The federal government's computers should be "a model for security and reliability," officials participating in a program aimed at safeguarding sensitive information were told Friday.
About 700 officials from agencies throughout the government gathered at National Bureau of Standards headquarters in suburban Gaithersburg, Md., to receive formal guidelines for implementing the program, which is being undertaken despite budgetary uncertainties.James Burrows, director of the NBS Institute for Computer Sciences and Technology, told the meeting that "we must make the federal government's computers a model for security and reliability."
Charged with overseeing the computer security program are the National Bureau of Standards, a unit of the Commerce Department, and the Pentagon's National Security Agency, which for years has issued regulations for protecting classified information.
Other lead agencies for the program are the White House Office of Management and Budget and the Office of Personnel Management.
The effort is mandated by legislation signed into law early this year by President Reagan requiring that agencies establish computer security training and awareness programs, identify sensitive computer systems, prepare security plans for each system and submit those plans to NBS and NSA for advice and comment. The plans are due by Jan. 1, 1989.
Stuart Katzke, chief of NBS' computer security division, said the security plans should help deal with unauthorized computer system break-ins by "hackers" as well as the threat posed by so-called computer viruses - small strings of computer code that can cause computer programs to go haywire.
"I think that if the planning activity is done properly and the agencies look at the threats, the risks and so forth, they should look at things like viruses and hackers," he said.
The computer security program faces a possible budget squeeze because Congress so far has been unwilling to vote the additional $3 million for NBS requested by the Reagan administration to pay for implementing the program.
A fiscal 1989 bill passed by the House includes no extra money for the program, while companion legislation approved by a Senate appropriations panel would provide only $1 million. Capitol Hill proponents of the computer security program are expected to press for full funding on the Senate floor and in a Senate-House conference.
Dennis Steinauer, another NBS official, said the computer security program would eventually involve tens of thousands of computer users throughout the federal government, reached by establishing new training programs or upgrading existing ones.
The objective, he said, is "to make sure that users of computer systems, in particular those that handle sensitive information, understand what the threats and vulnerabilities are, and what the things are that they need to do and can do in order to provide protection."
The computer security program was the focus of a Washington symposium convened last month by the Institute of Electrical and Electronics Engineers, attended by more than 30 leading security experts in industry and government from the United States, Canada and Britain.