OMB considering cybersecurity standardization
Increased security and savings are possibilities in a potential consolidation of agencies’ cybersecurity processes.
Office of Management and Budget officials are considering standardizing the cybersecurity business processes of agencies in order to save money, increase security and help those with small information technology budgets.
A task force led by the Homeland Security Department and OMB officials will meet in March to consider whether the consolidation of common processes, services and technologies regarding security could improve performance while reducing costs.
About $4 billion is spent each year securing federal information technology; an OMB official speculated that 40 percent of that is spent on processes that are common among agencies. The task force would examine how much of the $4 billion is spent on actual security improvements rather than duplicative administrative functions.
Karen Evans, OMB's administrator for electronic government, said in a budget briefing Tuesday that the creation of the task force won't necessarily lead to a consolidation of cybersecurity efforts.
"A common solution doesn't mean it's consolidated," Evans said. "A common solution means that we're doing the work in the same way."
Late last year, Intelligent Decisions Inc. of Chantilly, Va., released a survey showing a class divide between federal chief information security officers controlling less than $1 million and those controlling more than $10 million. CISOs with small budgets struggle to comply with the Federal Information Security Management Act, and developing common solutions could help resolve this issue.
Evans said human resources management, financial management and grants management efforts are progressing as service centers designed to consolidate and eliminate redundant back-office work between agencies are implemented.
Another emerging line of business, according to OMB, is information sharing among agencies.
Bush's budget includes a 7.2 percent increase in IT security, and requires agencies to develop cybersecurity plans before spending money on developments or modernizations. Last year, only certain agencies were required to develop cybersecurity plans before prceeding with such plans.
The budget proposal includes $1.68 billion in IT security spending, up from $1.57 billion last year. Development and modernization spending requests are at $10.35 billion, up from $9.05 billion in fiscal 2005.
Agencies are required to secure 90 percent of all IT systems, but they must analyze all systems and justify why some remain unsecured. According to Evans, 77 percent of the federal government's information infrastructure is secure.
OMB officials also announced plans to launch a redesigned version of the agency's e-government Web site Wednesday.