Bush officials try to reassure industry on cybersecurity

Administration officials sought to reassure information technology industry executives that the federal government has not lost its focus on cybersecurity during a Capitol Hill forum today.

"I really believe the [cybersecurity] program is going to come out stronger than it was," said Sallie McDonald, a senior official in the Department of Homeland Security. She came to the department from the General Services Administration, where she was responsible for the Federal Computer Incident Response Center. The center has moved to the new department.

"Just because Dick Clarke left doesn't mean everything is going to go down the drain," McDonald added.

In recent weeks federal IT contractors have expressed concern that cybersecurity was being jettisoned from the government's top IT priorities. Richard Clarke, the administration's cyber czar, left the government, leaving the White House without a top cybersecurity official. In addition, most federal cybersecurity organizations have moved to the Department of Homeland Security, but a top department official to lead cybersecurity efforts has not been named.

IT firms must build secure products so government can build security into new systems, not add security afterward. But the process is expensive, so industry is tempted to back away from research and development and security certification processes if they see government officials backing away from a strong commitment to cybersecurity, IT executives said.

"Industry needs to see that this is a strong priority," Dan Burton, vice president of government affairs for Entrust Inc., said at the forum, which was hosted by the Information Technology Association of America, an Arlington, Va., trade association.

Tom Ridge, secretary of the Department of Homeland Security, is looking for a person to lead the department's cybersecurity efforts, McDonald said.

"I think that is really going to help. But you're not going to see a cybersecurity box," on the department's organizational chart, she said.

Rather, department officials are working to blend staff expertise in physical and cybersecurity "to bring a stronger posture" overall, McDonald said. In the new department, cybersecurity falls within the Information Analysis and Infrastructure Protection directorate.

In addition, the Office of Management and Budget will continue using its budget stick to prod agencies toward better cybersecurity, said Kamela White, a senior policy analyst in the Information Policy and Technology branch of OMB. She is responsible for setting IT security policy and overseeing agency compliance.

"We have hundreds of millions of dollars in IT investments that OMB considers at risk if security problems are not addressed by the end of this [fiscal] year," White said. "I think there will be serious discussion this year about whether certain systems will continue."

OMB is working with agencies to beef up their IT security, White said.

"We are not going to stop funding an air-traffic control system, a mission-critical system," she said. "We will work with the agency ? and reprioritize funding to ensure security for that system is addressed. We have a huge campaign with the agencies to address these problems."