Filling e-gov's security gaps

GEIA white paper

The Government Electronics and Information Technology Association on Aug. 1 called for additional resources and funding to ensure that the movement to e-government does not leave agencies open to cyberattacks.

The GEIA white paper looks at security problems raised by Presidential Decision Directive 63, issued in May 1998 by President Clinton. Under PDD 63, agencies are required to protect the information systems that support the nation's critical infrastructure, which includes transportation and telecommunications.

Agencies are increasing their reliance on information technology, but they are not increasing their expertise in defending against attacks on those systems. So in the white paper, GEIA offers four recommendations for steps to overcome that gap:

* Fund demonstration programs in several infrastructure areas, such as air traffic control, banking and emergency services.

* Fund research and development programs to address security issues identified by organizations such as the CIO Council.

* Identify, support, build on and reward internal and cross-agency initiatives to make the federal security infrastructure stronger.

* Foster cooperative research with international allies.

Cyberattacks such as the Code Red worm, which is currently making its way around the Internet looking for new Web servers to infect, are not aimed specifically at the nation's infrastructure. But it and other viruses and worms are growing more common and have an effect on the systems that support that infrastructure.

"Most federal network operators lack the resources and technical expertise to defend against attacks and minimize damage," GEIA president Dan Heinemeier said in a statement.