Cyber-Security Plans Go Begging on Hill

[InfoSec News <isn () C4I ORG>]

http://www.washingtonpost.com/wp-dyn/articles/A13564-2000Oct15.html

By Vernon Loeb
Washington Post Staff Writer
Monday, October 16, 2000; Page A25

The Clinton administration is hoping last-minute lobbying heroics can
save its ambitious $138.4 million cyber-security program before
Congress adjourns soon, having watched committee after committee in
both chambers fail to fund a dozen key initiatives.

President Clinton unveiled the program with fanfare in January,
proposing the creation of a national scholarship program to build a
"cyber corps" of computer security experts to defend federal
government computer networks against hackers and full-fledged
cyber-attacks "so that America can be more secure."

But with possibly as few as three legislative days remaining before
Congress adjourns for the November election, Senate committees have
approved just $40 million of the administration's request, and House
panels only $15.5 million.

The cyber corps scholarship program is far from full funding in a
House-Senate conference committee. A $50 million institute designed to
work closely with the private sector on computer security research has
received no funding in either house; and a $15.4 million intrusion
detection and response network has received $10 million in the Senate
but nothing in the House.

Senate and House committees also declined to provide funding for a $5
million interagency expert review team to respond to cyber-attacks, a
$2.8 million request for telecommunications research and a $2 million
request for research into protecting health information on government
computer networks.

"None of this is partisan," said Richard A. Clarke, the
administration's czar for counterterrorism and cyber-security at the
National Security Council. "But because funding for the program is
broken up into so many different committees, no one feels they are
destroying our attempt to create cyber-security."

Rep. Stephen Horn (R-Calif.) late last month released a report card on
cyber-security at 24 agencies and gave the administration "an
appalling average grade of D-minus." Horn said, "Every American should
be concerned about this report, because government computers contain
vital personal and national security information."

Horn's assessment was based in part on a study by the General
Accounting Office that described widespread computer vulnerabilities
and urged Congress to maintain the momentum toward improved
cyber-security established by the government's successful response to
fixing large-scale Y2K software problems last year.

The GAO quoted the National Security Agency as warning that "potential
adversaries are developing a body of knowledge about U.S. systems and
how to attack them."

Clark did not disagree with Horn's report card or the GAO review.

"They're right--we admit they're right," said Clarke. "We'd just like
to fix it. Everything we've asked for in the budget in order to fix
that is being denied: the people, the technology, all of it is being
underfunded."

Under the cyber corps proposal, students would receive $50,000 in
scholarships if they completed newly developed programs in computer
security at any one of 15 universities and agreed to work in
cyber-security for the federal government for two years.

While the Senate fully funded the administration's request for $11.2
million to pay for scholarships, the House provided no scholarship
money. And neither chamber approved any of the $7 million requested to
run the program, leaving questions about what would happen to the
cyber corps even if Congress funds the scholarships.

"The big problem right now is, number one, people," Clarke
said. "We're going to continue to get failing grades [if we can't
recruit] cyber-security people and get them to work for the federal
government. . . . Private companies are scarfing up the few people
that exist."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".