CSIA in the News
Article of Interest
The Washington Post,
December 13, 2005
Tech Group Blasts Federal Leadership on Cyber-Security
A group of leading technology companies today chastised Congress and the Bush administration for what it characterized as a failure to support initiatives to fight online crime, saying a lack of leadership and accountability in this area is endangering U.S. economic and national security. The Cyber Security Industry Alliance said the federal government has largely declined to act on recommendations the group outlined a year ago, goals that mirrored policies originally set forth in early 2003 by the White House in the "National Strategy to Secure Cyberspace." Cyber-security as a government priority "has been on a downward slope and we need to arrest that decline and bring the issue back to the level [of importance] it was a few years ago," said Paul Kurtz, a former Bush administration cyber-security official who serves as chief executive of the alliance. Among the failures cited by the alliance was the lack of a high-level executive branch official charged with overseeing efforts to secure government systems and encourage the sharing of information between government and the private sector on new information security threats.
CSIA News
InternetWeek.com, October 31, 2005
Internet Governance Squabble Expected To Hijack U.N. Meeting
The escalating scrap over control of the Internet that has pitted the U.S. government against the rest of the world is expected to take over the agenda at the World Summit on the Information Society, a United Nations meeting scheduled for November. The Internet’s value as an engine of business shouldn’t be overlooked, says Paul Kurtz, executive director of the Cyber Security Industry Alliance, a public policy and advocacy group based in Arlington, Va. "We ought to think about how nations can come together and talk about myriad issues about the growth of the Internet, making it available to less developed countries and using it as an engine of global economic growth," Kurtz says. But security is the biggest worry for Kurtz, who is also a former senior director for critical infrastructure protection on the White House's Homeland Security Council. "Security would suffer if we had multiple governments seeking to operate functions of the Internet and the domain name system. That would be a terrible mistake," he says.
**Story also ran on InformationWeek’s website.
SC Magazine, November 9, 2005
Calls for improved security legislation after TransUnion breach
Enhanced federal legislation and closer scrutiny of user behavior were at the top of leading security professionals’ wish lists this week as news of last month’s theft of a TransUnion PC containing the personal credit information of about 3,600 clients spread. One of three companies in the U.S. that monitor consumer credit histories, TransUnion said it has been checking the credit status of all victimized customers and does not believe that any fraudulent activity has taken place since the burglary of its California sales office last month, it said Wednesday in a statement. The breach of private financial information is yet another call for new federal security laws, said Paul Kurtz, executive director of the Cyber Security Industry Alliance, who added, "I don't think we should be surprised that we're hearing about another breach." "In general, (the 14 online security bills waiting to be acted upon in Congress) are all talking about putting reasonable security measures into place, such as notifying the consumer (in case of a breach), as well as the Federal Trade Commission in some cases," he said. "I think that there are concerns that (some of the bills) are not strong enough."
Government Security News, November 2005
CSIA says DoD should pay attention to privately-owned infrastructure
The Department of Defense (DoD) should consider a multi-pronged effort that would secure the commercial sector’s privately-owned Internet information infrastructure, Paul Kurtz, the executive director of the Cyber Security Industry Alliance (CSIA), said in a testimony to the House Armed Services Committee on Oct. 27. By attempting to secure both DoD’s own infrastructure and the privately-owned infrastructure, DoD could help prevent a possible massive cyber terrorist attack. Kurtz criticized DoD for being more concerned with its own assets and securing its own information infrastructure while leaving the private sector to fend for itself. This could be a grave mistake because the privately-operated information infrastructure is considered one of the likely targets of a terrorist cyber attack, he noted. "DoD must expand its indications and warning program to include information on potential action against key elements of the private sector," Kurtz said during his testimony. "DoD’s efforts must be fully integrated into a National Cyber Attack Sensing, Warning and Response Capability."
