Cyber Security Industry Alliance Newsletter • Volume 1, Number 11 • July/August 2005

CSIA in the News

Articles of Interest

Federal Computer Week, June 27, 2005
Voice Over IP Exposed
If you are thinking of adding voice-over-IP capabilities to your existing infrastructure without upgrading network security, think again. You could be inviting disaster. Agency officials can't expect security systems designed to protect data traffic to adequately secure their VOIP communications, experts say. "The idiosyncrasies of voice data may strain your security system to the breaking point," said Richard Kuhn, a computer security specialist at the National Institute of Standards and Technology. "You definitely need specialized security products and different architectures when moving to VOIP." For many organizations, availability is at least as important as security. "When users pick up a VOIP phone, they have the same expectations as when they pick up a plain old telephone," said Paul Kurtz, executive director of the Cyber Security Industry Alliance. "They want an immediate dial-tone and no delay in placing a call." For the government, expectations not only come from employees using VOIP phones but also from residents who don’t know or care what technology the phones use, they just want to get through quickly. "The phone is what enables a lot of national security and emergency services," Kurtz said. Accordingly, he and others suggest a layered approach, with sufficient redundancy built in to provide the availability appropriate to the service.

TechWebNews, July 13, 2005
Homeland Security Elevates Cyber Czar Spot
Buried in the massive restructuring plans that Department of Homeland Security Secretary Michael Chertoff announced Wednesday for his 180,000-employee agency is a promotion in the position of national cyber security czar, a move that Congress and the computer security industry has been urging for months. "We appreciate both the efficiencies and the vulnerabilities of the modern technology on which so much of our society depends," said Chertoff in prepared remarks Wednesday as he outlined the DHS reorganization. "To centralize the coordination of the efforts to protect technological infrastructure, we will create the new position." The Cyber Security Industry Alliance (CSIA), founded in 2004 by security firms such as Symantec, McAfee, RSA Security, Check Point, and Internet Security Systems, has been pushing for an assistant secretary, and was glad to see its labors rewarded. "This is the first time in the Federal government that we'll have a senior, full-time position with budgetary authority," said Paul Kurtz, executive director of the CSIA. "Now we have someone who can champion security. That's a great step forward." Kurtz applauded Chertoff for doing the right thing. "If you look at what the Secretary's done in retuning the department, there's a logic to where he's placed this position." Others played a part in upgrading the position, Kurtz said, including Congress and particularly the House Committee on Homeland Security, on which both Lofgren and Thornberry served in the last session. "If he [Chertoff] was looking for outside verification, he got it from Congress when not just one, but five or six committees said we need more seniority and authority in the position."
*Story also appeared in Developer Pipeline and Optimize.

 

CSIA Coverage

Associated Press, June 15, 2005*
Poll: Most Want U.S. to Make Internet Safe
Most Americans believe the government should do more to make the Internet safe, but they don’t trust the federal institutions that are largely responsible for creating and enforcing laws online, according to a new industry survey. People who were questioned expressed concerns over threats from identity theft, computer viruses and unwanted "spam" e-mails. But they held low opinions toward Congress and the Federal Trade Commission, which protects consumers against Internet fraud. The telephone survey of 1,003 likely voters was funded by the Washington-based Cyber Security Industry Alliance, a trade group that has lobbied the Bush administration to pay greater attention to Internet security. The alliance also has cautioned lawmakers against what it considers unnecessary security laws. "There are some mixed signals here," said Paul Kurtz, the group’s executive director and a former White House cybersecurity official. "There is definitely a desire to see government provide more leadership, but there is some anxiety about what ultimately might come out." Kurtz said Congress and the Bush administration should do a better job enforcing existing Internet laws against hackers, thieves and vandals and offer incentives for companies to improve security. "I don't think the public knows what it wants Congress to do, but it wants Congress to do something," said Dan Burton, the senior lobbyist for Entrust Inc., an online security company and member of the trade group. "They don’t have a lot of confidence that Congress will do the right thing."
*This story has appeared in 150 outlets, including The Washington Post, Forbes, BusinessWeek and InformationWeek.

