Government Executive - Authors - Liza Porteus

Key Democrat blasts White House homeland security moves

Liza Porteus — Wed, 26 Jun 2002 00:00:00 -0400

California Democrat Ellen Tauscher and Texas Republican Mac Thornberry sponsored a bill, H.R. 4660, to create a National Homeland Security Department and a National Office for Combating Terrorism within the White House, and Sens. Joseph Lieberman, D-Conn., and Arlen Specter, R-Pa., introduced similar Senate legislation. But the White House had asked lawmakers to delay action on such legislation until the administration studied the issue further. Then last week, White House Homeland Security Director Tom Ridge delivered President Bush's plan for a new department to Capitol Hill.

Tauscher criticized that effort Wednesday at a conference on homeland security hosted by the Progressive Policy Institute, the policy arm of moderate New Democrats. "At a time we need laser surgery ... unfortunately, it looks like we have a bunch of surgeons coming into surgery with meat cleavers instead of very discreet scalpels," she said of the reorganization process.

Tauscher said the "typical Washington game" of determining how the department would work is being played, and "there's a lot of excuses as to why we can't seem to do this." She said White House staffers request her help daily.

The administration must begin giving more details of how the department would work or else risk losing the support of the general public, Tauscher said. People have not been given "a sense of optimism that we're actually going to do the right thing," she said, adding that Ridge and Bush had "better get out there and start to engage everybody."

Later in the day, Lieberman, chairman of the Senate Governmental Affairs Committee, said he will "work hard" to ensure that the bill includes strong links between the Homeland Security and Defense departments. His panel will have primary oversight of a bill to create the department.

"We need to guarantee the highest level of ongoing cooperation between the agencies," Lieberman said. "We don't need to reinvent these wheels, just to redirect and re-engineer them."

Lieberman also hailed the success of the Defense Advanced Research Projects Agency (DARPA), which funnels new technologies into the nation's military. Calling it "one of the most efficient engines of innovation in American history" because it has developed technologies such as the Internet, Lieberman said that success could be applied elsewhere.

"Now, we need to learn from its success and apply that same creativity and ingenuity within the new Department of Homeland Security," Lieberman said.

Lieberman's committee is crafting a bill that would create SARPA, with the "s" standing for "security." The agency would focus on developing and deploying homeland defense technologies, such as those that can detect weapons at ports and airports, and in cyberspace.

SARPA also could devise better biometric technologies for use at secure entry points, Lieberman said, and could help pioneer "smart buildings" that detect intruders, as well as protect vital information systems.

]]>

Bush official urges agencies to upgrade homeland security systems now

Liza Porteus — Tue, 25 Jun 2002 00:00:00 -0400

"We think we cannot only improve security but improve performance" in airports, at the nation's borders and ports, and elsewhere, Jim Flyzik, White House Homeland Security Director Tom Ridge's senior adviser, told the E-Gov 2002 conference. Flyzik said it is imperative that agencies build from each other's modernization efforts.

Flyzik is a member of the President's Critical Infrastructure Protection Board and sits on the Federal CIO Council. He previously served as the Treasury Department's chief information officer. Now he advises Ridge on information-security issues, among other things.

While the nation waits to see what Congress does with an administration bill to create a Homeland Security Department, however, Flyzik said agencies and states need to continue implementing their plans. "We're all confident there will be a Department of Homeland Security," but the details must be worked out, Flyzik said.

Ridge's office is crafting a national homeland security strategy that is due to President Bush in July. The administration is writing the information-sharing and systems-integration chapters. Flyzik said other pieces will address strategies for drug control, money laundering and cyber security. The cybersecurity strategy is separate from the strategy being crafted by Richard Clarke, Bush's cyber-security adviser, Flyzik said.

"I have a gut feeling it will be before Sept. 11, 2002," when the national strategy will be made public, Flyzik said.

The new department would focus on four areas: border and transportation security; emergency preparedness and response; chemical, biological, radiological and nuclear counter measures; and information analysis and infrastructure. Legislation to create the department includes the new job of undersecretary for information analysis and infrastructure protection.

Flyzik said CIOs from various agencies that may be included in the department are meeting with Homeland Security CIO Steve Cooper, and they are being grouped together based on the four areas of focus.

But the federal government needs to coordinate with state and local law enforcers and other officials "like it's never been done before," Flyzik stressed. He added that the administration is working with what is known as "the Big Seven"--the major state and local organizations, such as the National Governors Association, National Conference of State Legislatures, National Association of State Chief Information Officers and U.S. Conference of Mayors.

"In many cases, the locals are already ahead of us" in homeland security efforts, Flyzik said, noting that 23 states already have statewide wireless networks in place while the federal government is still working on its own.

Flyzik also said that an Office of Homeland Security portal soon will be offered as a gateway to other efforts and that the administration wants to increase the use of information-sharing systems.

]]>

Agencies seek industry input on e-gov plan

Liza Porteus — Tue, 18 Jun 2002 00:00:00 -0400

The General Services Administration on Tuesday hosted an "industry day" to update companies on where the government is on its e-authentication project--one of the 24 e-government initiatives approved by the President's Management Council. The Office of Management and Budget and GSA are spearheading the initiatives.

The e-authentication project includes the development of a Web site that would provide a standard way of authenticating the identities of firms and individuals who conduct business with the government. Use of the gateway would be voluntary for agencies.

Government officials said citizens need to trust the government to put their interests first, particularly in the electronic age. "It's not just about building trust; it's about becoming citizen-centered as a government," said Mark Forman, OMB's associate director for information technology and e-government.

Forman said the Government Paperwork Elimination Act is helping the push toward Web-based government transactions. But the problem is that various agencies are signing separate contracts to put services online, resulting in a hodge-podge of technology systems. The process also costs more than using a single system to execute all similar transactions.

"It's not that we're not online. ... The question is, how smart are we as we bring this to bear for the public," Forman said, adding that e-authentication is just one part of the government's computer-security efforts.

But industry plays a vital role in the government's efforts, officials said.

"It's very important we don't embark on a path in a vacuum," said Steve Timchak, director of the e-authentication project at GSA.

Timchak said a request for information on potential next steps in the project will be issued "very soon." The government will look for industry input on acquisition, funding, interoperability and the privacy implications, among other things. Technology, privacy and policy are the "three legs" to e-authentication, Timchak said. "We have to move forward in concert" on the issues.

Although some groups have expressed concern that government could have too much information about private citizens it works with, David Temoshok stressed that the e-authentication gateway is not designed to issue identification credentials, collect personal information or maintain a repository of information. Temoshok, the public-key infrastructure policy manager for GSA, said the gateway will establish risk and assurance levels for multiple credentials.

Temoshok noted, however, that there is much more to putting government services online. He said the real issue is not whether the technology exists to execute the e-government initiatives but whether the government can gain the public's trust to efficiently and effectively conduct transactions while protecting privacy and allowing a free flow of information.

"This is a cultural change," he said. "This isn't low-hanging fruit here."

]]>

New department may help craft cybersecurity stragegy

Liza Porteus — Fri, 07 Jun 2002 00:00:00 -0400

The Cabinet-level Homeland Security Department Bush proposed Thursday would have the responsibility of, among other things, protecting critical infrastructures and computer systems, and providing a central clearinghouse for intelligence analysis. Many sections of current departments and agencies that address cybersecurity, such as the Commerce Department's Critical Infrastructure Assurance Office (CIAO) and the FBI's National Infrastructure Protection Center, likely will be included in the reorganization.