IDG News, November 14, 2005
World Summit on the Information Society hopes to bridge the digital divide
The United Nations began its two-phase World Summit on the Information Society (WSIS) in the hope of bridging the digital divide between developed and developing countries. But now a debate over controlling certain parts of the Internet threatens to create a new digital divide between two of the world's economic powerhouses, the U.S. and the European Union, together with several other industrialized nations. The result could be two or more root file systems for managing IP (Internet Protocol) traffic that, in the worst-case scenario, are not interconnected and interoperable and that could lead to a fragmentation of the Internet and a possible breakdown in global data communications as we know them today. Paul Kurtz, executive director of the Cyber Security Industry Alliance (CSIA) in Arlington, Virginia, is of the same opinion. "We believe the Internet is what it is today largely because the private sector has been involved," he said. "It has fueled the growth of the Internet and brought it to many points on the planet. If we allow government reach into the day-to-day operations of the Internet, we will have a real problem in continuing its growth." Some groups have already been working on an alternative root system.
*Also appeared in InfoWorld.
National Journal’s Technology Daily, November 15, 2005
CYBER SECURITY
The U.S. government must take a comprehensive approach to information security rather than the complicated web of security laws and regulations being spun on all levels of government, a group of industry experts said Tuesday. "We have a patchwork quilt of information security laws," said Paul Kurtz, executive director of the Cyber Security Industry Alliance, which hosted a panel of government officials and industry representatives to discuss the issue. Kurtz said the group agreed that the U.S. government must take a more "comprehensive approach" and draft national standards and principles. He said 21 states are considering security laws to protect personal sensitive data; nine states are addressing computer-intrusion laws; and there are 14 bills before Congress focusing on data security. Kurtz said companies must satisfy all such laws, including in other countries. The group also agreed that the U.S. government must be conscious of the global perspective.
*By subscription only.
Wireless News , November 15, 2005
Visa International Joins CSIA as Enterprise Partner
Cyber Security Industry Alliance (CSIA), a public policy and advocacy group dedicated exclusively to cyber security, announced that Visa International has joined the Alliance as an enterprise partner. "Through educational initiatives and industry cooperation like Payment Cards Industry (PCI) Data Security Standards, Visa has taken a leadership role in combating electronic fraud and creating a safer online experience for consumers and businesses alike," said Paul Kurtz, Executive Director of CSIA. "Visa has chosen to become a member of CSIA as part of an ongoing commitment to continually improve electronic payment security for the customers of its own member financial institutions," said Brian Buckley, Senior Vice President of International Risk Management, Visa International. "Membership in CSIA will strengthen Visa's partnership with information security leaders and provide the opportunity to have a real and positive impact on our technological innovation and education and awareness efforts."
*By subscription only.
SecurityProNews, November 16, 2005
Visa Joins CSIA
Credit card company Visa announced their membership in the Cyber Security Industry Alliance (CSIA). Visa, as a multinational, will be able to provide a unique insight as the world's leading payment brand. Visa enters the organization as an enterprise member. "Through educational initiatives and industry cooperation like Payment Cards Industry (PCI) Data Security Standards, Visa has taken a leadership role in combating electronic fraud and creating a safer online experience for consumers and businesses alike," said Paul Kurtz, Executive Director of CSIA. "Visa has chosen to become a member of CSIA as part of an ongoing commitment to continually improve electronic payment security for the customers of its own member financial institutions," said Brian Buckley, Senior Vice President of International Risk Management, Visa International. "Membership in CSIA will strengthen Visa's partnership with information security leaders and provide the opportunity to have a real and positive impact on our technological innovation and education and awareness efforts."
Federal Computer Week, October 27, 2005
Debate continues on data privacy bill
The familiar problem of too many cooks in the kitchen will keep federal lawmakers from passing a personal data privacy and security bill this year. But privacy advocates remain optimistic that lawmakers will approve national legislation in 2006 for protecting personal information and notifying people whose information is stolen or unlawfully obtained. At least a half-dozen House and Senate committees are working on legislation to address problems of identity theft and unauthorized data access, which is slowing the legislative process, said Dan Burton, vice president of government affairs at Entrust, an information security company. But people have stopped debating which committees have jurisdiction over data privacy and security, he added. Now they are arguing about what the legislation should and should not include. "We have a decent chance of having something happen in 2006," said Paul Kurtz, executive director of the Cyber Security Industry Alliance, an industry policy group. "The sooner the better, given that we continue to see security breaches."