Broadcast News, June 15, 2005*
Prep-Cyber Corner
A new study says most Americans want the US government to do more to make the Internet safe. But they also say they don’t really trust the federal agencies whose job it would be to help police the Internet. Those answering the survey say they are concerned about things like identity theft, computer viruses and spamming. But they didn’t think much of Congress or the Federal Trade Commission, which are supposed to protect people from Internet fraud. The survey was paid for by the Washington-based Cyber Security Industry Alliance. It’s a trade group that has been trying to get the Bush administration to pay more attention to Internet security. At the same time, the alliance warned lawmakers about setting up what it considers unnecessary security laws to protect computer users. *Subscription required to access full article.

CIO Today, June 15, 2005
Survey: Net Security Efforts Fall Short
A nationwide poll by the Cyber Security Industry Alliance (CSIA) reveals that U.S. Internet users are increasingly wary of Internet security threats and are looking to the government, as well as the I.T. industry, to protect them. The survey of 1,003 registered U.S. voters found that 97 percent of those polled rate identity theft as a serious problem, while 93 percent find spyware a serious threat. The results show that such fears are having a negative impact on e-commerce, as 48 percent of respondents said they avoid making purchases on the Internet because of concerns that financial information might be stolen. Efforts to thwart cyber criminals are falling short, the survey suggests, with just 28 percent of voters indicating that the government is placing the right emphasis on protecting information systems and networks. "It’s clear that voters are concerned about the security of their personal information on the Internet, and that fear is inhibiting the full potential of e-commerce," said Paul Kurtz, executive director of CSIA. "They feel positive about the Internet, but they want a coordinated approach to security that includes pursuing and prosecuting cyber criminals, industry security standards and input from with consumer groups," said Kurtz. When legislation is necessary, such as in the case of securing sensitive personal information, Congress should not duplicate existing requirements established by federal law, but should address gaps in such legislation, said Kurtz.

CNET News.com, June 15, 2005*
Web shopping thrives amid phishing fears
Nearly half of voters surveyed nationwide last month said fear of identity theft was keeping them from conducting business online, the Cyber Security Industry Alliance said in a report released Wednesday. In addition, 97 percent of American voters told the technology industry trade group that identity theft was a problem that needs addressing, and 93 percent cited fears over spyware. "Clearly, voters are concerned about the security of their personal information on the Internet, and that fear is inhibiting the full potential of e-commerce," Paul Kurtz, CSIA executive director, said in a statement. Despite this, a survey of 135,000 businesses conducted by security company VeriSign found that e-commerce transactions rose 30 percent over the past year. At the same time, VeriSign sounded a note of alarm over online fraud, noting in its report that phishing scammers have started to use more sophisticated techniques as a response to security countermeasures. New laws are needed to fight such attacks and protect online privacy, according to 17 percent of voters in the Cyber Security Industry Alliance study. Some 64 percent said they wanted the government to do more to protect computer security. The Cyber Security Industry Alliance survey of 1,003 likely voters had a margin of error of 3 percent. Members of the Cyber Security Industry Alliance include Juniper Networks, McAfee, RSA Security and Entrust.
*Also appeared in ZDNet.

Dow Jones Newswires, June 15, 2005*
Intermix Up 12% Co To Settle Spitzer Adware Suit
Intermix Media Inc.’s (MIX) stock jumped Wednesday after the company said it agreed in principle to settle a lawsuit filed by New York Attorney General Eliot Spitzer for alleged illegal distribution of adware. The Los Angeles Internet company said late Tuesday it forged a preliminary agreement to settle the suit, without admitting wrongdoing, for $7.5 million, which it will pay the state of New York over three years. The case showed that traditional business laws prohibiting false advertising and deceptive business practices can be used successfully in the emerging fight against adware and spyware, which have become major consumer frustrations.

