House chairman opposes central IT security czar

Differences between House and Senate Republicans over how to enhance security for federal government computers could complicate the passage of the Government Information Security Act that recently cleared the Senate Governmental Affairs Committee.

Sponsored by committee Chairman Fred Thompson, R-Tenn., and ranking member Joseph Lieberman, D-Conn., S. 1993 would centralize federal information security oversight in the Office of Management and Budget.

But that approach runs afoul of Rep. Steve Horn, R-Calif., who said he was opposed to giving OMB more authority at a Wednesday hearing on strengthening computer security. Instead, Horn, chairman of the House Government Reform Subcommittee on Government Management, Information and Technology, continues to support legislation that would split the management and budgetary functions of the OMB into two separate agencies.

"It can't be shunted off on someone at OMB," Horn told National Journal's Technology Daily. Horn added that Thompson's proposal "would not work" because it would minimize individual government agencies' responsibility to secure their computer networks.

And while Thompson has frequently toyed with the idea of creating a centralized chief information officer for the federal government, Horn decried such a proposal.

"If you appoint a CIO, agencies would say [computer security] is not their responsibility," Horn said.

Horn's subcommittee, which issued report card-style grades of agencies' preparedness for potential Y2K computer glitches, plans to issue similar grades for agencies' approach to information security.

Horn praised former Clinton administration Y2K coordinator John Koskinen, whose role has been frequently cited as a model for an possible information-security "czar," for his non-confrontational approach to encouraging federal agencies to prepare for anticipated software bugs caused by the 2000 date change.

Not everyone who testified Wednesday agreed with Horn.

"I believe there needs to be a federal CIO," said Jack Brock, director of government and defense information systems for the General Accounting Office. "The information management issues that run across agencies are very serious," he said.

And while a CIO council of federal agencies has been doing "a reasonable job, there needs to be someone providing more direction and leadership," Brock said. He also endorsed Thompson's legislation for recognizing the role of management accountability in improving information security.

But Dave Nelson, deputy chief information officer for NASA, said that the current legal structure for coping with network intrusions is largely adequate. But he said the agency is worried about demands that it publicize known vulnerabilities in its computer systems, and added that it could benefit from "some clarification of the extent of national security in this area of a civilian system closely allied with the military."