Cybercorps grads aim to boost federal IT security

IT security at federal agencies will get a boost this month from the first class of 46 students, mostly midcareer IT professionals, who have completed training under a federal scholarship-for-service program.

Cybercorps, as the program is called, was created in 2000 to produce a pool of security-trained IT professionals obligated to work for the government. The program provides up to two years of scholarship funding for students studying information security in return for a commitment to work an equal amount of time for the federal government.

“It will really impact the skill (shortage) across government,” said Ira Hobbs, the acting CIO at the U.S. Department of Agriculture who also heads the education and workforce efforts on the interdepartmental CIO Council. The 46 students who completed the training have already been placed in federal jobs, he said at this year’s annual E-Gov conference here.

The graduates, about half of whom come from private-sector jobs, were trained at some of the 36 participating colleges and universities. The program provides scholarships and stipends to the students.

The Cybercorps program is part of the National Plan for Information Systems Protection developed by the White House. The Bush administration sought about US$11 million in funding for the program in this year’s budget.

Although Congress and its watchdog agency, the General Accounting Office, have frequently criticized federal information security, the Office of Management and Budget (OMB), in a report last month, said federal information security is improving. For instance, the OMB found that 62 percent of all federal system have an up-to-date security plan. That’s up from 40 percent in 2001.

But the percentage of systems with a contingency plan is only 53 percent.

The OMB is “telling us that we are getting better, but we still have a long way to go,” said Vance Hitch, the CIO at the U.S. Department of Justice. The OMB reports to the White House.

In 2002, federal agencies spent about $2.7 billion on information security out of a total IT investment of about $48 billion. The OMB estimates that funding for IT security will reach $4.2 billion this year and $4.7 billion next year. But it said that “spending more on IT security does not always improve IT security performance. Rather, the key is effectively incorporating IT security in project and agency management actions.”

The OMB is requiring that all federal agencies have a process by the end of this year to ensure that IT security weaknesses, once identified, are tracked and corrected. Each agency’s inspector general will have to ensure that it meets the security evaluation criteria set by the White House.