Pushing for cybersecurity, e-gov

Sen. Susan Collins was born into a political family. Her mother and father each served at separate times as the mayor of Caribou, Maine.So it came as no surprise when her first job out of college in 1975 was working on the Washington staff of Maine Sen. William Cohen, an author of the Clinger-Cohen Act. After 12 years of working for the Republican lawmaker, Collins served as a cabinet secretary for Gov. John McKernan for five years and as head of the New England regional office of the Small Business Administration for a year.In 1996, Collins ran for the retiring Cohen’s Senate seat as a Republican and became the 15th woman elected to the Senate.As chairwoman of the Senate Governmental Affairs Committee, Collins oversees several federal issues, including IT and homeland security.Since taking over as chairwoman in January of last year, she has focused on agency IT management, the problem of federal employees receiving degrees from unaccredited schools, the Homeland Security Department’s Computer Assisted Passenger Prescreening System II and U.S. Visitor and Immigration Status Indication Technology system, and the Thrift Savings Plan’s record-keeping system.Over the next year, Collins has said her IT priorities include cybersecurity, critical infrastructure protection and the role of CIOs in agencies.Collins received a bachelor’s degree from St. Lawrence University.GCN staff writer Jason Miller interviewed Collins at her Washington office. COLLINS: One priority is to make sure the $60 billion the federal government expects to spend this year is well spent.In the Office of Management and Budget’s scorecard rating system, 13 large agencies received failing grades—a red light in OMB’s parlance. Only two agencies—the Office of Personnel Management and the National Science Foundation—earned the highest score, a green light. That is of great concern to me. It suggests there are cost overruns and inadequate management of IT.And even more troubling, it suggests that many agencies do not have effective computer security programs, which brings me to another of the committee’s priorities.We’ve paid insufficient attention in this country, both in the public and private sectors, to the threat of an attack to our systems. Whether they are computers that monitor infrastructures such as the water supply or electrical grid or computers used by federal agencies to deliver services, we have not focused as much attention as we need to in the area of cybersecurity.It would be relatively easy for terrorists to launch an attack by crippling the computers that are essential to run a water supply or train system or some other critical infrastructure.The Homeland Security Department has taken some positive steps in this area. For example, the department has consolidated the three agencies that deal with cybersecurity. It has conducted risk assessments on critical infrastructures.But 85 percent of critical infrastructures are in the private sector. So it will require an effort where the federal government works with industry.COLLINS: We are working closely with the General Accounting Office and OMB to monitor the efforts of all agencies.My staff is spending a lot of time talking with agency CIOs about security. We also are having GAO work in that area as well. We may decide to hold some hearings, but at this point we are working most closely with GAO to monitor the effectiveness of IT security.COLLINS: We have some ongoing studies. We are looking at cybersecurity issues and the effectiveness of CIOs. Both studies are due out in late summer or early fall.Another important priority for me is expanding the public’s access to government programs and information using IT. Regulations.gov is a terrific idea to allow the federal government to put regulations on a Web site that would let citizens monitor regulatory activities more easily.We found that many citizens don’t use Regulations.gov because they don’t know about it and because individual agencies have failed to include a link on their Web sites to it. We’ve asked GAO to continue its work in this area.We ought to be able to harness the power of technology to make government more accessible to its citizens. Just as we’ve seen e-commerce take off, I would like to see e-government also expanded.COLLINS: Without the E-Government Act, we would not have made the progress we have made. While progress is uneven, every agency understands their obligations now and understands that this is an issue that OMB and Congress will be paying close attention to.We need to keep pushing agencies to expand their efforts to improve their planning and performance measurements. We need to get a handle on cost overruns, which still are very common in dealing with IT. We need to make sure that agencies are paying attention to computer security issues, and we need to expand the president’s e-government initiatives.We’ve made pretty good progress on the 25 [Quicksilver] projects. But as one OMB official noted, those were the low-hanging fruit, those were the ones that lent themselves most easily to the expanded use of technology. We need to do more.COLLINS: I think that public awareness still lags. There is a lot of opportunity for increasing public awareness of what’s available.We put a link on my Web site to a Congressional Research Service site listing government grants. My constituents have loved that because they used to have to go agency by agency trying to figure out if there was a grant program that might fit their needs.There still is a lot to be done to encourage interdepartmental cooperation, instead of just intradepartmental cooperation, and to promote greater public awareness.COLLINS: Part of it will come naturally with time. But you don’t want agencies to spend money on television advertising for this purpose.It seems to me by incorporating this information in government publications, by putting Web sites on staff members’ business cards and on stationery, there are inexpensive ways to spread the word. FirstGov.gov is an excellent way to start spreading the word.Asking states to put a link on their Web sites to FirstGov is another means. We need more public-private cooperation to expand public awareness.COLLINS: I’m going to be holding hearings later this year on the results of both my staff’s and GAO’s investigations of diploma mills. My concern is that individuals with bogus academic credentials are able to obtain jobs with the federal government, in some cases sensitive jobs.In other cases, the government appears to have paid for coursework done through diploma mills, which is an extraordinary waste of taxpayer dollars. There are security issues, fairness issues and waste-in-government issues involved with diploma mills.I believe the Education Department will help a great deal by maintaining a Web site of accredited schools and explaining some organizations that are not accredited because of religious or other reasons yet are bona fide educational institutions.That, of course, is one reason the department has been wary of getting into this area, and I understand those legitimate concerns. But it seems to me it would be helpful, and there are states such as Oregon that have done it. It is not an impossible task. It would at least put employers and agencies on guard.An educational institution can be legitimate even if it lacks accreditation, but that ought to be a red flag or at least a warning that more inquiry is needed.