denial-of-service attacks against several commercial e-commerce companies earlier this month.

Mike Jacobs, deputy director of information systems security at the National Security Agency, criticized the Clinton administration's $2 billion fiscal 2001 budget for cyberdefense. He said it does not represent new money" but rather mostly an aggregation of already allocated funds scattered across many agencies under a new heading.

Jacobs, speaking earlier this month on an information security panel at the West 2000 conference in San Diego, sponsored by the Armed Forces Communications and Electronics Association and the U.S. Naval Institute, said all users concerned with information security face a basic problem: "Network technology is racing away from network security."

Michael Vatis, director of the FBI-managed National Infrastructure Protection Center, said in order for his organization to track cyberperpetrators, research funding needs to be focused on systems that can trace such attacks. Vatis, also speaking at the West 2000 conference, said with current tools, tracking denial-of-service attacks "is extremely resource intensive [because] you need to go from victim sites to hop sites."

The Marine Corps' top researcher, Lt. Gen. John Rhodes, who heads the Marine Corps Combat Development Command in Quantico, Va., said the five-year Pentagon budget process also frustrates efforts by the military to keep pace with commercial information technology developments. Rhodes said he is working on his 2002-2007 budget and asked, "How can I do that in C4I [command, control, communications, computers and intelligence] systems when the technology turnover is every 18 to 24 months?"