Bush said Friday that he will direct White House Homeland Security Director Tom Ridge to testify before Congress about the need for the new department.

Mike Lombard, senior coordinator for infrastructure security analysis at CIAO, said during a conference Friday that coordinating the nation's data systems and centers will be a huge challenge. He said there is a proposal to create an Information Integration Program Office within CIAO that would be in charge of determining where information technology can be most useful in government.

"It's still in the think tank," Lombard said. "It's not ready for prime-time yet."

Douglas Beason, deputy associate director for defense threat reduction at the Los Alamos National Laboratory in New Mexico, said about 50,000 white papers from businesses and organizations that envision ways to boost security are "floating around Washington."

With all these piecemeal efforts, "there must be a national strategy for cyber security," said Eli Primrose-Smith, vice president for global security solutions at IBM. She said Bush's proposal "hopefully" would facilitate the effort.

A cybersecurity strategy is becoming increasingly important as more technologies become interoperable and interdependent, and the nation's computer vulnerabilities increase, said Casey Dunlevy of the CERT Coordination Center at Carnegie Mellon University.

"We're not talking about a cyber Pearl Harbor" but something more "insidious and harmful," Dunlevy said, such as terrorists integrating a cyber component into traditional warfare. And "it's not a question of if, but when. ... It's only a matter of time until they [terrorists] recognize that as a weapon."

Dunlevy said academia can play a "vital role" as a cybersecurity information clearinghouse and a "middleman" between private industry and government, particularly because industry often hesitates to share information on computer weaknesses. "The problem is too big for any one organization or sector to solve," Dunlevy said.

"This is all about economic security and risk management," said Electronic Industries Alliance President David McCurdy. "If you have a plug ... you're vulnerable. ... This is where we're only as strong as our weakest link."

]]>

State CIOs seek federal help to implement health care rules

Liza Porteus — Tue, 28 May 2002 00:00:00 -0400

Members of the National Association of State Chief Information Officers (NASCIO) convened in Washington last week for the group's annual "fly-in." State CIOs met with various officials to discuss topics like implementation of the 1996 Health Insurance Portability and Accountability Act (HIPAA), which promulgated medical privacy rules.

Those privacy rules took effect April 14, 2001, and the states, health care clearinghouses and other organizations that conduct financial and administrative transactions electronically must comply by April 14, 2003. Small health plans have until April 14, 2004, to comply.

But states see HIPAA as another unfunded federal mandate that requires them to bear the costs of upgrading old technology or replacing systems altogether to satisfy not only the privacy rules but also the security rules included in the law.

The security regulations, which will be issued by the Centers for Medicare and Medicaid Services (CMS), would impose safeguards for implementing the privacy regulations. A spokesman for the Health and Human Services Department said the security regulations are "in circulation." "We're telling people that this final rule is not going to put any big burden on people," he said.

NASCIO issued a white paper questioning the separate rule-making processes for privacy and security, saying that the approach will prevent states from formulating comprehensive remediation plans.

"It is impossible to do privacy without security first," Kentucky CIO Aldona Valicenti told reporters last week during a briefing following the fly-in.

NASCIO and the National Governors' Association (NGA) want HHS to provide more guidance on HIPAA's requirements, as well as improved federal-state cooperation and increased federal cost-sharing. NASCIO and NGA are requesting a national meeting of about 30 federal and state stakeholders to discuss implementation challenges.

Iowa CIO Richard Varn said states are being asked to estimate HIPAA costs, but that is virtually impossible given that that law covers health care companies, schools, correctional facilities and other institutions. Varn is asking his congressional delegation to urge legislators and HHS to clarify "covered entities" under HIPAA, along with other details of the law, so states have a better idea of what to encompass in the implementation process.

Many state officials have likened HIPAA compliance to preparations taken for the Y2K computer bug--huge and costly.

New Mexico CIO Bob Stafford stressed that states cannot comply without federal dollars. Stafford's state established a multi-agency group to examine the medical privacy rules and request funding from the state legislature to implement the necessary technology.

"We are very concerned at the state level that there are penalties for non-compliance," Valicenti said. "It's not a pretty picture."

On Tuesday, CMS announced the adoption of a unique identifier for employers in the filing and processing of health care claims and other transactions. The standard identifier, mandated by HIPAA, seeks to eliminate paperwork, save money and simplify various administrative duties.

]]>

State CIOs aid White House in homeland security plan

Liza Porteus — Fri, 24 May 2002 00:00:00 -0400

Homeland Security CIO Steve Cooper this week asked the National Association of State Chief Information Officers (NASCIO) to designate some members to help his office decide the technology aspects of the strategy, which is expected to be released in July. NASCIO likely will name those CIOs next week.

Cooper "wants to make sure that whatever blueprint Homeland Security puts out we're in line with," NASCIO President and Connecticut CIO Rock Regan told reporters Thursday. Regan said there is an "extraordinary relationship" between NASCIO, the White House and Congress on tech issues, particularly those addressing homeland security.

NASCIO members were in Washington this week to increase the visibility of the group. They met with lawmakers, Bush administration officials, staffers to lawmakers from their states and industry representatives on issues such as homeland security, identity security, commingling of information technology funds, the 1996 Health Insurance Portability and Accountability Act (HIPAA)--which promulgated health privacy rules--e-government, bioterrorism and cybersecurity.

NASCIO members met with a host of officials, including White House Office of Management and Budget e-government chief Mark Forman, Critical Infrastructure Assurance Office Director John Tritak, Treasury CIO Jim Flyzik, and officials from the FBI, CIA, Justice Department and Federal Emergency Management Agency.

"I think we were received very well," Regan and other CIOs said, adding that they are working to become a key federal resource on state IT perspectives.

"We're involved in everything from ID cards for physical security to making sure we have cyber security in place," said Kentucky CIO Aldona Valicenti. "There's an opportunity for us to give a much deeper understanding of what the issues are."

Georgia CIO Larry Singer said lawmakers were "surprised" at how many IT issues are involved in policies surrounding the implementation of various initiatives. "It literally just doesn't come into their minds," he said.

Iowa CIO Richard Varn stressed that discussions between NASCIO and congressional staffers about identity security were not the same as the heated debated about a national ID card but more about the IT systems governments need to secure "living documents," such as driver's licenses and birth certificates.

"We tried to make the distinction between identity security and everything else they're talking about," Varn said.

Singer noted that when it comes to privacy issues--many of which surround talks of post-Sept. 11 anti-terrorism initiatives--lawmakers "are concerned about moving too fast."

The CIOs also stressed during their meetings the need for more funds for implementing federal mandates such as HIPAA and for homeland security initiatives, such as cybersecurity. They said that states, for the most part, have absorbed the costs more cyber security.

These initiatives are a "double whammy" for most states as they continue to face budget shortages, Valicenti said.

]]>

Cybersecurity legislation gets mixed reviews

Liza Porteus — Thu, 02 May 2002 00:00:00 -0400

Two House Government Reform subcommittees--Government Efficiency, Financial Management and Intergovernmental Relations, and Technology and Procurement Policy--held a joint hearing on the bill, H.R. 3844, which would permanently reauthorize the Government Information Security Reform Act (GISRA) and implement additional computer-security measures for federal agencies.

