Forward this message to a friend
The Daily Pipeline | Partnership for Public Service | Inspire, Transform, Realize.

April 14, 2008

A summary of daily news relevant to the federal workforce produced by the Partnership for Public Service.

  1. OMB to Agencies: Don't Bother Submitting 2010 Budget Requests
  2. Federal Diary: A Call for Action On Tax Scams
  3. Countdown to 50

OMB to Agencies: Don't Bother Submitting 2010 Budget Requests

Congress Daily
By Dan Friedman
 
The Bush administration will leave much for the next president, but its legacy will not include a fiscal 2010 budget, according to a recent memorandum Office of Management and Budget Director Jim Nussle sent to agency heads.
 
Instead of readying a full federal budget, Nussle said OMB "will prepare a budget database that includes a current services baseline," or an estimate based on current spending that does not include proposed increases and new policy proposals.
 
In what some budget analysts called a surprising departure from past practices during the transition from one administration to another, Nussle also said agencies this year need not submit budget requests and supporting documents in September as they normally do.
 
Instead, agencies should estimate their baseline spending and submit budget requests only after a new administration or transition team arrives, Nussle said in his April 7 memo.
 
The decision means neither President Bush nor federal agencies will have to bother offering proposals that most experts agree are likely to be ignored by the next White House and Congress.
 
"We would love to have President Bush's budget policies carried on," OMB Deputy Director Steve McMillin said Thursday. "But as a practical matter, it's the next president who will be negotiating the 2010 budget with the Congress, and they'll probably need to own it."
 
Before Congress changed the law in 1990 to have incoming presidents, not their predecessors, submit budgets in transition years, lame-duck presidents generally sent a budget to Capitol Hill just before departing, McMillan said. Even President George H.W. Bush, hoping to remain in office, followed standard procedures and prepared a budget in late 1992.
 
McMillin said OMB's approach is similar to the one taken in 2000 by then-OMB Director Jack Lew under President Clinton.
 
But Nussle's approach was criticized by several budget analysts who argued it could cause agencies to delay consideration of fiscal 2010 budget plans until well into 2009.
 
"It's pretty outrageous," said one veteran of the congressional budget process.
 
"It might create a kind of crisis environment in 2009, because they won't have done the planning that is needed," observed Cindy Williams, a former assistant director of CBO who studies the defense budget at the Massachusetts Institute of Technology's Security Studies Program.
 
Other budget experts said OMB's collection of baseline spending information would be sufficient for the transition. "I don't think it's a very big deal . . . as long as you have very good baseline information," said Alice Rivlin, who served as OMB Director under Clinton.
 
Former Congressional Budget Office Director Robert Reischauer said OMB's plan would not cause problems if agencies work on routine parts of their budget proposals before the transition and, as Nussle's memo suggests, work with the incoming president's transition team before January.
 
"The issue is you don't want to face the new president and his incoming staff the day after the inauguration with, in a sense, a blank sheet," Reischauer said.
 

A Call for Action On Tax Scams

The Washington Post
By Stephen Barr
 
The scam goes like this:
 
A bogus tax return using a stolen Social Security number is submitted to the Internal Revenue Service early in the tax-filing season. Because the IRS does not know the return involved identity theft, it sends a refund.
 
When the real tax return is filed, it gets flagged as a duplicate, freezing any refund. It sometimes takes months for the innocent, legitimate taxpayer to sort it all out with the IRS.
 
Filings of fictitious tax returns to steal refunds have jumped dramatically, perhaps because con artists can file them electronically and get a direct-deposit refund long before the real taxpayer finds out.
 
From 2002 to 2007, the number of fraudulent tax return complaints to the Federal Trade Commission jumped to 20,782, from 3,061, according to a report by the Treasury Inspector General for Tax Administration, or TIGTA.
 
The rise in fraudulent tax returns was an issue at a Senate Finance Committee hearing last week called by the committee chairman, Sen. Max Baucus (D-Mont.). "I am disappointed that the IRS does not notify a taxpayer when someone else has filed a return using the victim's Social Security number," he said.
 
Nina E. Olson, the national taxpayer advocate, who provides an independent voice on behalf of taxpayers, told the committee she is concerned the IRS does not know how many taxpayers are affected by identity theft and said the problem may be more widespread than IRS data suggest.
 
Another witness, J. Russell George, the inspector general for tax administration, said the IRS "processes and procedures have been inadequate in reducing the burden for taxpayers who have been victimized. When the IRS becomes aware of employment-related identity theft, it does not take action unless the case relates to a substantive tax or conspiracy violation."
 
Unless the IRS acts to address identity theft and related computer security issues, George said, "there is no deterrent to keep the problem from spreading."
 
Olson, in additional testimony submitted to the committee, said her staff is receiving calls from senior citizens who filed for this year's tax rebate after not filing returns for several years and who have discovered that someone else has been using their Social Security numbers on tax returns.

 

She and George also described another common scam involving tax returns.

These cases often involve illegal immigrants and undocumented workers who use another person's identity -- name, Social Security number or both -- to obtain employment. The employer files a wage and tax statement, the W-2, under the stolen identification information, and the IRS computers attribute the earnings according to the Social Security number. Then the IRS levies an additional tax on the lawful owner of the Social Security number, creating consequences for the innocent person.
 
Such employment-related problems are on the rise. From 2002 to 2007, this type of identity theft complaint more than doubled, from 15,089 to 35,343, according to the TIGTA report.
 
