Protecting federal cyberspace
By
Nick Wakeman
<FONT SIZE=2>Recommendations in the "Draft National Strategy to Secure Cyberspace" specific to the federal government:</FONT>
Recommendations in the "Draft National Strategy to Secure Cyberspace" specific to the federal government:
1. In order to enhance the procurement of more secure IT products, the federal government, by the fourth quarter for fiscal 2003, will complete a comprehensive program performance review of the National Information Assurance Program. The review will determine the extent to which NIAP is cost effective and targets a clearly identified security gap; whether it has defined goals to close the gap; whether it is achieving those goals; and the extent to which program improvements, streamlining or expansion are appropriate and cost effective.
2. The federal government, by the third quarter of fiscal 2003, will assess whether private-sector security service providers to the federal government should be certified as meeting certain minimum capabilities.
3. The federal government, by the third quarter of fiscal 2003, using the e-government model, will explore the benefits (including reducing resource pressures on small agencies) of greater cross-government acquisition, operation and maintenance of security tools and services.
4. Through the ongoing e-authentication initiative, the federal government, by the second quarter of fiscal 2003, will explore the extent all departments can employ the same physical and logical access control tools and authentication mechanisms to promote consistency and interoperability.
5. Federal departments should continue to expand the use of automated, enterprisewide security assessment and security policy enforcement tools and actively deploy threat management tools to pre-empt attacks. By the second quarter of fiscal 2003, the federal government will determine whether specific actions are necessary to promote the greater use of these tools.
6. The federal government will continue to assess the technical viability and cost effectiveness of various options that provide for the continuity of operations during service outages, such as virtual private networks, "private line" networks and others.
7. The federal government should lead in the adoption of secure network protocols. The federal government will review new secure network protocols as they are published to determine whether they fill a security gap and whether their adoption would have a cost-effective impact on the operations and security of the federal government.
8. By the end of the second quarter of fiscal 2003, the federal government will consider the cost effectiveness of a scenario-based security and contingency preparedness exercise for a selected cross-government business process. Should such an exercise take place, any security weaknesses shall be included as part of agencies' Government Information Security Reform Act corrective action plans.
9. The Office of Management and Budget, in conjunction with the Chief Information Officer Council, will determine on a case-by-case basis whether to employ a lead agency concept for governmentwide security measures. The alternatives will generally include the General Services Agency, NIST, the proposed Department of Homeland Security and the Department of Defense.
The Draft National Plan to Secure Cyberspace can be found at www.whitehouse.gov/pcipb/.
Cybersecurity strategy
The White House Sept. 18 released a draft with a 60-day comment period. The plan sets out security recommendations for home computer users, businesses, industries and government agencies. The plan pushes the philosophy that the federal government cannot act alone in protecting against cyberattacks. See story, page 1.
Homeland security
The Homeland Security Department. The White House and the Senate continue to battle over the bill to create the department. Most of the contention centers on whether the department should be exempt from civil service regulations.
The creation of the department will be the largest restructuring of the government since the creation of the Department of Defense after World War II. Agencies such as the Immigration and Naturalization Service, Customs Service, Coast Guard, Transportation Security Administration and Federal Emergency Management Agency are destined for the new department.
Spending on information technology by these agencies tops $2 billion annually. But the Office of Management and Budget froze new spending by these agencies, pending review by OMB and agency chief information officers. OMB wants to avoid unnecessary redundancies.
TSA's $1 billion IT infrastructure contract underwent such a review before it was awarded to Unisys Corp.
The strategy. The first draft was released July 16, and is expected to evolve. The plan sets out the White House goals of strengthening information sharing among all levels of government, improving first responder capabilities and creating integrated communication systems.
Implementing the plan relies on more agencies than those pulled together in the Homeland Security Department. State and local governments and the private sector also have roles to play.
Budget requests for fiscal 2004, expected in February 2003, will provide more clues about the administration's homeland security priorities.
E-government
OMB officials, such as Mark Forman, associate director for information technology and e-government, are pushing the House to join the Senate in fully funding the White House request for $100 million over the next two years for cross-agency initiatives. The House has approved $5 million. The Senate version of the Electronic Government Act of 2002 is S. 803. The House version is H.R. 2458.
Another conflict between the White House and Congress is that many on Capitol Hill want the person in Forman's position to be confirmed by the Senate. The administration opposes the move.