Mark Forman, e-government chief for the Office of Management and Budget, said the administration is still developing its position on the legislation. He said the continued strong role of the National Institute of Standards and Technology in information security is "critical." NIST will help agencies conduct security reviews for submission to OMB.

Robert Dacey, director of information security at the General Accounting Office, agreed that continuation of GISRA is "essential" but said the administration should do more to obtain technical expertise to protect computer systems and to make sure sufficient resources are available.

But certain changes should be made to the legislation, some panelists said.

The bill, for instance, calls for an information-emergency response center. But Daniel Wolf, information assurance director for the National Security Agency, said yet another incident-response center like those housed at NSA, the Defense Department and the FBI's National Infrastructure Protection Center would add "unnecessary redundancy."

The Commerce Department, meanwhile, does not want the measure to transfer authority on security standards from NIST to OMB. Ron Miller, chief information officer of the Federal Emergency Management Agency, suggested that the bill should include a stronger link between security requirements for information technology and the capital planning process, and that there should be more focus on retaining IT professionals and individual accountability for security.

"It would be very useful if the federal government provided IT security training in perhaps the same way that it offers standardized training in technology subjects, management skills, leadership development and other professional disciplines," Miller said.

Miller also said effective cybersecurity will require a coordinated effort with the White House Office of Homeland Security to link the federal government with other governmental and industry representatives.

Jim Dempsey, deputy director for the Center for Democracy and Technology, also said the measure should not eliminate the Computer System Security and Privacy Advisory Board, which has served as an advisory group for the federal government on privacy issues.

"At the current time, when there are so many important privacy issues facing the government and the private sector, it is inadvisable to reduce the federal government's ability to address privacy issues," Dempsey said.

Dempsey said the legislation also would not address enough privacy concerns and should include provisions to bring privacy and other aspects of information policy into the development of security standards. He said government should look to privacy practices currently employed by the private sector as a model.

A Davis spokesman said the goal is to get the bill marked up in the full House Government Reform Committee within two weeks.

GAO and the subcommittees released a report (GAO-02-407) detailing what other actions are necessary to fully implement GISRA and other information security reforms.

]]>

Rep. Davis proposes quicker review of security technology

Liza Porteus — Tue, 30 Apr 2002 00:00:00 -0400

Davis, who chairs the House Government Reform Technology and Procurement Policy Subcommittee, said he will introduce a bill Wednesday to establish a program at the Office of Federal Procurement Policy (OFPP) to help the government leverage security innovations.

Private-sector leaders such as Siebel Systems CEO Thomas Siebel and government leaders have said there is not enough staff or an established process for reviewing the ideas flooding into the White House Office of Homeland Security and security agencies. Many tech firms have told Davis they are having trouble getting audiences to showcase their products, Davis said Tuesday during a press conference on the 2002 Networked Economy Summit.

"The reality is clear: Because of a lack of staffing expertise, many of these proposals have been sitting unevaluated, perhaps denying the government the breakthrough technology it needs to better protect Americans and our nation," Davis said.

The legislation would create an interagency team of experts to seek innovative anti-terrorism solutions, evaluate proposals and send them to the proper agencies for action. Such a team would consist of the OFPP administrator and representatives from the Office of Management and Budget, and the Defense, Energy, Commerce, Transportation and Treasury departments. A technical assistance team would assess the merits and feasibility of the proposals.

The bill also would launch a program to provide monetary awards for industry excellence in terror-fighting solutions. The awards would be capped at $20,000 for individual awards and $500,000 for total awards, with at least one-quarter of the money going to small businesses.

The bill also would establish a pilot program to encourage acquisition professionals in agencies to creatively use existing means to acquire commercial, off-the-shelf technology solutions.

Davis spokesman David Marin said OFPP and the Office of Homeland Security "like the concept" of the bill. The measure would go to Davis' subcommittee for consideration.

On another front, Davis said a cyber-security measure he co-sponsored with Rep. James Moran, D-Va., could move through the House soon. The bill, H.R. 2435, would exempt businesses from certain provisions of the Freedom of Information Act, antitrust prosecution and lawsuits when they voluntary disclose to the government the vulnerabilities in their technology networks.

The legislation has a Senate companion bill, S. 1456. Davis said he is sure his bill could win House approval but added, "I never know what will happen in the Senate."

Marin later told reporters that the antitrust provisions could be removed to bypass the House Judiciary Committee, which has been focused on reform of the Immigration and Naturalization Service. If the bill bypasses Judiciary, the antitrust provisions could be revived in conference.

Separately, Davis and Moran plan to introduce legislation this week to combat the proliferation of fake state-issued drivers' licenses by calling for universal standards and biometric technologies.

]]>

Tech firms ally to push homeland security solutions

Liza Porteus — Mon, 29 Apr 2002 00:00:00 -0400

EDS, Oracle, PwC Consulting and Sun Microsystems recently formed an alliance to help the Transportation Security Administration and other federal agencies identify technologies for boosting transportation security. Last month, the group began offering a package that combines background on individuals with biometrics technology to enable a frequent-traveler program. The package also included a "secure employee" registration and authentication program designed to identify and assess security risks via existing employee information.

But "we can't even begin to define the limits of what has to be done here," EDS CEO Dick Brown said during a Council for Excellence in Government luncheon in Washington. "We're as vulnerable today to an electronic Pearl Harbor as we were on Sept. 11."

Brown suggested that White House Homeland Security Director Tom Ridge "take a good, hard look" at the nation's "most obvious" vulnerabilities and determine the most detrimental impact that could occur by exploiting those vulnerabilities. Although the tech community has been looking to aid government in installing new technologies to help detect potential terrorists, systems are still faulty, panelists said.

"This is a combination of process and technology," said Scott Hartz, global managing partner for PwC, adding that no one company or agency can succeed on its own.

Oracle executive Steve Perkins said the technological solutions for many of the nation's security challenges exist, but the TSA and other agencies need to be educated on how those solutions can be most effective. Despite some privacy groups' concerns with ideas such as a centralized database, or biometric ID cards, "we're going to have to push that line back and forth" between security and privacy, Perkins said.

"It's really a problem of political will and a will of citizens. What do we want to trade to be secure?" Perkins asked. "The question is, to secure the nation, where do we draw that line?"

Sun Microsystems CEO Scott McNealy echoed those sentiments, saying that as more technology is used in homeland security, a "huge set of tradeoffs" is created. People want to be more secure, yet as more ideas are floated on how technology can affirm identities and track people's whereabouts, many say their privacy needs more protection and should not be sacrificed in the name of security.

But "you're not losing privacy that you haven't lost anyhow" by using new technologies, McNealy said. "Anonymity breeds irresponsibility," he said, adding that anonymity is a "very dangerous weapon."

McNealy cited Sun's work with the Liberty Alliance, the consortium of technology companies spearheaded by Sun that was created to develop e-commerce standards. He said the group's work on data-sharing standards is an example of how organizations and governments can do more to use technology for homeland security.

]]>

Homeland security depends on new technologies, Ridge says

Liza Porteus — Wed, 24 Apr 2002 00:00:00 -0400

Homeland security efforts will depend on technologies such as biometrics, next-generation detection devices designed to find traces of chemical or biological agents, dashboard electronics to ensure efficient border crossing for trucks and other vehicles, simulation software, and advanced encryption-standard codes, Ridge said during a dinner speech at the Electronic Industries Alliance's annual conference.

