CSIA Calls for Strategic National Information Assurance Policy

The Cyber Security Industry Alliance (CSIA) has called for a more strategic and coordinated approach from the federal government to ensuring our nation's cyber security in two separate testimonies before Congressional subcommittees. CSIA Executive Director Paul Kurtz emphasized that the level of attention given to securing our information infrastructure is inadequate considering the reliance of Americans on our cyber systems.

In testimony before the House Committee on Energy and Commerce's Subcommittee on Telecommunications and the Internet, Kurtz highlighted the importance of our nation's cyber systems, calling them the newest and most pervasive portion of our critical infrastructure, and discussed the federal government's role in its protection. At the core of CSIA's recommendations is the need for a Strategic National Information Assurance Policy that would outline the key roles that relevant government agencies should play in the protection of our cyber infrastructure.

"No single entity owns our information infrastructure and no single government agency is solely responsible for its protection. While the Department of Homeland Security clearly plays a critical role, many other agencies share responsibility for the overall well being of our cyber systems," said Kurtz. "Yet the government has shown little strategic direction or leadership when it comes to ensuring the resiliency and integrity of our information infrastructure and the protection of the privacy of our citizens. This is baffling when one considers that nearly every service we use, from our communications and utility networks to our financial and medical systems, is in some way reliant upon our nation's digital networks."

Kurtz gave more specific insight into the Department of Homeland Security's (DHS) role in ensuring our national cyber security in a separate testimony before House Committee on Homeland Security's Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity. In these remarks, he discussed the specific responsibilities DHS has for safeguarding our nation's cyber systems. He also noted the absence of DHS leadership in cyber security and the fact that there is no plan for preventing or minimizing a major cyber disaster. Kurtz specifically pointed to the need to fill the position of assistant secretary for cybersecurity and telecommunications, a post that has been empty for the 14 months since its creation.

In both testimonies, Kurtz called out the need for a cyber early warning system that provides the nation with situational awareness of attacks. This mechanism would be similar to the National Oceanic and Atmospheric Administration's (NOAA) National Hurricane Center, which can provide advance notice before a storm.