UPI, November 21, 2005
Cyber czar job still open after 13 months
More than 13 months after the last post-holder quit in frustration, the Bush administration still has not been able to find a suitable candidate to lead the efforts of the Department of Homeland Security to protect the nation's computer and telecommunications networks. Although at least four applicants have met with Deputy Homeland Security Secretary Michael Jackson, an administration official told United Press International on condition of anonymity that none of them were still being considered for the post. The broad range of experience and skill sets and relatively junior status of the four have led some to question whether the new leadership at the Department of Homeland Security has a sufficiently clear focus on the post-holder's role. Paul Kurtz, of the Cyber Security Industry Alliance, a lobby that represents the top companies in the field, agreed that the eventual appointee needed to be someone who "knew how to move the levers of the government." Kurtz added the post-holder must be "someone really focused on execution, on actually moving the ball down the field," as opposed to an evangelist employing the bully pulpit. "We all get it," he said. "We all understand the importance of the issue." What was needed now, he said, was "a pretty strong guy. Someone with either enough contacts and experience or enough stature to get people (in different agencies) executing on their priorities."
CCN Magazine, December 8, 2005
Cyber Security Industry Alliance Co-Sponsors Roundtable
Cyber Security Industry Alliance (CSIA), the only advocacy group dedicated to ensuring the privacy, reliability and integrity of information systems, announced its participation and support for the first in a series of roundtable events addressing cyber security, ethics and safety education for children K-12. The first roundtable discussion, held yesterday, December 6, in Washington, D.C., was co-sponsored by the National Cyber Security Alliance (NCSA). In July 2005, CSIA issued a white paper, "Teaching Children Cyber Security and Ethics," which called for the creation of a national-level endeavor for teaching children K-12 cyber security, ethics and safety. This roundtable series follows up on that paper and is the first step in creating a national cyber awareness campaign to make cyber security, safety and ethics curriculum and other teaching tools easily accessible to all educators, and create a culture of common sense cyber security, safety and ethics to enhance the education and economic opportunities the Internet provides for youth.
Federal Computer Week, December 8, 2005
Security, funding concerns slow IPv6 transition
Countries worldwide are implementing IPv6, yet security and funding concerns have slowed the transition’s pace in the U.S. government. Many information technology community leaders are concerned about the transition to IPv6 from IPv4, which has been the standard to date. Although IPv6 offers many new opportunities, Cyber Security Industry Alliance executive director Paul Kurtz said this is the first time such a major IP transition has been implemented. "There are no lessons learned from the last transition," he said at the IPv6 Summit in Reston, Va., Dec. 8.
Government Technology, December 8, 2005
Roundtable Event Addresses Cyber Security, Ethics and Safety Education
Cyber Security Industry Alliance yesterday announced its participation and support for the first in a series of roundtable events addressing cyber security, ethics and safety education for children K-12. The first roundtable discussion, held this week in Washington, D.C., was co-sponsored by the National Cyber Security Alliance (NCSA). In July 2005, CSIA issued a white paper, "Teaching Children Cyber Security and Ethics," which called for the creation of a national-level endeavor for teaching children K-12 cyber security, ethics and safety. This roundtable series follows up on that paper and is the first step in creating a national cyber awareness campaign to make cyber security, safety and ethics curriculum and other teaching tools easily accessible to all educators, and create a culture of common sense cyber security, safety and ethics to enhance the education and economic opportunities the Internet provides for youth. "While the Internet provides children with great educational benefits to advance academically, the growing amount of cyber threats we face online cannot be ignored," said Paul Kurtz, executive director of CSIA.
