Bush's 2008 IT budget focuses on cybersecurity

U.S. President George Bush's 2008 budget request for $65.5 billion in IT spending across federal agencies reflects his priorities to cut budget deficits while improving cybersecurity and enhancing e-government services to U.S. citizens, Bush advisors said Wednesday.

"It's clearly demonstrated by our actions in this past year that the [cybersecurity] plans we've had in place aren't necessarily working," said Karen Evans, administrator of e-government and information technology in the White House Office of Management and Budget (OMB). "It's important for us ... that we have the trust of the American people that we'll protect their information."

The U.S. government this year will focus heavily on IT security after reports of data breaches in 2006. The White House, working with federal auditors and Congress, will lean on agencies to improve cybersecurity using their existing resources, Evans said.

Evans, during a press conference, didn't mention specific data breaches from 2006, but the Department of Veterans Affairs (VA) in May reported a laptop and hard drive containing the personal information of 26.5 million military veterans and their families stolen from an employee's home. Police later recovered the hardware, but the announcement set off a storm of criticism from Congress.

The lost VA equipment prompted a congressional review of other government agencies, and they reported thousands of laptops missing in the last five years.

OMB will encourage some smaller agencies to contract with larger ones for network access and security, Evans said. OMB will also ask many agencies to focus on internal problems that lead to lost data, not just on external threats, she said. Some agencies are spending a disproportionate amount on fighting external threats when the majority of cybersecurity problems are internal, she said.

Bush's 2008 budget includes a 2.6 percent spending increase for IT, compared to his 2007 budget request. Of the $65.5 billion, $31.4 billion would go to the U.S. Department of Defense, $5.6 billion to the Department of Health and Human Services, and $4.1 billion to the Department of Homeland Security.

DOD would get a 2.1 percent increase in its IT budget over Bush's 2007 request, HHS would get a 9.9 percent increase, and DHS would get a 1.1 percent decrease. The U.S. Congress has not yet finalized the budget for the government's fiscal year 2007, which started in October.

With Bush's 2008 budget, OMB for the first time released a list of government IT projects that auditors are concerned about. In 2008, there are 346 IT funding requests on OMB's management watch list, meaning the requests have not met criteria such as performance goals, security and privacy requirements, or program management standards. Federal agencies have made 840 funding requests for IT programs for fiscal year 2008.

The 346 programs on the management watch list total about $14.4 billion, Evans said. Sixty-one of those watch-list requests are from the Department of the Treasury, 52 are from the Department of Homeland Security, and 37 are from the VA.