The e-gov strategy also is part of OMB's development of a federal enterprise architecture. The architecture ties spending to government lines of business and promotes cross- agency initiatives. More fiscal 2004 budget requests will be tied to the architecture.
Transportation security
The law creating the Transportation Security Administration, signed by President Bush in November 2001, emphasized airport and aviation security. The Maritime Transportation Antiterrorism Act of 2002 (S. 1214), sponsored by Sen. Ernest Hollings, D-S.C., seeks to improve the security of U.S. seaports. Provisions include more automatic identification systems and mandatory advanced electronic information about cargoes.
The bill, which is in conference to resolve House and Senate differences, also authorizes more vulnerability assessments as well as catastrophic event planning.
A-76/Commercial Activities Panel
OMB is expected to release a revamped Circular A-76 this month, which provides guidelines for how government work is competed with the private sector. The new circular will be based on recommendations of the Commercial Activities Panel, which released its report in April.
Panel members agreed on 10 sourcing principles, such as reserving inherently governmental work for federal employees, but did not reach consensus in several other areas. For example, there was dissent among the members about using the Federal Acquisition Regulation to guide the A-76 process. A 45-day comment period will follow the release of the new circular.
TRAC Act
The Truthfulness, Responsibility and Accountability in Contracting Act has been defeated several times, but the bill, or versions of it, will continue to pop up. The bill, sponsored by Rep. Albert Wynn, D-Md., would temporarily suspend all outsourcing, and thereafter would require any outsourcing to be based on a public-private competition that compares costs under the A-76 process.
Even though Congress has failed to agree as of this writing on any of the 13 spending bills for fiscal 2003, lawmakers are expected to approve the president's $52 billion spending request for information technology products and services.
"The real issue is not if Congress will approve that amount, but when. Congress may make modifications in specific cases, but I think they are going to be very supportive," said John Spotila, president and chief operating officer of GTSI Corp., a Chantilly, Va., IT reseller.
Lawmakers have said they hope to pass a few spending bills before recessing for the November elections, but the majority will be left on the table until later this fall or even next year.
President Bush requested $45 billion in IT spending for fiscal 2002, which ended Sept. 30. That figure increased to $48 billion with supplemental spending after the Sept. 11 terrorist attacks.
Joseph Kampf said he thinks supplemental budget bills in 2003 may push IT spending even higher than $52 billion.
"I think everyone is expecting there to be a supplemental [budget bill] above and beyond what's in the budget for IT," Kampf said. He is president and chief executive officer of Anteon International Corp. of Fairfax, Va., a provider of IT and systems engineering services.
"It's very hard to know what the spending requirement is going to be," Kampf said, given the possibility of military conflict with Iraq. Most conflicts are funded by supplemental requests, he noted.
Spotila said he believes Congress should consider IT spending above $52 billion not only for homeland security and defense programs, but also for improving government efficiency.
"There is a lot of emphasis on homeland security, but the e-government initiatives are very important. Even though it's not a huge amount of money, it is significant," said Spotila, who served in the Clinton administration as administrator of the Office of Management and Budget's Office of Information and Regulatory Affairs.
The Bush administration has requested $45 million for e-government projects in fiscal 2003. The projects are designed to foster cross-agency collaboration and improve government efficiency and effectiveness through the use of technology.
While executives are optimistic about IT funding, they said they aren't likely to see any boost to their bottom lines until the third or fourth quarter of 2003.
"I think the money won't get heavily committed until late in the year," said Louis Ray, president and chief executive officer of MATCOM International Corp., an IT and engineering services provider in Alexandria, Va.
For example, the 2003 budget request contains about $3 billion for systems to support first responders in state and local governments, Ray said. Until Congress decides whether the funds are going to flow directly to the states or through the Federal Emergency Management Agency, "that money isn't going anywhere," Ray said.
Once details are worked out on that allocation and others, the third and fourth quarters should be very good for IT contract awards, Ray said.
Of top concern to many industry officials is the bill establishing the Department of Homeland Security and the military spending bills, which lawmakers said they hope to approve before the November congressional elections.
"Until we see which agencies the new department includes, how big of a budget it has and how much DoD will spend, it's hard to add it up and see what the final number will be," Kampf said. "Anteon gets 72 percent of its business from DoD, so we are just hoping the DoD bill gets passed before the election."
Coming next issue: Washington Technology's annual report on the Department of Defense will examine NetCentric Warfare, which military planners hope will revolutionize how the armed forces approach IT and information delivery to the front lines. WT will look at what NetCentric Warfare is, what the opportunities for integrators are and what new technologies are being developed.
