The federal government can no longer afford to have security be an afterthought in e-government operations, federal information technology experts said Friday, upon the release of a new report from the CIO Council. The report, "Securing Electronic Government,"
focuses on security issues raised by Web-based information services, procurement systems and online financial transactions. "Government organizations are beginning to recognize the importance of including security considerations in up-front planning for Web-based information services," the report said. The report gives agencies tools to gauge how much security they require and how to develop a security program that meets their needs. "The most important first step is to create a security plan," the report said. "The purpose of the plan is to analyze what can go wrong and to determine responses that reduce the likelihood and consequences to an acceptable level." The report included three case studies highlighting the role of security in emerging e-government initiatives, the level of risk associated with the programs and the technical security measures agencies have taken. The case studies are of NASA's Internet-based procurement system, the Energy Department's online job information and statistical data dissemination initiatives, and the Social Security Administration's attempts to ensure the online security of the Personal Earnings and Benefits Estimate Statements it issues. The report concluded that security needs increase with the monetary value of a procurement and that the greatest risks to Web-based information services are denial of service attacks and malicious data changes. Conducting financial transactions online raises other security considerations, said Sky Lesher, the Interior Department's deputy chief financial officer. Web sites featuring such transactions must be continually available and have controls in place that effectively protect the services from unauthorized access, he said. "We can all see the incredible benefits of electronic government," said Harris Miller, president of the Information Technology Association of America. "But, of course, with the benefits come enormous challenges. One of these is protecting information."