Such advances are "more proof that the market doesn't need the government's permission to meet the needs of America," Ridge said. "This entrepreneurial spirit is a potent weapon against terrorism. ... Our homeland security effort must tap into this energy."

The administration is increasing partnerships with the private sector in its anti-terrorism efforts, Ridge said. President Bush's Critical Infrastructure Protection Board is creating "model government-industry partnerships" to harness the intellect of all sectors, he said.

The administration also is working with the National Cybersecurity Alliance to empower businesses and private citizens to fortify themselves against cyber attacks. The alliance is an online education campaign launched in February and includes high-tech associations and companies such as AOL Time Warner, Apple Computer, AT&T, Microsoft, Symantec and WorldCom. Government agencies participating in the alliance include the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Defense Department and the General Services Administration.

Ridge also said federal laws such as the anti-terrorism bill enacted last fall are helping to integrate technology into the legal process to bring it into the 21st century.

He said technology underlies all four of the administration's homeland security efforts-- border security, information sharing and information technology, bioterrorism, and the "first responders" to emergencies. Interoperable communication systems, national surveillance networks on diseases and entry-exit visa systems all depend on innovation from the private sector, he said. The administration has allotted $15 billion for information technology in its proposed fiscal 2003 budget, with $4 billion of that going for IT security.

"We worry about physical security, but we'd better worry about cyber security" as well, Ridge said.

The administration's e-government agenda also will help provide a base for homeland security efforts, Ridge said. The White House Office of Management and Budget is spearheading 24 e-government initiatives, including e-authentication, a one-stop disaster-relief portal and information-sharing technologies. Ridge said the national strategy his office is preparing is due out this summer.

"Yes, it is a new world, but it is a world in which technology is suited to play a very critical role," Ridge said.

]]>

E-gov chief says managers stand in way of tech advances

Liza Porteus — Tue, 23 Apr 2002 00:00:00 -0400

Mark Forman, associate director for information technology and e-government at the Office of Management and Budget, told attendees of an E-Gov conference that the administration has little tolerance for agency managers who are unwilling to try new ways to implement the e-government and other management initiatives outlined by the President's Management Council.

On Capitol Hill, "patience is running relatively low for that," Forman said, referring to lackluster efforts by some federal managers.

OMB is spearheading a series of e-government initiatives that are tied into the administration's homeland security efforts, and they are designed to aid in information-sharing efforts, among other things. Increased e-government services and better dissemination of information will help in other areas such as airport security, background checks and visa-approval processes, Forman said.

Forman said the scorecard system being used to track agency progress in implementing Bush's management agenda will give agencies incentives to succeed. Progress is measured by a three-tiered grading system: "green" for passing, "yellow" for mixed results and "red" for failing.

Knowledge management, or the ability to process and utilize data in a meaningful and useful form, is becoming a catch phrase as business and governments seek workers who are comfortable using technology to perform business functions and to make sense of a myriad of information.

"Ultimately, the government worker of the future has to be a knowledge worker," Forman said.

Forman said federal managers' lack of education on the benefits of technology and knowledge management is a key hurdle to overcome to make government more efficient.

A bill sponsored by Senate Governmental Affairs Committee Chairman Joseph Lieberman, D-Conn., and ranking Republican Fred Thompson of Tennessee, aims to highlight how knowledge management can aid in e-government initiatives, Forman said.

The measure, S. 803, passed by the committee last month, would establish a federal chief information officer within OMB to help streamline e-government implementation within agencies. It also would establish a broad framework for the use of Internet-based information technology to enhance citizen access to government information and services.

A spokeswoman for Lieberman said his office is negotiating with Senate Majority Leader Thomas Daschle, D-S.D., on when the bill would be brought to the Senate floor.

Forman said knowledge management is the underlying theme for OMB's fiscal 2002 information technology agenda. Key elements of that agenda include homeland security initiatives--such as information sharing--and cyber security. Forman said that with the 22,000 Web-based access points to the federal government and the 33 million Web pages controlled by the government, "there are dozens, if not thousands, of vulnerabilities."

]]>

Justice program looks for ways to share crime data with states

Liza Porteus — Fri, 19 Apr 2002 00:00:00 -0400

SEARCH is a program under the Justice Department's National Criminal History Improvement Program (NCHIP). Members of SEARCH are primarily state-level justice officials responsible for operational decisions and policymaking on the management of criminal-justice information.

Since the Sept. 11 terrorist attacks, the Bush administration has called for increased information sharing among governments, more background checks on certain employees, and more thorough checking of visa applications, among other things. And federal measures such as those in the airport security and anti-terrorism laws enacted last fall all affect privately managed databases.

The mandates could have a great impact on how states oversee their criminal-information systems, SEARCH Executive Director Gary Cooper said. "There's great pressure because of those bills to implement programs as quickly and inexpensively as possible, and to be able to complete the checks as quickly as possible," he said.

Cooper said the temptation is to only check federal databases held by agencies such as the FBI. "The fact is, there are many more criminal-history records at the state level collectively than presides at the FBI, and they're more complete records," Cooper said.

SEARCH has advocated that agencies conduct checks based on fingerprints and scan state records.

Cooper said one of the most exciting SEARCH projects is creating a methodology on common information exchanged among justice agencies because every state has its own laws and practices. With increasing calls for more information sharing among governments, the effort may prove vital, he said. The software tool is being tested in states such as New Mexico, Colorado, Wisconsin and Minnesota.

"What you're ultimately promoting is the ability to share this information nationally," Cooper said.

Missouri Chief Information Officer (CIO) Gerry Wethington serves as the SEARCH board chairman. He said state CIOs and law enforcement officials increasingly are joining to create a cross-pollination of ideas for using technology in the criminal justice system. He said SEARCH also has worked with the National Association of State Chief Information Officers to develop software to facilitate information sharing and interoperability.

Wethington stressed that players must be familiar with representatives from the National Law Enforcement Telecommunication System, which is a message-switching network linking local, state and federal agencies to allow information exchanges on criminal justice and public safety.

"It's important all the major players are aware of each other and what directions are being taken," Wethington said. "I think there is a much more cohesive group [working on these issues], and that was certainly accelerated by Sept. 11."

]]>

Dems continue to rap Ridge for failure to testify on Hill

Lisa Caruso and Liza Porteus — Fri, 12 Apr 2002 00:00:00 -0400

Ridge did meet privately Wednesday with select House appropriators and has another session scheduled for next week.

But Senate Majority Leader Tom Daschle, D-S.D., said a private meeting is not good enough.

And a senior Republican, Sen. Charles Grassley of Iowa, said in an interview with CongressDaily that while Bush is "absolutely right" from a constitutional standpoint, "the president would be better off if he just sent [Ridge] up and let him testify."

After Wednesday's meeting, House Appropriations ranking member David Obey, D-Wis., said: "With perhaps one exception, nothing we discussed today couldn't be discussed in a public session. We appreciate Mr. Ridge speaking with us informally, but it is far from adequate in terms of addressing his budget needs or our responsibilities in reviewing those needs. As far as I'm concerned, some lawyer in the White House is inventing a problem that should not exist."

]]>

Lawmakers push for national homeland security agency

Liza Porteus — Thu, 11 Apr 2002 00:00:00 -0400

After President Bush in October appointed Tom Ridge to head the new White House Office of Homeland Security, numerous lawmakers criticized Ridge's lack of budgetary authority and introduced bills to strengthen his position. Now, Democrats and Republicans are uniting in an effort to ensure that Ridge's office is adequately equipped to protect the homeland.