1. In order to enhance the procurement of more secure IT products, the federal government, by the fourth quarter for fiscal 2003, will complete a comprehensive program performance review of the National Information Assurance Program. The review will determine the extent to which NIAP is cost effective and targets a clearly identified security gap; whether it has defined goals to close the gap; whether it is achieving those goals; and the extent to which program improvements, streamlining or expansion are appropriate and cost effective.
2. The federal government, by the third quarter of fiscal 2003, will assess whether private-sector security service providers to the federal government should be certified as meeting certain minimum capabilities.
3. The federal government, by the third quarter of fiscal 2003, using the e-government model, will explore the benefits (including reducing resource pressures on small agencies) of greater cross-government acquisition, operation and maintenance of security tools and services.
4. Through the ongoing e-authentication initiative, the federal government, by the second quarter of fiscal 2003, will explore the extent all departments can employ the same physical and logical access control tools and authentication mechanisms to promote consistency and interoperability.
5. Federal departments should continue to expand the use of automated, enterprisewide security assessment and security policy enforcement tools and actively deploy threat management tools to pre-empt attacks. By the second quarter of fiscal 2003, the federal government will determine whether specific actions are necessary to promote the greater use of these tools.
6. The federal government will continue to assess the technical viability and cost effectiveness of various options that provide for the continuity of operations during service outages, such as virtual private networks, "private line" networks and others.
7. The federal government should lead in the adoption of secure network protocols. The federal government will review new secure network protocols as they are published to determine whether they fill a security gap and whether their adoption would have a cost-effective impact on the operations and security of the federal government.
8. By the end of the second quarter of fiscal 2003, the federal government will consider the cost effectiveness of a scenario-based security and contingency preparedness exercise for a selected cross-government business process. Should such an exercise take place, any security weaknesses shall be included as part of agencies' Government Information Security Reform Act corrective action plans.
9. The Office of Management and Budget, in conjunction with the Chief Information Officer Council, will determine on a case-by-case basis whether to employ a lead agency concept for governmentwide security measures. The alternatives will generally include the General Services Agency, NIST, the proposed Department of Homeland Security and the Department of Defense.
The Draft National Plan to Secure Cyberspace can be found at www.whitehouse.gov/pcipb/.
Cybersecurity strategy
The White House Sept. 18 released a draft with a 60-day comment period. The plan sets out security recommendations for home computer users, businesses, industries and government agencies. The plan pushes the philosophy that the federal government cannot act alone in protecting against cyberattacks. See story, page 1.
Homeland security
The Homeland Security Department. The White House and the Senate continue to battle over the bill to create the department. Most of the contention centers on whether the department should be exempt from civil service regulations.
The creation of the department will be the largest restructuring of the government since the creation of the Department of Defense after World War II. Agencies such as the Immigration and Naturalization Service, Customs Service, Coast Guard, Transportation Security Administration and Federal Emergency Management Agency are destined for the new department.
Spending on information technology by these agencies tops $2 billion annually. But the Office of Management and Budget froze new spending by these agencies, pending review by OMB and agency chief information officers. OMB wants to avoid unnecessary redundancies.
TSA's $1 billion IT infrastructure contract underwent such a review before it was awarded to Unisys Corp.
The strategy. The first draft was released July 16, and is expected to evolve. The plan sets out the White House goals of strengthening information sharing among all levels of government, improving first responder capabilities and creating integrated communication systems.
Implementing the plan relies on more agencies than those pulled together in the Homeland Security Department. State and local governments and the private sector also have roles to play.
Budget requests for fiscal 2004, expected in February 2003, will provide more clues about the administration's homeland security priorities.
E-government
OMB officials, such as Mark Forman, associate director for information technology and e-government, are pushing the House to join the Senate in fully funding the White House request for $100 million over the next two years for cross-agency initiatives. The House has approved $5 million. The Senate version of the Electronic Government Act of 2002 is S. 803. The House version is H.R. 2458.
Another conflict between the White House and Congress is that many on Capitol Hill want the person in Forman's position to be confirmed by the Senate. The administration opposes the move.
The e-gov strategy also is part of OMB's development of a federal enterprise architecture. The architecture ties spending to government lines of business and promotes cross- agency initiatives. More fiscal 2004 budget requests will be tied to the architecture.