Washington Internet Daily, December 9, 2005
Time Running Out for First IPv6 Transition Phase, Leaders Say
Despite agency and business caution in moving to an Internet platform they don't fully understand, time is running out for such enterprises to start initial plans for IPv6 transition, agency officials and experts said Thurs. Speaking at a luncheon at the U.S. IPv6 Summit organized by Juniper Networks, which released a draft "world report" on IPv6 best practices, speakers also warned the U.S. was in danger of falling behind Europe and Asia in deployment and activation of IPv6. "Any federal agency needs to have very aggressive pre-planning now" to meet OMB's stated 2008 deadline, said Tim Quinn, Interior Dept. chief-enterprise infrastructure division for the agency CIO. The advantages of IPv6 also hold perils for officials unfamiliar with its workings, Cyber Security Industry Alliance Exec. Dir. Paul Kurtz said: It's the first such protocol transition, and there's no rulebook. For 10-20 years there will be "extended coexistence" of both IPv4 and IPv6, which makes security integration confusing, Kurtz said. Some administrators don't know their new equipment has IPv6 capabilities, and may fail to configure them properly against attack. Applications closely tied to IPv4 may not work properly in an IPv6 environment -- which could have dangerous effects on encryption, firewall and auditing tools, he added.
*By subscription only.
CNET, December 12, 2005
Browsers to get sturdier padlocks
The browser icon was designed to show that traffic with a Web site is encrypted and that a third party, called a certification authority, has identified the site and vouches for its validity. But in recent years, standards of verification have slipped, undermining the sense of security implied by the padlock. To solve that problem, a group of companies that issue the Secure Socket Layer certificates are working with major Web browser makers to develop a new type of "high assurance" certificate. The informal organisation, dubbed the CA Forum, has held three unpublicised meetings this year and plans to meet again next year, representatives from the companies involved told ZDNet’s sister site CNET News.com. Nearly half of US voters in a survey said fear of identity theft was keeping them from conducting business online, the Cyber Security Industry Alliance reported in June.
*Also appeared in ZDNet and TMCNet.
National Journal’s Technology Daily, December 12, 2005
On The Hill
The Senate Foreign Relations Committee has called for the ratification of a 2001 cyber-crime treaty, which was sent to the Senate for ratification in 2003. Under the European Convention on Cybercrime, U.S. law enforcement would cooperate with investigations of activities that are illegal abroad, but legal in the United States. Civil libertarians have expressed concerns over the international pact's potential implications on criminal jurisdiction, privacy and free speech. The Cyber Security Industry Alliance and the Business Software Alliance on Monday urged the Senate to ratify the treaty because it will enable law enforcement "to protect our information-based systems," CSIA Executive Director Paul Kurtz said in a statement. Eleven nations have ratified and entered it into force.
*By subscription only.
SC Magazine, December 12, 2005
Committee, organizations back treaty
The Cyber Security Industry Alliance and the Business Software Alliance issued a joint statement this month commending the Senate Foreign Relations Committee for its report recommending the ratification of the Convention on Cybercrime. The organizations called the Cybercrime Treaty, signed by the U.S. in November 2001, the "first and only international, multilateral treaty specifically addressing the need for cooperation in the investigation and prosecution of computer network crimes." The treaty requires global law enforcement cooperation with respect to searches and seizures, according to the groups. According to the U.S. Constitution, the pact must be ratified by the full Senate for approval. Eleven of the 42 countries that have signed the treaty have completed their ratification process.
All Headline News, December 13, 2005
Representative Thompson Blasts Federal Government Over Cyber Security Issues
Representative Bennie G. Thompson (D- MS), Ranking Member of the House Committee on Homeland Security, is going on record with concerns in regard to the federal government's continued failure to meet its cyber security protection responsibilities. The government recently received failing marks in cyber security protection, according to a report by The Cyber Security Industry Alliance's (CSIA). Most notably, the Department of Homeland Security received a "C" grade for failing to fill the Assistant Secretary for Cybersecurity. Thompson says, "Where is the government's leadership on cyber security? How long will the nation have to wait? I, for one, hope Mr. Chertoff doesn't wait until a cyber attack causes billions of dollars in damages or results in lost lives before he decides to appoint an Assistant Secretary to take charge of our nation's cyber crisis."