A number of laws addressing adware and spyware programs are before Congress this year. A survey of likely voters released Wednesday by the Cyber Security Industry Alliance, a Washington, D.C., lobbying group, showed overwhelming support for three bills introduced. According to the survey, more than 90% of voters consider spyware and identity theft serious problems and 71% believed new laws were needed to protect consumers. Nearly half of respondents said they are curtailing their online shopping because of concerns their financial information could be stolen.
*Subscription required to access full article.

Internet Retailer, June 15, 2005
48% of consumers avoid online shopping due to fears of fraud, study says
48% of consumers avoid shopping on the Internet because of fears their personal financial information could get stolen, the Cyber Security Industry Alliance reports in a study released today. "Clearly voters are concerned about the security of their personal information on the Internet, and that fear is inhibiting the full potential of e-commerce," says Paul Kurtz, executive director of the CSIA. The study, which also sought to gauge public interest in tighter Internet security laws, was based on a survey conducted by Pineda Consulting of 1,003 consumers. 97% of respondents cited identify theft on the Internet as a serious problem, and 93% said spyware was a serious problem. 28% said they think the federal government is placing the right emphasis on protecting information systems and networks, but 64% said they think the government needs to place a higher priority on protecting information systems. Kurtz says he hopes Congress will act on consumers’ concerns and address gaps in existing laws pertaining to Internet security and encourage industry adoption of cyber security standards. "We must be careful about the public policy course we chart in the next few years, as it will have long-term consequences for innovation and economic growth."

MSNBC, June 15, 2005
Data leaks stunt e-commerce, survey suggests
Nearly half of all Americans avoid shopping on the Internet because they are worried their personal information will be stolen, according to a survey released Wednesday by an industry group. The survey also found nearly all Americans think identity theft and spyware are serious problems, but only 28 percent think the government is doing enough to address the issues. About 70 percent said new laws are necessary to protect consumer privacy. "Clearly voters are concerned about the security of their personal information on the Internet, and that fear is inhibiting the full potential of e-commerce," said Paul Kurtz, executive director of the alliance. Avivah Litan, vice president and research director at Gartner Inc., said the study's findings are consistent with research she is currently conducting. Lawmakers still need to do more, said PrivacyToday.com’s Rob Douglas, who has testified at several of the ChoicePoint hearings. The survey reflects people’s frustration, Douglas said. The real news from the survey is the general loss of faith in U.S. companies to protect personal information, Douglas said - which ultimately may not only stunt e-commerce growth, but may have an effect on the wider economy.

National Journal's Technology Daily, June 15, 2005*
Government Systems Not Prepared For Threats
Government computer systems are not prepared for the mounting sophistication of Internet-based hacker attacks, according to a new report from the Government Accountability Office (GAO), GoxExec.com reports. As the risks created by emerging threats increase, GAO auditors said most agencies are unaware and are failing to comply with the requirements of a law designed to improve readiness. In other news, AP reports that a Cyber Security Industry Alliance survey concludes that Americans would like to see more federal efforts to make the Internet safer.
*Subscription required to access full article.

News & Record, Greensboro, June 15, 2005*
Business News Briefs
Most Americans believe the government should do more to make the Internet safe, but they don't trust the federal institutions that are largely responsible for creating and enforcing laws online, according to a new industry survey. People who were questioned expressed concerns over threats from identity theft, computer viruses and unwanted "spam" e-mails. But they held low opinions toward Congress and the Federal Trade Commission, which protects consumers against Internet fraud. The FBI scored more favorably among Internet users in the survey but still lower than technology companies, such as Microsoft Corp. and Dell. The telephone survey of 1,003 likely voters was funded by the Washington-based Cyber Security Industry Alliance, a trade group that has lobbied the Bush administration to pay greater attention to Internet security. The alliance also has cautioned lawmakers against what it considers unnecessary security laws.
*Subscription required to access full article.