Committee Chairman Joseph Lieberman, D-Conn., and Sen. Arlen Specter, R-Pa., introduced a bill, S. 1534, that would create a National Homeland Security Agency. The agency would plan and coordinate federal activities related to border patrol, emergency management, critical infrastructure protection and computer-related defense activities. On Thursday, the committee heard debate on the bill from lawmakers who introduced similar bills and from other experts.

"I think we have no time to spare," Specter testified, asking Lieberman and ranking Republican Fred Thompson of Tennessee to vote on the bill as soon as possible to get it to the Senate floor.

Reps. Mac Thornberry, R-Texas, Ellen Tauscher, D-Calif., and Jane Harman, D-Calif., and Sen. Bob Graham, D-Fla., testified in support of empowering Ridge. Sen. Judd Gregg, R-N.H., asked that his bill, S. 2020, which would establish a Department of National Border Security, be considered in tandem with S. 1534.

Thornberry, who introduced a measure to establish a National Homeland Security Agency, said he soon would introduce a new version of that bill, H.R. 1158.

The measure would consolidate key homeland security agencies into one department. The consolidated agencies would be : the Border Patrol, the Customs Service, the Federal Emergency Management Agency, the Commerce Department's Critical Infrastructure Assurance Office and Institute of Information Infrastructure Protection, and the FBI's National Infrastructure Protection Center and National Domestic Preparedness Office. The department also would include a research and development organization.

In addition, Thornberry's bill would create a White House National Office for Combating Terrorism and mandate that the Senate confirm the head of that office. S. 1534 would consolidate agencies much like H.R. 1158 would.

Harman and Tauscher co-sponsored H.R. 1158. Tauscher said another portion of the bill, that would make a "real difference," would create an Office of Science and Technology within the new agency. "This office will better channel the wealth of expertise at our nation's defense laboratories to detect and counter the terrorist threat," she said.

Industry experts from organizations such as the Center for Strategic and International Studies, the Border Trade Alliance and the Brookings Institution echoed support for strengthening Ridge's office via legislation.

S. 1534 will incorporate aspects of similar bills and will be reintroduced "shortly," the lawmakers said. Harman said once that bill is ready, she and other House lawmakers will introduce a sister bill in that chamber.

After the hearing, Office of Management and Budget Director Mitch Daniels told reporters the White House is open to the idea of a new homeland security agency. Previously, the White House had asked Congress to hold off on legislation in order to give the Office of Homeland Security time to develop a strategy for protecting the nation. Ridge is expected to announce his strategy in June.

Separately on Thursday, the White House issued a statement detailing all initiatives and accomplishments undertaken by the federal government since the Sept. 11 terrorist attacks.

]]>

Federal managers blamed for blunting growth of teleworking

Liza Porteus — Tue, 09 Apr 2002 00:00:00 -0400

The Maryland Democrat and Rep. Frank Wolf, R-Va., have championed teleworking as a way to make federal government more efficient, reduce Washington's regional traffic and improve residents' and federal workers' quality of life.

Hoyer told a Mid-Atlantic Telecommuting Advisory Council and Metropolitan Washington Council of Governments symposium that Washington ranks as the second worst region in the nation behind Los Angeles for traffic congestion, and he said the average commute for area workers in the nation's capital is 30 minutes each way.

Since 1993, the federal government has appropriated $20 million for regional telecenters--six in Maryland, eight in Virginia, and one in West Virginia. The District of Columbia also houses a telecenter. Hoyer and others, such as Darryl Dobberfuhl, executive director for the Washington Metropolitan Telework Centers, said managerial skepticism prohibits the centers from being "standing-room only."

As of October 2001, the Office of Personnel and Management said about 4.2 percent of the federal workforce telecommutes, according to Hoyer. Less than 1 percent of employees of the Veterans' Affairs and State departments telecommute, while the rate is less than 2 percent at the Defense, Justice and Agriculture departments.

"That's not good enough," Hoyer said.

Hoyer said lawmakers for the Washington region are adamant about furthering telecommuting initiatives. He said Maryland Gov. Parris Glendening is "very enthusiastic" about such efforts, and he expects Virginia Gov. Mark Warner, whose state is home to many technology firms, to support the efforts, too.

Hoyer said he will attempt to include money for telework training and the related education of federal managers in the fiscal 2003 spending bill that funds the Treasury Department and Postal Service, adding that the federal government should serve as a "model employer" and a "laboratory" for best labor practices.

The Sept. 11 terrorist attacks on the World Trade Center and the Pentagon forced many firms and government offices to develop plans for alternative workstations and operations in case of emergency, industry panelists at the symposium said.

The attack on the Pentagon displaced 4,500 Defense workers and eliminated about two-fifths of the Pentagon's floor space, said Ralph Newton, from the Defense Department's Washington Headquarters Services. The Navy also lost vital command centers, and many communications systems were destroyed.

Agencies and businesses need to map emergency plans to have computers and telephones connected in alternate workspaces, Newton stressed. And companies must ensure that their remote-access networks are secure and that their systems can positively identify individuals attempting to access the systems.

"Security can't be underestimated in terms of importance and the sense of security your workforce has," Newton said.

But Brookings Institution senior fellow Philip Dearborn--who released a study in January on telecommuting effects on Washington's tax base--noted that sales- and excise-tax revenues, as well as lottery-ticket sales, are directly reduced by suburban telecommuters not making purchases in the District. Several other tax and revenue sources may be affected as well, he said.

]]>

FBI's new Cyber Division quietly ramps up

Liza Porteus — Mon, 08 Apr 2002 00:00:00 -0400

The first formal announcement of the division indirectly was made Tuesday, when FBI Director Robert Mueller announced the appointment of Larry Mefford as assistant director of the division. Mefford is associate special agent in charge of the San Francisco FBI field office.

The goal of the Cyber Division is to coordinate the various online disciplines within the FBI and to investigate federal violations where there are exploitations of computer systems, the Internet or networks. The move is part of the FBI's recent overhaul efforts.

An FBI spokeswoman described the new division as "a work in progress," and many members of the high-technology industry said they were unaware that the division was solidifying.

A Justice Department spokeswoman said that DOJ's Computer Crimes and Intellectual Property section has talked with Mefford in the past, but that it is unclear on how the divisions will interact. "They anticipate sitting down and working together," she said.

Some tech sources said they had been in discussions with Justice and FBI officials on the idea of an FBI cyber division, particularly after Sept. 11, although were not aware the new division was actually forming.

Mueller and Attorney General John Ashcroft "have been pretty pro-active ... in getting out there and reaching out to the community at a higher level," said Shannon Kellogg, vice president of information security practices at the Information Technology Association of America. Kellogg said it was thought that the FBI's National Infrastructure Protection Center (NIPC) would evolve, or merge with another FBI division.

"I think what this is trying to do is pull together a number of initiatives and supervise these initiatives," Kellogg said.

An NIPC source said NIPC is waiting for more details on its role after the FBI restructuring. The source said a formal announcement is likely to be made within 30 days. Another industry source said the real story is how NIPC, the Cyber Division and Richard Clarke, President Bush's cyber-security adviser, will inter-relate.

But there could be problems if NIPC is rolled into the Cyber Division. The NIPC source said industry already is hesitant to share information about vulnerabilities with government, and splitting NIPC may be a further deterrent in that area.

