DOT sees security short-changed

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2002/0114/web-dot-01-15-02.asp

By Diane Frank 
Jan. 15, 2002

The Transportation Department is working with the Bush administration
to ensure that information security is not left behind as increasing
amounts of money go to strengthen the other forms of security
throughout the department, top information technology officials said
Jan. 14.

DOT, and particularly the Federal Aviation Administration, received a
good portion of the emergency supplemental funding made available by
Congress to address homeland security after the Sept. 11 terrorist
attacks. But despite numerous requests, none of that money has gone to
information security needs, said Eugene Taylor, DOT's deputy chief
information officer, at the Transportation Research Board's annual
meeting in Washington, D.C.

The department has shifted a lot of resources within the chief
information officer's budget to the security program for initiatives
such as performing vulnerability analyses on all systems, establishing
departmentwide standards, and creating a single incident response
center, Taylor said.

Lisa Schlosser, the new associate CIO for information security, is
taking advantage of the charter to create a Transportation Security
Administration to move forward on several cybersecurity programs that
the department and the administration can use, Taylor said.

This has meant slicing funding for programs that may end up getting
into trouble later because of unexpected cuts, but that decision had
to be weighed against getting into immediate trouble because of
security shortcomings, he said.

DOT will ask again for money from the remaining supplemental funds,
and "if we don't get emergency supplemental funding, we'll continue to
bump along," Taylor said.

It does look as if increased information security funding will come in
the fiscal 2003 budget request, which Bush will submit to Congress
next month, he said. "So if we can get through the next nine months,
then I think we can really do some good," he said.

The FAA, meanwhile, is meeting this week with Richard Clarke, the
president's cyberspace security adviser, on a number of issues, and
funding will be a major topic of the discussion, said Daniel Mehan,
FAA's CIO.

The agency has more money for information security than even two years
ago, enabling the CIO's Office to establish an around-the-clock
computer security incident response center and to perform
certification and accreditations on all new systems — but such efforts
are still "sparsely funded," he said.

That means cutting back on FAA's ability to meet governmentwide
requirements, such as being able to review groups of systems, rather
than the required review for every system, Mehan said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.