Security briefs

FedCIRC calling

Agencies were reminded last week that they should rely on and work with

the Federal Computer Incident Response Capability when securing their systems.

The FedCIRC staff, along with officials from the White House and the National

Security Council, held a teleconference with representatives from all of

the federal agencies. The call was a follow-up to a memo from President

Clinton urging agencies to secure their systems against attacks and against

being used for attacks — such as in last month's denial-of-service incidents

that blocked popular e-commerce sites. FedCIRC has been available to assist

agencies in such matters for four years, but the White House is concerned

that few agencies use FedCIRC or report incidents to the group, one official

said.

Agencies on the line

White House officials reminded agency representatives during the FedCIRC

teleconference that agencies have a March 24 deadline to provide vulnerability

reports called for in the president's memo. Those reports will be turned

in to FedCIRC, which will put together an analysis that John Podesta, the

president's chief of staff, will deliver to Clinton on April 1.

CIOs seek security funds

Chief information officers are pushing for a pot of supplemental money

for security, similar to what was handed out for the Year 2000 problem,

State Department CIO Fernando Burbano said at a conference last week. The

Office of Management and Budget last month called for agencies to include

security as an integral part of their information system budgets for fiscal

2002 and beyond, but agencies still have two years until the 2002 budget

kicks in.