Transportation security
The law creating the Transportation Security Administration, signed by President Bush in November 2001, emphasized airport and aviation security. The Maritime Transportation Antiterrorism Act of 2002 (S. 1214), sponsored by Sen. Ernest Hollings, D-S.C., seeks to improve the security of U.S. seaports. Provisions include more automatic identification systems and mandatory advanced electronic information about cargoes.
The bill, which is in conference to resolve House and Senate differences, also authorizes more vulnerability assessments as well as catastrophic event planning.
A-76/Commercial Activities Panel
OMB is expected to release a revamped Circular A-76 this month, which provides guidelines for how government work is competed with the private sector. The new circular will be based on recommendations of the Commercial Activities Panel, which released its report in April.
Panel members agreed on 10 sourcing principles, such as reserving inherently governmental work for federal employees, but did not reach consensus in several other areas. For example, there was dissent among the members about using the Federal Acquisition Regulation to guide the A-76 process. A 45-day comment period will follow the release of the new circular.
TRAC Act
The Truthfulness, Responsibility and Accountability in Contracting Act has been defeated several times, but the bill, or versions of it, will continue to pop up. The bill, sponsored by Rep. Albert Wynn, D-Md., would temporarily suspend all outsourcing, and thereafter would require any outsourcing to be based on a public-private competition that compares costs under the A-76 process.
Even though Congress has failed to agree as of this writing on any of the 13 spending bills for fiscal 2003, lawmakers are expected to approve the president's $52 billion spending request for information technology products and services.
"The real issue is not if Congress will approve that amount, but when. Congress may make modifications in specific cases, but I think they are going to be very supportive," said John Spotila, president and chief operating officer of GTSI Corp., a Chantilly, Va., IT reseller.
Lawmakers have said they hope to pass a few spending bills before recessing for the November elections, but the majority will be left on the table until later this fall or even next year.
President Bush requested $45 billion in IT spending for fiscal 2002, which ended Sept. 30. That figure increased to $48 billion with supplemental spending after the Sept. 11 terrorist attacks.
Joseph Kampf said he thinks supplemental budget bills in 2003 may push IT spending even higher than $52 billion.
"I think everyone is expecting there to be a supplemental [budget bill] above and beyond what's in the budget for IT," Kampf said. He is president and chief executive officer of Anteon International Corp. of Fairfax, Va., a provider of IT and systems engineering services.
"It's very hard to know what the spending requirement is going to be," Kampf said, given the possibility of military conflict with Iraq. Most conflicts are funded by supplemental requests, he noted.
Spotila said he believes Congress should consider IT spending above $52 billion not only for homeland security and defense programs, but also for improving government efficiency.
"There is a lot of emphasis on homeland security, but the e-government initiatives are very important. Even though it's not a huge amount of money, it is significant," said Spotila, who served in the Clinton administration as administrator of the Office of Management and Budget's Office of Information and Regulatory Affairs.
The Bush administration has requested $45 million for e-government projects in fiscal 2003. The projects are designed to foster cross-agency collaboration and improve government efficiency and effectiveness through the use of technology.
While executives are optimistic about IT funding, they said they aren't likely to see any boost to their bottom lines until the third or fourth quarter of 2003.
"I think the money won't get heavily committed until late in the year," said Louis Ray, president and chief executive officer of MATCOM International Corp., an IT and engineering services provider in Alexandria, Va.
For example, the 2003 budget request contains about $3 billion for systems to support first responders in state and local governments, Ray said. Until Congress decides whether the funds are going to flow directly to the states or through the Federal Emergency Management Agency, "that money isn't going anywhere," Ray said.
Once details are worked out on that allocation and others, the third and fourth quarters should be very good for IT contract awards, Ray said.
Of top concern to many industry officials is the bill establishing the Department of Homeland Security and the military spending bills, which lawmakers said they hope to approve before the November congressional elections.
"Until we see which agencies the new department includes, how big of a budget it has and how much DoD will spend, it's hard to add it up and see what the final number will be," Kampf said. "Anteon gets 72 percent of its business from DoD, so we are just hoping the DoD bill gets passed before the election."
Coming next issue: Washington Technology's annual report on the Department of Defense will examine NetCentric Warfare, which military planners hope will revolutionize how the armed forces approach IT and information delivery to the front lines. WT will look at what NetCentric Warfare is, what the opportunities for integrators are and what new technologies are being developed.
NEXT STORY: IT industry takes Washington