Ottawa Business Journal, June 15, 2005
Entrust urges action on identify theft
Entrust, the Dallas-based digital security firm with significant Ottawa operations, is calling on the U.S. Congress to address identity theft and protect sensitive personal information. A survey by the Cyber Security Industry Alliance shows near-unanimous concern among U.S. voters about identity theft, and they’re looking to Congress, industry and consumer groups to do more to keep them safe online. "The results of this survey should serve as a wake-up call to policymakers and business leaders," says Bill Conner, president, CEO and chairman of Entrust and co-chair of the CSIA public policy committee. "Voters view identity theft as a white hot issue and want the government to protect them. In the interim, they are voting with their keyboards by curtailing online transactions." In response to major recent security breaches, Entrust says it has urged the U.S. Congress to enact a uniform national breach notification law for unauthorized acquisition of unencrypted personal information and to help speed adoption of technologies to promote strong authentication and encryption. "Organizations that depend on online transactions risk financial loss and brand erosion unless they act quickly to protect sensitive information," says Mr. Conner.

Reuters, June 15, 2005
Survey finds ID theft fears hurt online shopping
Nearly half of U.S. voters say they don’t shop online because they fear identity thieves may capture their bank-account information, according to a survey released on Wednesday by a technology-industry trade group. Amid a rash of corporate foul-ups that have exposed consumers to identity theft, the Cyber Security Industry Alliance found that 71 percent of voters it surveyed believe that new laws are needed to protect consumer privacy online. Congress is considering several measures designed to increase corporate data security. Most would require companies to tell customers when a security breach has placed them at risk of identity theft. Some would require companies to take more concrete steps, such as encrypting customer information.

Saint Paul Pioneer Press, June 15, 2005*
Survey: Net safety shaky
Most Americans believe the government should do more to make the Internet safe, but they don’t trust the federal institutions that are largely responsible for creating and enforcing laws online, according to a new industry survey. People who were questioned expressed concerns over threats from identity theft, computer viruses and unwanted "spam" e-mails. But they held low opinions toward Congress and the Federal Trade Commission, which protects consumers against Internet fraud. The FBI scored more favorably among Internet users in the survey but still lower than technology companies, such as Microsoft Corp. and Dell Inc. The telephone survey of 1,003 likely voters was funded by the Washington-based Cyber Security Industry Alliance, a trade group that has lobbied the Bush administration to pay greater attention to Internet security.
*Subscription required to access full article.

SC Magazine, June 15, 2005
U.S. voters wants more cybersecurity from government
Worries about identity theft and spyware are making U.S. voters wary of the internet and they want Congress to do more to protect them online, according to a recent survey. The survey, conducted for the Cyber Security Industry Alliance (CSIA) by Pineda Consulting, queried 1,003 voters by phone last month. CSIA is an industry advocacy group of security vendors. A whopping 97 percent rated identity theft as a serious problem while 93 percent cited spyware as troublesome. A particularly "stunning" result, according to CSIA executive director Paul Kurtz, was the 48 percent who said they avoid making purchases on the internet out of fear that their financial data might be stolen. Sixty-four percent of all respondents - Democrats and Republicans alike - said the government needs to make cybersecurity a higher priority. Seventy-one percent said new laws are needed to protect consumer privacy on the web. Despite the results, CSIA does not believe the survey "calls for a mandate to achieve cybersecurity through regulation," Kurtz said in a conference call Wednesday. Rather, the group advocates a comprehensive approach that includes high security standards from companies, working with consumer groups, and tough punishment of internet criminals. "We should look closely at existing law and how it might be used to improve security," he said. "If Congress is going to act, we encourage it to look at existing laws and fill in the gaps.