An FBI study released Sunday that was conducted by the Computer Security Institute and the FBI's San Francisco computer-crime squad found that most large corporations and government agencies have been attacked by computer hackers, and they often do not tell authorities of the breaches for fear of bad publicity.

Sen. Charles Grassley, R-Iowa, last month wrote to Mueller discouraging the dismantling of NIPC, a move Mueller had discussed with Grassley during a February meeting. At that time, Mueller was considering placing part of NIPC in the FBI's criminal division and another in its counterterrorism/counterintelligence division.

Mueller mentioned a forthcoming "Cyber-Crime Division" while testifying before the House Appropriations Subcommittee for Commerce, Justice and State in early March. But he also said the FBI needs more funds for the NIPC.

"This change will bring together various cyber initiatives and programs under one umbrella ... to protect our nation's growing digital marketplace and electronic infrastructure," Mueller said.

]]>

GSA showcases disability-friendly technologies

Liza Porteus — Wed, 03 Apr 2002 00:00:00 -0500

The Center for Information Technology Accommodation (CITA) in GSA's Office of Governmentwide Policy operates the showcase, which displays technological wares federal agencies and the private sector can use to comply with Section 508 of the 1973 Rehabilitation Act. Section 508 mandated that all government agencies--and companies that conduct business with the government--make their technology disability-friendly. The center is charged with educating federal employees on Section 508 and building the infrastructure needed to comply with the law.

GSA Administrator Stephen Perry said CITA will facilitate forums for technology vendors, people with disabilities, advocacy groups, researchers and those responsible for Section 508 compliance within their business or agency to exchange information and ideas. "It's an effort to quicken the pace of change," Perry said.

The showcase highlights the Bush administration's emphasis on ensuring that the disabled community has access to technology, said Jennifer Sheehy, senior policy adviser to the Presidential Task Force on the Employment of Adults with Disabilities.

"It's an incredible message to send throughout the federal government that this is important, that people with disabilities can make contributions" to society, Sheehy said.

Sheehy said Section 508 is the cornerstone of President Bush's New Freedom Initiative, which was launched in February 2001. The initiative addresses gaps in access to technology, society and the workforce for the disabled. Bush requested $68 million in his fiscal 2002 budget for research and development activities relating to assistive technologies; Congress appropriated $65 million to be administered to states by the Education Department.

Section 508 and the New Freedom Initiative will make the federal government a model employer to show governments and the private sector that the disabled play an important role in the country's competitiveness, Sheehy said.

The showcase provides information and self-guided online demonstrations of software and hardware designed to help eliminate technological barriers for the disabled. Product demonstrations include: screen access for the blind; ergonomic and adjustable keyboards, alternative pointing devices; note takers; and word-prediction software.

]]>

Legislation driving Bush administration e-gov efforts

Liza Porteus — Tue, 02 Apr 2002 00:00:00 -0500

The 1998 Government Paperwork Elimination Act (GPEA) mandates that agencies must give citizens the option to submit information and conduct transactions electronically and gives legal weight to the use of electronic signatures. Agencies have until Oct. 21, 2003 to comply. The 2000 Government Information Security Reform Act (GISRA) mandated that all agencies conduct regular reviews of their security and information practices.

These two measures "have helped us quite a bit ... It's defined security in our daily lives," Mayi Canales, deputy chief information officer for the Treasury Department, said during a Council for Excellence in Government conference on e-government.

Federal lawmakers, agencies and industry groups have stressed the need to encourage information sharing among governments and industry and to work collaboratively to protect the nation's critical assets in the wake of the Sept. 11 terrorist attacks.

Kevin Landy, counsel for the Senate Governmental Affairs Committee, said such laws can pave the way for other federal e-government initiatives such as electronic signatures and information-security practices. He said the committee believes GISRA has been effective, although many agencies need to do more to protect their information systems. The committee also is probing how agencies are complying with GPEA.

"I think right now, the jury's still out on that," Landy said.

Landy said more congressional oversight of e-government initiatives may be needed, particularly when it comes to protecting information.

"There is no issue with anywhere near the priority level" in Congress than information security, Landy said. Congress "wants to support the administration's efforts as much as they can and work with them" on these issues.

Meanwhile, agency officials said they are hard at work implementing their respective parts of the administration's 24 e-government initiatives outlined in the President's Management Agenda.

The Small Business Administration (SBA) is responsible for the "business compliance one-stop" portal, which is designed to help businesses find, understand and comply with federal regulations. SBA has been working with state groups such as the National Governors Association and National Association of State Chief Information Officers.

The Federal Emergency Management Agency (FEMA) is responsible for the disaster management e-government initiative, which will include a one-stop Web portal for disaster management services at all government levels.

Norman Lorentz, the federal government's chief technology officer, said, "To think we're going to be able to do e-government without a little pain" is not an accurate portrayal of the road ahead. "The problems that we have are profoundly not technological," but involve accountability and management issues, he said.

Lorentz said he has met numerous times with federal lawmakers who have asked him what he needs to execute the administration's technology initiatives. Extra legislation is not needed, he has told them, as long as Congress appropriates money and responsibilities cross-functionally to agencies to encourage cooperation.

"We don't need to reinvent these things," Lorentz said.

]]>

Ridge urges state, local governments to unite on security

Liza Porteus — Mon, 25 Mar 2002 00:00:00 -0500

These entities cannot "operate in a vacuum," Homeland Security Director Tom Ridge told the National Association of Regional Councils (NARC).

Ridge urged council representatives to take advantage of the 45-day comment period in effect on the newly unveiled national alert system that consists of tiered levels of alerts based on the risk level of an attack.

Private-sector participation is going to be necessary to fulfill President Bush's homeland security initiatives, which include involving preparedness plans in the areas of emergency response, information sharing and information technology, border and airport security, and bioterrorism.

Shaun Donnelly, deputy assistant secretary of State with the agency's Bureau of Economic and Business Affairs, cited the "smart borders" agreement reached last week between the United States and Mexico as a way federal officials hope to use technology to reach these homeland security goals.

"We've got to use the technology out there" to improve border security while allowing normal commerce flows, Donnelly said. "It's about making sensible decisions to balance all our interests."

There are government-wide efforts being conducted to identify the nation's critical infrastructures that will need to be protected, said Lewis Podolske, director of economic consequence management in the Office of Homeland Security. He said the private sector's help increasingly will be needed as the government looks to gather, analyze and disseminate more information on potential threats and how to combat them.

One of the most important actions regions can take is to partner with telecom companies to boost their rural telecommunications infrastructure, said Jesse White, federal co-chairman of the Appalachian Regional Commission.

But in aiding governments to strengthen their infrastructures, the private sector also has to ensure its vulnerabilities are fortified, said George Vradenburg, strategic adviser to AOL Time Warner.

"Damage to one link [of a business sector] can ripple through to multiple sectors," Vradenburg said. "Our economy is vulnerable...Our enemy's strength feeds off our own assets."

As globalization and the U.S. economy's dependence on all sectors increases, so do the chances for greater fallout should one sector be hit by a terrorist attack, Vradenburg said. "We invented this networked world ... Let's put it to use in defending ourselves and strengthening our communities."

Vradenburg cited several reasons why private industry should boost its involvement in homeland security efforts: many critical infrastructures are owned by industry, not government; bioterrorism and disease surveillance and patient-locator systems will need to be deployed; new technological capabilities need to be demonstrated to the government by trained professionals; nonprofits must be involved in disaster planning; and economic recoverability issues need to be part of overall defense planning.