Feds Receive Poor Cybersecurity Report Card
The federal government barely earned a passing grade in its efforts to implement important cybersecurity measures over the past year, according to the Cyber Security Industry Alliance. CSIA released it’s National Agenda for Cyber Security in 2006 on Tuesday, which includes a review of the federal government’s progress towards enacting 12 recommendations the group made last year. The recommended improvements were aimed at three key areas: raising the profile of cyber security; encouraging information sharing, threat analysis and contingency; and improvement in education and R&D. The Administration and Congress received a grade of D or below on 7 of the 12 recommendations and earned a C on four others, for a combined grade of D+.
Federal Computer Week, December 13, 2005
Feds get D+ on 2005 cybersecurity
The federal government earned a barely passing grade in enacting meaningful improvements in cybersecurity during the past year, an industry group announced today. The Cyber Security Industry Alliance (CSIA) released its report card evaluating the federal government’s progress on 12 recommendations. Congress and the Bush administration received one B, four Cs, six Ds and an F – a 1.4 average on a 4.0 scale, or a D+. "Cybersecurity research is in a crisis," said Paul Kurtz, CSIA’s executive director. "Information sharing is largely at a standstill. There continues to be a lack of priorities." "It’s kind of old that we haven’t been making as much progress for as many years as we’ve been working on this," said James Lewis, senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies. Lewis moderated a panel discussion of CSIA board members who commented on the report card.
Government Executive, December 13, 2005
Tech institute launches graduate level cybersecurity program
As the federal government received a fresh round of criticism for failing to make the security of the nation's computer infrastructure a priority, a technology institution announced new graduate degree programs in that area. The SANS Technology Institute is offering Master of Science degrees in information security and information security management. In a report released Tuesday and called "National Agenda for Information Security in 2006", the Arlington, Va.-based Cyber Security Industry Alliance found that the government needs to demonstrate more leadership in protecting the country's information infrastructure. Paul Kurtz, executive director of CSIA, said that the government has taken limited steps to improve the state of IT security, but there is little strategic direction or leadership from the executive branch in the area. Kurtz said that he thinks very highly of the SANS Institute and is pleased that it is sponsoring the new degrees.
IDG News, December 13, 2005
Cybersecurity group knocks U.S. government efforts
The U.S. government has made little progress in most cybersecurity areas in the past year, despite warnings from several groups, a trade group representing cybersecurity vendors said today. The U.S. Department of Homeland Security (DHS) failed to hire an assistant secretary for cybersecurity even though DHS Secretary Michael Chertoff announced an elevated position in July, and cybersecurity research and development within the U.S. government is "at a crisis," said Paul Kurtz, executive director of the Cyber Security Industry Alliance (CSIA). The U.S. government has a "special role" to play in promoting and modeling cybersecurity, he said. "The bottom line is there continues to be a lack of leadership, hard work and execution when it comes to securing the information infrastructure," Kurtz said. "Let me be clear: We are not seeking to condemn the government or those currently involved in cybersecurity. They have good intentions. However, execution is what counts in the end."
*Also appeared in Computerworld and InfoWorld.
Internet News, December 13, 2005
Cyber Security Group Flunks Washington
Neither the Bush administration nor Congress is providing significant leadership or legislation to secure the United States against cyber attacks, a security trade association charged Tuesday. In its first public criticism of the White House and lawmakers' efforts to follow up on President Bush's 2003 much-ballyhooed National Strategy to Secure Cyberspace, the Cyber Security Industry Alliance (CSIA) said Washington has taken only "limited steps" to improving the security of the nation's infrastructure. The steps are so limited, the CSIA contends, that it gave both the White House and Congress a D for their efforts in 2005. "Currently, there is little strategic direction or leadership from the executive branch in the area of information security," said Paul Kurtz, CEO of the CSIA. "Ensuring the resiliency and integrity of our information infrastructure and protecting the privacy of our citizens should be higher on the priority list for our government."
