Industry Group Calls on the Federal Government to Strengthen Cyber Security

At a press conference in Washington D.C. last week, the Cyber Security Industry Alliance (CSIA) called on federal agencies and the Bush administration to strengthen the cyber infrastructure and protect end users from cyber attacks. CSIA urged the White House to ensure federal agencies follow through on the President's National Strategy to Secure Cyberspace by acting on 12 important recommendations identified by the cyber security industry and adopting a concrete agenda to further protect the nation against cyber threats.

According to a Gartner report on information security, analysts predict by 2005 an increasing incidence of large-scale, for-profit cyber crime conducted by terrorists and organized criminals that will force governments to take an active role in promoting common defenses in cyber security(1). The findings outline the critical need for increased cooperation between the public and private sectors to combat cyber attacks and strengthen cyber security.

CSIA today offered the White House 12 important steps to immediately strengthen the national cyber security posture. The security industry is calling on federal agencies and the Bush administration to adopt a concrete agenda on cyber security to further protect the nation against cyber threats.

The 12 steps outlined by CSIA represent concrete actions the federal government can take that will raise the profile of cyber security, promote information sharing, threat analysis and contingency planning, as well as boost efforts in research and development, and security education. In addition, they will serve to strengthen the collaboration between federal agencies and the private sector on information security issues.

CSIA called on federal agencies and the White House to lead by example from a cybersecurity perspective by implementing 12 recommendations:

• Dedicate an Assistant Secretary position in the Department of Homeland Security.
• Urge quick ratification of the Council of Europe's Convention on Cybercrime.
• Encourage information security governance in the private sector.
• Lead by example with federal procurement practices.
• Close the strategic gap between government and private-sector information security efforts.
• Strengthen Information Sharing and Analysis Centers (ISACs).
• Establish and test a survivable Emergency Coordination network.
• Direct a federal agency to track the costs associated with cyber attacks.
• Increase R&D funding for cyber security.
• Fund authorized responsibilities for NIST Computer Security Division and White House Office of Management and Budget.
• Strengthen the federal security certification process to improve the quality of security in software.
• Direct a task force to develop concrete actions that will secure digital control systems used by utilities.

"CSIA is committed to working with the administration to act on the President's National Strategy to Secure Cyberspace in a collaborative effort to improve cyber security across the public and private sectors," said John W. Thompson, chairman and chief executive officer of Symantec and chairman of the CSIA. "We face serious threats and vulnerabilities to the national information infrastructure that must be met head on with strong leadership by our administration."

"The Bush administration has made significant improvements to cyber security but there is still more that must be done to harden our economy and critical infrastructure against potential cyber attacks," said Paul Kurtz, executive director of Cyber Security Industry Alliance and one of the original developers of the President's National Strategy to Secure Cyberspace. "CSIA believes that the time for action is now. We have moved beyond the discussion and planning phase and have identified concrete actions that can be taken by the administration to immediately improve the security of our nation's cyber systems."

(1) Gartner, "CEO and CIO Update: Establish a Strong Defense in Cyberspace for Information Security"