Security confab calls for U.S. spending

SAN JOSE, Calif.--Two U.S. legislators, a Department of Defense officer and two security experts from government agencies told attendees Thursday at the RSA Conference 2002 that more money from U.S. coffers needs to go to cybersecurity.

"While the terrorist attacks of Sept. 11 took an unexpected form, we have to make certain that the next attack is better anticipated," said Rep. Zoe Lofgren, D-Calif., who moderated a keynote panel with other members of the government.

"Sept. 11th doesn't fit the mold of what we thought we were defending ourselves against," Lofgren said.

That cyberattacks may be the next unexpected form of terrorism was a common thread throughout the panel discussion. Yet, the solution that several members proposed was old hat: Devote more funds to the problem.

"We are preparing, and we need the cash flow to do that," said Dan Mehan, chief information officer for the Federal Aviation Administration and another member of the panel.

Although the United States has a disproportionate amount of power in most conventional arenas of competition, the cyberarena is different, Mehan said.

"Where we can be more disruptive in other areas, we can be more disrupted (in cyberspace) because of our reliance on networks," Mehan said. "The mainstream media talks about weapons of mass destruction; we in the cyberarena deal with weapons of mass disruption."

The call for cash made sense to others on the panel. Rep. Mike Honda, D-Calif., asked that more money be spent on computer security and that the private sector help the government find the appropriate way to secure itself.

"We have to stop playing the budget game and give them money," Honda said.

Gartner analyst John Pescatore says that as its first priority, the government should find ways to allocate the current level of funding more efficiently. see commentary

In his latest budget, President George W. Bush has earmarked more than 8 percent, about $4 billion, of federal information-technology spending for information-system security, the administration's cybersecurity czar, Richard Clarke, said Tuesday in the opening keynote to the conference. That's a whopping 64 percent increase over the previous year.

The sense of vulnerability left over from the attacks on New York and the Pentagon is a major reason such money is now being spent.

"We know we, as a nation, can be attacked," said Capt. Sheila K. McCoy, team leader for information assurance on the staff of the U.S. Navy's chief information officer.

McCoy did warn, however, that throwing money at the problem is not necessarily the right way to go, until we know where we want to spend it.

"A lot of (the problem) is how much security is the right amount of security," McCoy said.

The panel focused a lot of its attention on the systems of the Federal Aviation Administration. Yet, the FAA's Mehan detailed several of the security practices the agency employs to make sure its system is secure, redundant and available.

For example, the administrative data on the network is totally separate from the critical air traffic data. Even the ancient--in Internet terms--networking protocols used by the administration also lend some security, Mehan said.

"We are protected, in all honesty, by some of the outdated protocols we have used in the past," Mehan said.

Another common thread among the panel's members was the call for the security industry, whose representatives made up the majority of the crowd at the conference, to aid the government with its expertise.

"Everyone has to take part in being a cybercitizen, especially in the corporate world," Honda said.