Bush To Address CybersecurityBush To Address Cybersecurity

The Bush administration plans in its second term to pay closer attention to cybersecurity among federal agencies, but some critics question whether the administration will go far enough to protect the United States from increasingly sophisticated cyberattacks and security breaches.

The administration's stance is that cybersecurity will be part of any new federal government IT initiatives. But some believe the president should create a distinct administrative cybersecurity position within the Homeland Security Department to oversee progress in the federal government and act as a liaison with private industry.

Cybersecurity costs are expected to be factored into all agency budget requests. It's a matter the administration takes seriously enough that the Office of Management and Budget suggests agencies without adequate plans to improve cybersecurity shouldn't move to any new IT projects until cybersecurity is addressed, says Karen Evans, OMB's administrator for E-government and IT.

Entering his second term, President Bush faces a number of challenges to IT-related initiatives such as cybersecurity. Perhaps the greatest challenge is a growing budget deficit projected to reach $521 billion for fiscal 2004. The president has promised to cut the deficit in half within five years, but much of that effort will depend on a reduction in spending, including a heavy reliance on IT to spend less.

"This doesn't necessarily mean that IT budgets will be cut," Evans says. "If an agency is properly man-aging its portfolio, its IT budget might go down because it's achieving the same or better results with the same amount of tax dollars."

While OMB's expectation that each federal agency bake cybersecurity into its budget is a good start, the Cyber Security Industry Alliance is looking for the Bush administration to do more to get private industry to adopt such standards, since private industry owns and operates 90% of the United States' critical infrastructure. Paul Kurtz, the alliance's executive director and former senior director of critical infrastructure protection for the White House's Homeland Security Council, would like to see responsibility for cybersecurity and physical security divided between two assistant secretaries. Robert Liscouski, Homeland Security assistant secretary for infrastructure protection, now handles both.

When Congress last month passed a simplified version of its Intelligence Reform Act after cutting a provision that would have created a high-profile assistant secretary of cybersecurity within Homeland Security, advocates perceived this as a slight. "There's a lot that goes with such a position," Kurtz says. "It resonates on the Hill, creating accountability and someone the Hill can go to as a designated spokesman."

Evans says the formal creation of an assistant secretary for cybersecurity position is unnecessary and that it's a departmental management issue.

Still, Evans and Kurtz agree the nation's data and IT infrastructure will only be protected through a partnership of government and industry. Such a partnership includes calling on private-sector companies to secure their systems, but also government's willingness to apply successful private-sector cybersecurity initiatives to its own systems, Evans says.

If this can be accomplished, most agree that cybersecurity will improve. Says Kurtz, "I'm confident that in a second term, we'll see more action on these items."

Illustration by Timothy Cook