National Journal’s Technology Daily, December 13, 2005
Cyber Security; Group Gives Policymakers Poor Grades on Cyber Issues
Congress and the Bush administration this year have failed to enact laws and regulations that would help protect sensitive information on the Internet, an official with the Cyber Security Industry Alliance said Tuesday. The group gave policymakers failing grades on 7 of 12 recommendations CSIA made last year to protect against cyber attacks. "We urge the government to show both leadership and execution on information security issues," Paul Kurtz, CSIA's executive director, said at a news conference. Congress and President Bush received D's on the calls to promote information sharing among agencies and with the private sector; collect data from the private sector to protect critical information systems; determine costs associated with cyber attacks; increase research and development funding for cyber security; and adequately fund cyber-security efforts. They gave the government an F for not improving the quality of software to combat cyber attacks. "It's getting kind of old that we haven't made much progress here," said James Lewis, a senior fellow at the Center for Strategic and International Studies, who joined security company executives at Tuesday's news conference to discuss the grades.
*By subscription only.
Sarbanes-Oxley Compliance Journal, December 13, 2005
Where Is The Government's Leadership On Cybersecurity?
Representative Bennie G. Thompson (D- MS), Ranking Member of the House Committee on Homeland Security, has expressed concern about the federal government's continued failure to meet its cybersecurity protection responsibilities. Congressman Thompson's comments were in response to the Cyber Security Industry Alliance's (CSIA) report, "National Agenda for Government Action on Information Security," released today that gives the government low or failing marks in several key areas of cybersecurity protection. The Department of Homeland Security received a "C" grade for failing to fill the Assistant Secretary for Cybersecurity position Secretary Michael Chertoff said the agency was creating as part of the Second Stage Review six months ago.
Washington Internet Daily, December 13, 2005
Senate Urged to Ratify Cybercrime Convention
The Senate Foreign Relations Committee urged the full chamber to ratify the Council of Europe's (COE) Convention on Cybercrime, a treaty that's been gathering dust for months and requires full Senate approval before the country becomes an official participant. The committee approved the convention this year after a hearing with State and Justice Dept. testimony, but no further action has been taken. The convention, negotiated during the Clinton Administration, has been slow to move. It didn't reach Congress until Nov. 2001, when it took a back seat to post-9/11 action. Eleven countries have fully adopted the convention in recent years but 31, including the U.S., have signed but not yet ratified the instrument. The Cyber Security Industry Alliance (CSIA) and Business Software Alliance (BSA) lauded the committee for its leadership in the global fight against computer-related crimes. The committee's action is "the first step toward strengthening international cybercrime laws and empowering law enforcement authorities to protect our information-based systems," said CSIA Exec. Dir. Paul Kurtz.
*By subscription only.
Washington Technology, December 13, 2005
Feds bring home poor grades on cybersecurity report card
The federal government deserves mostly "D” grades for cybersecurity, according to a report card issued today by the Cyber Security Industry Alliance, an Arlington, Va., advocacy group made up of IT companies. The group graded the federal government on progress in cybersecurity in 2005. It also issued its national agency for information security in 2006, promoting policy actions for the federal government to implement to improve IT security. The alliance gave the Bush administration six "Ds” for inadequately funding cybersecurity to the Office of Management Budget and to the National Institute of Standards and Technology; for not tracking the total costs of cyberattacks, taking too little action on information-sharing and other shortcomings. The Homeland Security Department received a "C” for failing to appoint an assistant secretary of cybersecurity and telecommunications, as promised by Secretary Michael Chertoff following his Second Stage Review in July.