In testimony submitted separately to the committee, George said "phishing" is a serious problem for the IRS. In those schemes, an unsolicited e-mail directs people to a bogus Web site that requests personal information, such as credit card and bank account numbers.
 
TIGTA has found "get your refund" phishing sites and anticipates that this year's economic stimulus payments will lead to "get your rebate" sites.
 
As of March 31, TIGTA had identified seven phishing sites set up to con taxpayers into believing they are filing their income taxes electronically with the IRS. Last year, TIGTA found 39 IRS-related phishing sites.
 
At last week's hearing, Sen. Ken Salazar (D-Colo.) urged IRS Commissioner Douglas Shulman to consider creating an identity theft crisis center to help taxpayers. Shulman, who took office March 24, said the agency is working to improve assistance to victims of identity theft.
 
The IRS plans to have employees in place by this fall to assist taxpayers when they call to report identity theft, Shulman said. And, he said, the IRS has established an office to focus on an agency approach to identity theft and data security issues.
 
The IRS also is creating a tag for taxpayer accounts to show they have been victimized. Once the tag is attached, taxpayers should have to provide documentation only one time to prove their personal information has been stolen.
 
"We understand the personal devastation that an individual feels when their identity has been stolen," Shulman said. "We also understand that when a victim of identity theft seeks assistance from a government agency, they have a right that that agency will help them, not add to their problems."

 

Countdown to 50

Government Computer News
By John Rendleman

Federal civilian agencies are under the gun to re-engineer their networks by June 30 to comply with an ambitious Office of Management and Budget plan to improve information technology security through a dramatic reduction of Internet connections.

The Trusted Internet Connection (TIC) plan also includes an April 15 deadline for agencies government wide to declare their capabilities and requirements to carry out the overhaul.

TIC requires the federal government to winnow its array of about 4,000 Internet connections to roughly 50 highly secure gateways. OMB, which launched TIC in November 2007 in response to the surging frequency and sophistication of online assaults against federal systems, first estimated the number of Internet connections to be about 1,000. After gathering information from agencies, that number grew fourfold.

The TIC plan to create a more secure perimeter between Uncle Sam's internal networks and the free-fire zone that dominates the external Internet echoes a project that the Defense Department launched seven years ago.

The new, secure perimeter, sometimes referred to as a demilitarized zone, would help federal IT managers improve their network traffic monitor capabilities.

Agencies also would be able to reduce the number of security appliances they use to filter data crossing into or out of federal networks.

The OMB proposal calls for the Homeland Security Department's U.S. Computer Emergency Readiness Team to implement pivotal TIC operations.

For years US-CERT has operated a 24-hour operations center that monitors network activity across the federal government. Under TIC, the center will enforce network security via its suite of Einstein packet-filtering devices. USCERT uses the Einstein systems to keep malware out of federal networks and prevent sensitive government information from leaving.

The DHS network security response team built the Einstein systems using commercial and government software and hardware. The Einstein devices sit outside government firewalls to detect all traffic that affects federal systems, DHS officials said last year (GCN.com, Quickfind 1022).

Most security experts said the risks involved in the ambitious TIC deployment schedule and the difficulties posed by the network re-engineering plan would be more than offset by its likely effectiveness.

Many of the IT security analysts contacted for this article emphasized the urgent need for security upgrades to protect the federal government's data infrastructure. Most security professionals agreed that the TIC security improvements and similar measures are long overdue.

"We should have done this five years ago, but there wasn't the heart or the will then like there is now," said Howard Schmidt, a former White House cyber security adviser. "The timetable is aggressive," he said, but now there is a sense of urgency behind the program.

"The concept is very sound," Schmidt said.

"You can easily monitor what's going on, you can react more quickly, and you have greater visibility of threats. If done correctly, this can achieve a lot."

Small agencies that won't qualify for their own connections under TIC must subcontract their Internet services to larger agencies.

Coordinated efforts OMB timed the TIC migration deadline to coincide with the government's other major computer security and network security projects.

The coordinated schedule will allow agencies to capture the improvements all at once and launch the security upgrades simultaneously, said Karen Evans, OMB's administrator for e-government and IT.

"We're trying to make sure that everything is raised to the same level, and we've picked these dates because all the efforts align," Evans said.

OMB early this month sent a memo to all federal departments and agencies asking them by April 15 to submit their proposed solutions for implementing TIC and how they would prefer to receive service from a Trusted Internet Connection Access Provider.

OMB gave agencies three options: be a single- service provider that serves only its own internal customers and has its own TIC; be a multiservice provider that offers services to more than one agency or bureau and shares a TIC with others; or be an agency that connects to a TIC via an approved provider. For agencies that want to be their own TIC provider, OMB asked for extensive supporting data on the agencies' technical ability to monitor traffic and enforce security policies on network links.

OMB will use agencies' submissions in deciding how to allocate the targeted 50 TICs.

Evans said TIC's goal of reducing the number of connections to 50 is ambitious, but added that it is a well thought-out target. She said although some agencies might believe that the goal of 50 Internet links and the June 30 timetable are unrealistic, "there's no technical reason this can't be done."

OMB modeled TIC after the network security methods developed for use by banks, brokerage houses and similar financial institutions, said Scott Bradner, technology security officer at Harvard University. Bradner helped OMB plan TIC.

 

To read the entire article, click here.

Partnership for Public Service
1100 New York Avenue, N.W., Suite 1090 East | Washington, DC 20005
(202) 775-9111 | fax. (202) 775-8885 | www.ourpublicservice.org


powered by
emma