TechWeb, June 15, 2005
U.S. Voters Want Action On Internet Security
The vast majority of U.S. voters are fearful about identity theft and other threats on the Internet, and want Congress to pass new laws to protect their privacy online, a survey released Wednesday showed. Voters were nearly unanimous in rating identity theft and spyware serious problems, 97 percent and 93 percent, respectively, according to a survey of more than 1,000 likely voters conducted on behalf of the Cyber Security Industry Alliance in Washington, D.C. "E-commerce is actually growing, but the warning signs are there. There’s a real concern about identity theft, and it’s going to erode the existing market for e-commerce, or, more likely, it will inhibit the full potential of e-commerce," Paul Kurtz, executive director of CSIA, said. To make the Internet safer, the CSIA advocates a coordinated approach between government, industry and consumer groups that include tough punishment through better laws and high security standards from companies. The industry group said Congress should avoid duplication and focus on filling the "gaps" in existing laws. In addition, lawmakers should "encourage" the adoption of widely accepted cyber-security standards. The CSIA, which includes many security technology firms as members, believes consumers would favor laws that require companies to take security measures to address specific problems, such as theft of personal information.

IDEX, June 16, 2005
Security Fears Holding Back Internet Sales Growth
Buying online may have taken off massively in recent years, but new research shows almost half of all Americans don’t shop on the Internet due to fears their personal information will be stolen, thus sharply reducing the potential of Internet sales, according to a survey. Almost all those surveyed believe theft and spyware are serious problems, and only 28 percent think the government is doing enough to deal with the issues. Close to three-quarters of respondents (70 percent) said new laws were needed to protect consumer privacy. Among members of the public surveyed, 48 percent shun Internet shopping, while 97 percent think identity theft is a serious problem and 93 percent believe spyware is a serious problem. The telephone survey was conducted for the Washington-based Cyber Security Industry Alliance, a trade group that has called on the White House to pay more attention to Internet security. "They [security threats and attacks] are having a direct adverse effect on e-commerce," said Avivah Litan, vice president and research director at Gartner Inc, who said the survey findings were in line with her research.

Investor's Business Daily, June 16, 2005*
Trends and Innovations
Nearly 50% of Americans avoid buying from Internet sites because they fear their personal data will be stolen, according to a survey by Cyber Security Industry Alliance. 70% of respondents think there needs to be strict laws in place to protect consumer privacy and 72% think the U.S. is not doing enough to address online privacy concerns.
*Subscription required to access full article.

Marketing Vox, June 16, 2005
Fear of Fraud Keeps Shoppers Offline, Drives Call for Feds’ Intervention
Nearly half - 48 percent - of consumers avoid shopping online because of fears their personal financial information could get stolen, according to a just-released Cyber Security Industry Alliance study, Internet Retailer writes. However, nearly as many - 47 percent - say they are confident that their information is safe on the internet. Some 97 percent of respondents cited identify theft on the internet as a serious problem, and 93 percent said spyware was a serious problem. The study also sought to gauge public interest in tighter internet security laws. Only 28 percent said the federal government is placing the right emphasis on protecting information systems and networks, and 64 percent said the government should make it a higher priority to protect information systems. Paul Kurtz, executive director of the CSIA, says he hopes Congress will act on consumers’ concerns and encourage industry adoption of cyber security standards.

Media Life Magazine, June 16, 2005
Who's afraid of identity theft? Most online buyers
Are internet security threats hurting ecommerce? Yes, according to the results of a survey conducted by the Cyber Security Industry Alliance. The survey of 1,003 registered U.S. voters found 97 percent consider identity theft a serious threat, and another 93 percent said the same about spyware. But more troubling for online marketers is that 48 percent of those surveyed said they don't buy products online because they’re afraid their personal financial information will be stolen. Perhaps more comforting is that consumers don’t blame the e-stores themselves; they blamed the government. Only 28 percent of those surveyed said the government is placing the right amount of emphasis on protecting information, and 64 percent said lawmakers should make it a higher priority. Seventy-one percent said new laws must be passed addressing online privacy.

