Bush's cybersecurity budget proposal concerns tech industry

Industry groups fought to get a cyber-security czar at the Homeland Security Department, but they are disappointed that President Bush did not include more money for the expanded role as part of the fiscal 2008 budget he released Feb. 5.

Bush proposed a $92.7 million funding level for the department's cyber division, which is headed by Undersecretary Greg Garcia.

"It's close to flat compared to what it was last year," said Liesyl Franz, vice president of information security for the Information Technology Association of America. "With its increased mission and increased expectations, that is insufficient."

Franz said part of that expanded mission will include implementing the national infrastructure protection plan that is to be released soon. At the RSA Security Conference in San Francisco last week, Garcia said one of his priorities will be working with other federal agencies to strengthen the security of their IT programs.

Bush is proposing some cuts to line items within Homeland Security's own IT budget. For the chief information office, the Bush budget proposal requests $179 million for department-wide IT expenses. That would be down $90 million from the $269 million he proposed in fiscal 2007.

Overall, the president proposes a 1.1 percent IT spending decrease for the department and a 2.1 percent IT spending increase for the Defense Department.

Karen Evans, the administrator of e-government and information technology in the White House Office of Management and Budget, said the president's funding request for technology does show that securing cyberspace and preventing data loss are important.

For the most part, industry groups monitoring security issues agree that the overall IT budget is a step in the right direction.

"It is certainly a good sign that the president has requested $65.5 billion in IT spending across federal agencies to help address the seemingly endless string of data breaches and improve cyber security among the agencies," said Liz Gasster, acting executive director and general counsel for the Cyber Security Industry Alliance. "But when you look at a breakdown of the percentages, specifically for [Homeland Security], the 1.1 percent decrease from last year is very concerning."

Gasster said she would have liked to have seen more attention and funding consideration for cyber-security research and development and integrated situational awareness for the U.S. Computer Emergency Readiness Team.

The Bush budget proposes no funding for state implementation of federal driver's licensing standards under a 2005 law that aims to make licenses harder to forge or falsely obtain. State governments must begin complying with the standards by May 2008. Groups like the National Conference of State Legislatures have estimated the program could cost $10 billion to $12 billion.

Jennifer Kerber of ITAA said that without funding, the country risks not moving forward and continuing to have the same identification system that let terrorists falsely obtain driver's licenses before the Sept. 11, 2001, attacks.

"You're only as strong as your weakest link," Kerber said, adding that states need to make IT investments to authenticate peoples' identity.