"At the end of the day, we have too much at stake not to draw upon all our resources," Vradenburg said.

]]>

Bill to establish e-gov chief moves to Senate floor

Liza Porteus — Thu, 21 Mar 2002 00:00:00 -0500

Committee Chairman Joseph Lieberman, D-Conn., last May introduced S. 803, which aimed to enhance the management and promotion of e-government services and processes by establishing a federal chief information officer within OMB. It also would have established a broad framework for the use of Internet-based information technology to enhance citizen access to government information and services.

The bill passed by the committee Thursday is a revised version of S. 803 that does not specifically call for a federal CIO.

Lieberman and committee ranking Republican Fred Thompson of Tennessee on Thursday offered an amendment in the form of a substitute to S. 803, which was accepted by the committee. That amendment calls for spending $345 million over four years and naming a Senate-confirmed administrator to head an e-government office at OMB, which would also be responsible for information security practices.

The bill also would earmark $15 million in the fiscal 2003 budget proposal for a federal Internet portal and encourages technology use in federal courts, regulatory agencies, attention to privacy provisions, integrated reporting study and pilot projects and enhancing crisis management through advanced information technology.

Other lawmakers such as Rep. Tom Davis, R-Va., also have echoed the call for a federal CIO. Davis has said he will wait to see how much effect the government's e-government chief, Mark Forman, and other officials such as President Bush's cyber-security adviser, Richard Clarke, have on e-government efforts.

Lieberman and Thompson worked closely with OMB on the amendment, Lieberman said during the hearings, adding, "We've got a good agreement now."

Sen. Max Cleland, D-Ga., offered but withdrew an amendment to ensure representatives from state, local and tribal governments are included on the Federal CIO Council. Currently, all members are representative of federal agencies and organizations such as the Commerce, Justice, Defense and State departments, CIA, General Services Administration, National Science Foundation, Critical Infrastructure Assurance Office, National Institute of Standards and Technology and the White House Office of Science and Technology Policy.

A spokeswoman for Cleland said via e-mail that the senator would "work with state and local governments directly to make citizens' access to government information on the Web seamless and to make government-to-government transactions more efficient."

West Virginia CIO Keith Comstock serves as the liaison between the council and the National Association of State Chief Information Officers (NASCIO). NASCIO has been working closely with Forman, associate director for information technology and e-government at OMB, and the Federal CIO Council to prioritize a list of new e-government initiatives and encourage state involvement.

"These officials operate services on a smaller scale ... Ideas that work there may work just as well on the national level," Cleland said. "I do believe state and local representatives do play a key role."

Sen. George Voinovich, R-Ohio, said Cleland's proposal was an "excellent idea" in order for governments of all levels to share best practices in e-government.

]]>

As e-gov plans progress, questions arise over national security

Liza Porteus — Wed, 20 Mar 2002 00:00:00 -0500

The Internet affords opportunities for government to create an "enlightened democratic electorate," and it could "change the world significantly," Rep. Paul Kanjorski, D-Penn., told attendees of an Adobe Systems e-government breakfast. Although the federal government has made progress on e-government initiatives during the past few years, since the Sept. 11 terrorist attacks, "I noticed we have a conflict...in the United States with security," Kanjorski said.

Because of national security concerns, questions have arisen over the public's access to certain federal government information online.

"I think we have to put that into the calculation of what we do now, unfortunately," Kanjorski said. "It does strike a question as to whether we can move as quickly as many of us had hoped" on various e-government initiatives.

Kanjorski said the government must find ways to bridge the so-called digital divide and recognize that e-government is more than simply publishing forms online.

But the administration is forging ahead with its 24 e-government initiatives that are part of the president's management agenda--which aims to use technology to increase government efficiency and decrease paperwork burdens.

"This is not a technology issue--this is connecting citizens to the government ... The technology is an extraordinary enabler," said the government's chief technology officer, Norman Lorentz.

Some have questioned whether e-government initiatives will receive adequate funding given the budget deficit and increased requests for money to fight the war on terrorism. But Lorentz stressed that the point of the initiatives is to streamline agencies' technologies and processes, thereby reducing costs.

To secure online information at the same time it seeks to disseminate more of it, the administration is looking into e-authentication techniques as one of the 24 initiatives. Lorentz said a lack of standardization is a major cause of security gaps.

"We're going to take a consistent approach to security and access," Lorentz said. "There's always going to be this dynamic tension between openness and the security of the country."

Lorentz said since January, he has tackled various homeland security technology initiatives, e-government initiatives and cybersecurity issues with the Office of Management and Budget and President Bush's cybersecurity adviser, Richard Clarke. He said that throughout all of these issues, "There will be significant partnerships" with the private sector.

Joiwind Ronen of the Council for Excellence in Government said it is incumbent on federal lawmakers to become more tech savvy, given the familiarity the younger generation now has with technology. Citizens increasingly will expect more in-depth government information to be online and for lawmakers to understand the power of technology.

Ronen also hailed efforts by lawmakers such as Sen. Joseph Lieberman, D-Conn., to introduce e-government legislation urging the government to fully fund initiatives to propel the government into the 21st century.

]]>

GSA pushing e-gov, security initiatives

Liza Porteus — Wed, 13 Mar 2002 00:00:00 -0500

In addition to the $10 million requested for anti-terrorism activities at GSA and $9.5 million for the maintenance and enhancement of the FirstGov.gov Web portal, GSA has requested $45 million specifically for the E-Gov Fund -- a presidential initiative overseen by the White House Office of Management and Budget and managed by GSA.

Bush's Management Council has tasked OMB to spearhead 24 e-government initiatives and is asking for $50 million overall for them. E-government is one of four parts of the president's management agenda, aimed at reducing government paperwork and increasing efficiency.

During a House Appropriations Subcommittee on Treasury, Postal Service and General Government hearing Wednesday on GSA's fiscal 2003 budget, subcommittee Chairman Ernest Istook, R-Okla., noted that the proposed e-government funding is an 800 percent increase from the previous year. He added that GSA continues to stress its commitment to becoming more citizen-oriented, but that many different GSA entities will participate in and support e-government initiatives.

"It's interesting that the new GSA focus on 'citizen services' involves consolidation while 'electronic government' is fully dispersed," Istook said.

GSA is playing a large part in aiding OMB's implementation of the president's e-government agenda. GSA is a managing partner for five of the 24 initiatives, including the e-authentication initiative, which aims to establish an identification verification system for people trying to obtain information and services from the federal government.

"The modest spending increases are requested in support of our strategic goals, particularly, asset management and the e-government component of the president's management agenda, and to ensure our assets and building occupants are safe and secure," said GSA Administrator Stephen Perry in prepared remarks.

Perry said GSA is establishing the Office of Citizen Services to spearhead GSA's part of the e-government effort and to provide access to federal, state and local government information for citizens and businesses though FirstGov.gov. It previously was the responsibility of the Office of Governmentwide Policy and the Federal Consumer Information Center.

Perry said the funding is necessary given the government's recent push to implement e-government.

Istook also expressed concern with the agency's computer security. GSA did not request an increase for computer-security funding, but "computer security remains a concern," Istook said. He also questioned how GSA's computer-security efforts meshed with other federal computer- and homeland-security programs.