SC Magazine, June 16, 2005
U.S. is biggest source of online fraud
More than four-fifths of fraudulent online transactions originate in the U.S. according to a new study. The latest edition of the VeriSign’s Internet Security Intelligence Briefing said that the U.S. tops this chart accounting for 84.9 percent of all fraudulent transactions. Canada came second with 5.2 percent, the U.K. third with 1.1 percent. The writers of the report said committing fraud from these countries had some advantages for the criminal. "First, the number of computers with broadband connections is very large in these countries, so many potential criminals have easy access to the internet," said the researchers in the reports. "Second, many of these computers have been compromised with bots, trojan horses or worms, enabling a criminal to use them as an anonymous proxy to commit fraud." According to a new survey by Cyber Security Industry Alliance (CSIA), worries about identity theft and spyware are making U.S. voters wary of the internet and they want Congress to do more to protect them online.

Washington Internet Daily, June 16, 2005*
Voters Express Widespread Concern Over Cybersecurity
Americans are increasingly insecure about their online safety and are looking to Capitol Hill, industry and consumer advocacy groups to do more to preserve the privacy of their personal information on the Internet. As a handful of data security bills await consideration by Congress, and businesses that collect consumer data find new ways to assuage customers’ fears, a new nationwide survey indicates almost 1/2 of Internet users avoid making purchases online because they fear their financial information may be stolen. More than 70% of those surveyed said new laws are needed to protect consumer privacy, according to a report released Wed. by the Cyber Security Industry Alliance (CSIA). Users’ anxiety is holding back e-commerce, said CSIA Exec. Dir. Paul Kurtz, saying the only way to preserve the Internet’s appeal as a place for doing business is a coordinated approach that includes tough punishment through better laws, higher security standards from companies, and consumer protections and partnerships with consumers. The survey results should serve as a "wake-up call to policymakers and business leaders," Entrust Pres. Bill Conner said. "Voters view identity theft as a white hot issue and want the government to protect them. In the interim, they are voting with their keyboards by curtailing their online transactions," he said. Conner is co-chair of the CSIA Public Policy Committee. Entrust has urged Capitol Hill to enact a national breach notification law for unauthorized acquisition of unencrypted personal data and to help accelerate technology development in the areas of authentication and encryption.
*Subscription required to access full article.

IDG News, June 17, 2005*
Congress offers competing ideas on fighting ID theft
Several U.S. senators pushed for new identity theft regulations on U.S. businesses, but a number of conflicting ideas were presented at a hearing yesterday, including a proposal requiring licensing of companies that sell personal data. U.S. companies reported that 9.6 million personal records have been lost since early February, prompting members of the Senate Commerce, Science and Transportation Committee to say they’re ready to act, although they have competing ideas of what to do. "If this isn't an eye-opening threat to Americans’ privacy, then I don't know what is," said Sen. Bill Nelson (D-Fla.), a co-sponsor of a wide-ranging ID theft bill. A survey released Wednesday by the Cyber Security Industry Alliance advocacy group seemed to support Nelson’s concern. Of 1,003 likely voters surveyed, 97% said identity theft is a serious problem. Forty-eight percent indicated that they avoid making purchases on the Internet because they are afraid their financial information may be stolen. Seventy-one percent of those surveyed said new laws are necessary to protect consumer privacy on the Internet.
*Also ran in Computerworld.

Softpedia News, June 17, 2005
eCommerce endangered by frauds
It has been proven that half of the adults from USA have given up online shopping because they are too scared of hackers finding out their private information. Cyber Security Industry Alliance has discovered that almost 71% of one study's respondents said they wish that a new online security legislation is enforced. 64% of the respondents blamed the American government for the lack of response and the indifference with which they have treated the online frauds from the last time. Reuters announces that the American Congress is discussing some measures which can be applied to increase the security of the companies’ data. The recently published study was carried out with the help of 1,003 respondents and had an error margin under 3%.

