Senate approves plan to beef up computer security

Federal agency heads must ensure that their information systems are secure under a provision of the fiscal 2001 defense authorization bill that gained Senate approval late last week.

The provision, S. 1993, co-sponsored by Sens. Fred Thompson, R-Tenn., and Joseph Lieberman, D-Conn., provides a managerial framework for protecting federal computer records from hackers, cyberterrorists, and accidental or careless unauthorized disclosure. Thompson has called agencies' current method of dealing with such problems a "band-aid approach."

"Effective computer security starts with effective management and this legislation will help federal agencies get a handle on managing their computer security efforts," Thompson said.

Under the bill, the executive branch must set up a chain of command and responsibility for protecting computer records, stretching from the director of the Office and Management and Budget at the top to individual departments and agencies below. The General Accounting Office is charged with annual oversight of IT security at all federal agencies.

In addition, the bill would require agencies to:

• Establish clear accountability for information security.
• Have an annual independent evaluation of IT security.
• Develop a security plan.
• Switch to procedures identified as "best practices."
• Make sure the relevant employees are properly informed and trained.

Agency managers would also have the flexibility to attract technology talent through the use of a "federal cyber service," that would hand out scholarships and fellowships in exchange for federal service.