Perry noted that the more than $247 million requested in operating appropriations includes critical infrastructure protection efforts. That amount is $53 million above fiscal year 2002 levels. The increase includes $900,000 for a Cyber Warning Information Network, plus the e-government and FirstGov.gov funding.

Perry said that GSA chiefs would meet with department heads each quarter to receive updates on progress. He said GSA soon will introduce technology that will keep these performance results in a database.

]]>

Lawmakers examine Veterans Affairs IT security efforts

Liza Porteus — Wed, 13 Mar 2002 00:00:00 -0500

The department is attempting to move toward a "One-VA," which includes streamlining agency services and using technology to increase efficiency and overlaps. President Bush's proposed fiscal 2003 budget includes $1.357 billion for VA's IT initiatives -- a 15 percent increase over last year's funding level.

"We want to know if the VA is investing their IT money wisely," said Rep. Steve Buyer, chairman of the House Veterans Affairs Committee's Subcommittee on Oversight and Investigations, which held a hearing Wednesday on the effectiveness of several VA IT programs. "We need to know what obstacles you foresee and how you plan to work through the VA's organization land mines, the cultural bias, the turf battles and the inherent inertia," he said.

Lawmakers and panelists said the VA's IT blueprint embodies the best practices sought by federal law such as the Government Information Security Act -- which calls for regular reviews of agency computer systems -- and the Clinger-Cohen Act, which places the responsibility for managing IT investment on agency heads.

But for an agency that has a history of being mired in bureaucracy, according to the lawmakers, they asked if VA is doing enough.

"This one VA horse has been allowed to stay in the barn for too long," said Rep. Julia Carson, D-Ind. "It's time to see if it can run."

Leon Kappelman, director of the Information Systems Research Center at the University of North Texas, said to achieve a "One-VA," there needs to be a central IT authority. The VA currently houses several IT directors and chief information officers.

David McClure, director of information technology management issues for the General Accounting Office, stressed that information security is one area that will require continued management attention. But he noted efforts by VA Assistant Secretary for Information Technology John Gauss to increase his focus on computer security and keep security policies current.

Gauss assured the committee that cyber security is one of the highest priorities for VA Secretary Anthony Principi. The VA's Office of Cyber Security aided the establishment of department-wide computer-protection priorities and an Enterprise Cyber Security Project -- aimed at controlling access to internal and external networks -- was approved in February. But an audit being conducted by the VA shows that significant information security vulnerabilities remain.

Gauss also said the federal government can help by ensuring that IT dollars go toward specific IT projects and by addressing the impending loss of hordes of federal IT workers to retirement. Gauss launched an IT workforce initiative to address the latter problem.

VA Inspector General Richard Griffin said key department security remediation actions need to be prioritized and completed in the next year, especially since recent discussions with the VA's Office of Cyber Security "indicate concern" that budget resources may not be available to complete all necessary actions.

]]>

Lawmakers pledge to track wasteful security spending

Liza Porteus — Tue, 12 Mar 2002 00:00:00 -0500

The House Government Reform Subcommittee on National Security, Veterans Affairs and International Relations on Tuesday held the first of two hearings on how federal money could be used most effectively to combat terrorism.

Subcommittee Chairman Christopher Shays, R-Conn., and ranking Democrat Dennis Kucinich of Ohio, as well as Government Reform Committee Chairman Dan Burton, R-Ind., and ranking Democrat Henry Waxman of California, last October sent a letter to President Bush stressing the need for Homeland Security Director Tom Ridge to make the development of a national homeland security strategy a top priority.

"The administration has failed" to do this, Kucinich said at the hearing.

Edwin Meese, co-chairman of the Heritage Foundation's Homeland Security Task Force, said his group has a "continuing dialogue" with Ridge's office and stressed the importance of keeping communication lines open between that office and state and local officials.

Heritage released a report in January offering 25 recommendations on how to take a more proactive approach to protecting the nation's computer networks and improving intelligence gathering, information systems and surveillance systems, among other things.

Meese stressed the need for a "fusion system" to collect, analyze and disseminate threat information for all levels of government that could serve as a central clearinghouse. Ridge's office is establishing a Crisis Coordination Center to serve such a purpose.

The federal government should fund research conducted by the private sector on new technologies to detect diseases such as smallpox and anthrax, said Randall Larsen, director of the ANSER Institute for Homeland Security.

Bioterrorism is a new threat and many current technologies cannot effectively detect harmful pathogens until it is too late, he said. But one promising technology under development that could use government aid is the "zebra chip," which is used to identify common diseases, he said.

"I know of no other technology that offers more potential promise to both mitigate and deter biological attacks on the American homeland," Larsen said.

Paul Bremer, former chairman of the National Commission on Terrorism and member of the Gilmore Commission, said he supports legislation requiring the Office of Homeland Security to establish a single database available to everyone dealing with border security, including consular officers at embassies abroad who issue visas.

But he said Ridge's lack of budget authority has led to problems. He noted that Ridge's proposal to combine the four agencies responsible for border security had been rejected, and Ridge had refused to testify before a congressional committee on homeland security spending.

Henry Hinton, managing director of defense capabilities and management for the General Accounting Office, suggested that partnerships forged between the public and private sectors during the preparation for the Y2K computer bug could be looked to as possible models for the homeland security effort.

]]>

FEMA outlines e-government goals

Liza Porteus — Wed, 06 Mar 2002 00:00:00 -0500

The White House has identified 24 e-government initiatives for the Office of Management and Budget to spearhead under the president's management agenda. OMB has directed federal agencies to streamline their programs and use technology to make their government services more accessible.

The Sept. 11 terrorist attacks underscored the need for the federal government to provide fast and easy access to disaster-related information to citizens, FEMA Chief Information Officer Ron Miller said at a conference sponsored by E-Gov. He noted that FEMA's Web site received 3.5 million hits soon after the attacks.

To better aid the public, FEMA has established Disasterhelp.gov, a site designed to serve as a one-stop portal for citizens to obtain disaster-relief information and assistance, Miller said.

FEMA has specific e-government projects it must finish to reach its government management goals. They include modernizing the National Emergency Management Information System, establishing publicly accessible map services on the Web, and placing registration and information forms for Bush's Citizen Corps program on the Web. Enhancing distance-learning programs also is part of the agenda. Disasterhelp.gov will consolidate federal and other disaster-relief programs under one portal and provide links to state and local emergency-management groups.

The site will require a secure network for information sharing and an automated transaction-processing system to deal with disaster-relief transactions. It also will require a database to serve as an information repository.

Miller stressed that FEMA does not want to put large batches of personalized information into a centralized database--an idea that privacy advocates heavily criticized during debates over a national identification system tied to such a database.

Meanwhile, Eligibility Assistance Online, a program currently under FEMA's purview that aids in citizens' disaster benefits, will be moved to the Labor Department.

Miller said state and local CIOs will work with FEMA on various e-government initiatives to aid the homeland security effort. Such initiatives include online loan applications, e-grants and e-authentication, the latter being a requirement for most e-government initiatives underway in all agencies, Miller said, given the vast amounts of information being put on the Web.

"There are a lot more privacy issues out there than there were before so many government services were online," Miller said.

A key priority for FEMA Director Joe Allbaugh, Miller said, is creating a public-safety wireless network, which is the "single-most critical information technology need." "First responders" to emergencies and government officials have said they need access to a priority network to effectively communicate with each other during emergencies.

"Whatever the solution is, we've got to solve it and solve it now," Miller said.

]]>