Government Computer News, December 14, 2005
CSIA: Government weak on cybersecurity in 2005
The Homeland Security Department has made sustained progress in improving cybersecurity in priority areas, but a lot of work remains to be done, according to an advocacy group of IT vendors and a DHS official. Andy Purdy, acting director of DHS’ National Cyber Security Division, held a briefing to field questions about an industry trade association’s report card that gave the department poor grades on cybersecurity. According to the report card released yesterday by the Cyber Security Industry Alliance, the federal government failed to make much progress in securing its information systems in 2005, nor did it do much to encourage industry to strengthen its own IT security. In its harshest evaluation, CSIA gave the government an F on its National Information Assurance Partnership program, a joint effort by the National Institute of Standards and Technology and the National Security Agency, to establish cybersecurity certification standards.
SearchSecurity.com, December 14, 2005
Security Bytes: Exploit code targets older versions of Firefox
Cyber alliance to feds: Step up on security The federal government needs to show more leadership on cybersecurity next year, according to the Cyber Security Industry Alliance (CSIA). The Arlington, Va.-based advocacy group called on the government to "assert greater leadership in the protection of our information infrastructure in 2006" in a statement unveiling its "National Agenda for Information Security" for the coming year. The alliance's agenda identifies various actions required to improve information security, and includes a new "Digital Confidence Index" reflecting the public's lack of confidence in the nation's critical infrastructure. "Over the past year, the government has taken limited steps to improve the state of information security in our country, such as increased congressional leadership on issues of spyware and identify theft, and the creation of a new assistant secretary for cybersecurity and telecommunications position within the Department of Homeland Security," Paul Kurtz, executive director of CSIA, said in a statement. "However, this is simply not enough."
UPI, December 14, 2005
Dems join criticism of U.S. cybersecurity
Congressional Democrats have joined the chorus of criticism over the United States' perceived lapses in cybersecurity. The ranking Democrat on the House Committee on Homeland Security said in a statement Tuesday that the Republican administration was unacceptably slow in appointing a high-level official to oversee computer-security matters. "I, for one, hope Mr. (Secretary of Homeland Security Michael) Chertoff doesn't wait until a cyber attack causes billions of dollars in damages or results in lost lives before he decides to appoint an assistant secretary to take charge of our nation's cyber crisis," Rep. Bennie Thompson, D-Miss., declared. Thompson's broadside came on the heels of Tuesday's report from the Cyber Security Industry Alliance, which chastised the administration's overall cybersecurity efforts and gave Chertoff's agency a modest "C" grade.
Washington Internet Daily, December 14, 2005
Empty Cybersecurity Slot, R&D; Funding Top CSIA Complaints
The federal govt. scored a "D" or worse on 7 of 12 cybersecurity recommendations made in 2004 by the Cyber Security Industry Alliance (CSIA), the group said in its annual report. Despite progress -- like creating a Homeland Security Dept. (DHS) slot for cybersecurity & telecom issues and Senate committee action on the Council of Europe Cybercrime Convention the U.S. isn't where it ought to be, experts said Tues. "Lack of leadership, priorities and execution" at the federal level is making the nation more vulnerable, CSIA Exec. Dir. Paul Kurtz said. Months after DHS created an assistant secretary position for cybersecurity & telecom, the slot remains open. Warning he has no direct information about the fizzled recruitment process, Kurtz speculated DHS was distracted by the fall's hurricanes. People in similar positions have "run into a lot of frustrations," which might have alienated good candidates, Dunkelberger said. But that doesn't mean DHS shouldn't work on its outreach, he added. The U.S. spends the most worldwide on R&D;, but "we're behind in some places," Lewis said. An earlier CSIA study credited the Defense Advanced Research Projects Agency (DARPA) with about half of technological advances since its creation, Kurtz said.
*By subscription only.
The Washington Post, December 14, 2005
Technology Briefing: Security Efforts Fall Short, Group Warns
A group of leading technology companies yesterday chastised Congress and the Bush administration for what it characterized as a failure to support initiatives to fight online crime, saying a lack of leadership and accountability in this area is endangering U.S. economic and national security. The Cyber Security Industry Alliance said the federal government has largely declined to act on recommendations the group outlined a year ago, goals that mirrored policies originally set forth in early 2003 by the White House in the "National Strategy to Secure Cyberspace."
*This article also appeared in the December 14th edition of The Washington Post.