Cybercorps to boost US federal IT security

IT security at US federal agencies will get a boost this month from the first class of 46 students who have completed training...

IT security at US federal agencies will get a boost this month from the first class of 46 students who have completed training under a federal scholarship-for-service programme.

Cybercorps was created in 2000 to produce a pool of security-trained IT professionals obligated to work for the US government.

The programme provides up to two years of scholarship funding for students studying information security in return for a commitment to work an equal amount of time for the federal government.

"It will really impact the skill [shortage] across government," said Ira Hobbs, the acting chief information officer at the US Department of Agriculture who also heads the education and workforce efforts on the interdepartmental CIO Council.

The 46 students who completed the training have already been placed in government jobs, he said.

The graduates, about half of whom come from private-sector jobs, were trained at some of the 36 participating colleges and universities. The programme provides scholarships and stipends to the students.

The Cybercorps programme is part of the national plan for information systems protection developed by the White House. The Bush administration sought about $11m (£6.6m) in funding for the programme.

Although Congress and its watchdog agency, the General Accounting Office, have frequently criticised federal information security, the Office of Management and Budget (OMB), said federal information security is improving.

The OMB found that 62% of all federal system have an up-to-date security plan, up 40% in 2001. However, the percentage of systems with a contingency plan is only 53%.

The OMB is "telling us that we are getting better, but we still have a long way to go," said Vance Hitch, the chief information officer at the US Department of Justice.

In 2002, federal agencies spent about $2.7bn (£1.6bn) on information security out of a total IT investment of about $48bn (£28.9bn). The OMB estimated that funding for IT security will reach $4.2bn (£2.5bn) this year and $4.7bn next year.

But the OMB added that "spending more on IT security does not always improve IT security performance. Rather, the key is effectively incorporating IT security in project and agency management actions".

The OMB is requiring that all federal agencies have a process by the end of this year to ensure that IT security weaknesses, once identified, are tracked and corrected. Each agency's inspector general will have to ensure that it meets the security evaluation criteria set by the White House.

Patrick Thibodeau writes for Computerworld

Read more on IT risk management