CNETNews.com, June 20, 2005*
Hackers steal 40 million credit-card numbers
In what could be the largest data security breach to date, MasterCard International on Friday said information on more than 40 million credit cards may have been stolen. Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover. The breach occurred at CardSystems Solutions in Tucson, Arizona, a third-party processor of payment data, according to a MasterCard statement. An intruder was able to use security vulnerabilities to infiltrate the CardSystems network and access the cardholder data, MasterCard said. The security breach at the company was discovered using tools that monitor for credit card fraud, MasterCard said. Two recent surveys have highlighted growing worries about data protection. On Wednesday, the Cyber Security Industry Alliance reported that 97 percent of the American voters it polled said identity theft was a problem that needs addressing, and 64 percent wanted the government to do more to protect computer security. In addition, a study commissioned by Adobe and RSA Security found that eight out of 10 "senior-level professionals" in Washington DC, thought that lawmakers weren’t doing enough to keep consumer data safe.
*Also ran on ZDNet.

Jackson Clarion Ledger, June 20, 2005
Gov’t should keep its mitts off!
A survey of by the trade group Cyber Security Industry Alliance has found that most Americans believe the federal government should do more to make the Internet safe, but don’t trust the federal government to do it. That’s understandable. The Internet arose from networks of private university and corporate communications, without government interference, and has as its hallmark the free interchange of ideas, without government regulation. It may be the best, most modern example of free speech. But that lack of regulation is also its greatest pitfall: with online predators, SPAM, con artists, porn sites and every other ill upon the Earth, causing average Americans worry. The survey says 71 percent of people believe Congress needs to pass new laws to keep the Internet safe, but further questions reveal that citizens don’t trust the Federal Trade Commission, the FBI or other officials to regulate it. That’s understandable, too. Given Congress’ infringement of civil liberties with the so-called and misnamed Patriot Act, where government can monitor citizens through phones, Internet, wireless, documents, even which library books citizens read, that concern is warranted. Given that demonstrated lack of restraint, government should keep its mitts off, and instead provide incentives for private enterprise to develop more sophisticated security.

St. Petersburg Times, June 20, 2005*
Make Internet safer, survey respondents say
Most Americans believe the government should do more to make the Internet safe, but they don’t trust the federal institutions that are largely responsible for creating and enforcing laws online, according to a new industry survey. People who were questioned expressed concerns over threats from identity theft, computer viruses and unwanted "spam" e-mails. But they held low opinions toward Congress and the Federal Trade Commission, which protects consumers against Internet fraud. The telephone survey of 1,003 likely voters was funded by the Washington-based Cyber Security Industry Alliance, a trade group that has lobbied the Bush administration to pay greater attention to Internet security.
*Subscription required to access full article.

InformationWeek, June 20, 2005
Data Security Requires A Group Effort
40... million...credit cards. MasterCard, Visa, Discover and American Express. That's enough accounts to represent roughly one card each for the 19% of the U.S. population that is 18 and over. In the last four months we have had at least 14 episodes of exposed data - be it by loss, theft or hacking. A recent survey by the Cyber Security Industry Alliance found that consumers want something done about the myriad of computer assaults peppering their systems - phishing, viruses and spam - but they don’t trust the federal agencies most in a position to legislate protections - Congress and the Federal Trade Commission - to do the right thing. The thing is, we need a lot more than a federal mandate ordering holders of our data to inform us when it is lost or stolen. That’s closing the barn door after all the horses have left. We obviously need to mandate some level of security, and penalties for failing to provide it, since on their own, the data aggregators don’t seem able to learn from, or react to, recent history. But thanks to this latest theft, we may have missed the window for some well-thought out legislation. There is nothing like front page headlines, angry voters and the chance the legislators themselves may be victimized, to fuel a rush to legislation.

CNETNews.com, June 21, 2005*
Hacking scandal blamed on broken rules
More details emerged Monday on the cybersecurity breach at a payment processing company that exposed more than 40 million credit-card accounts to fraud. The data security breach, possibly the largest to date, happened because intruders were able to exploit software security vulnerabilities to install a rogue program on the network of CardSystems Solutions, MasterCard International spokeswoman Jessica Antle said. The program captured credit card data, she said. Two recent surveys have highlighted growing worries about data protection. Last Wednesday, the Cyber Security Industry Alliance reported that 97 percent of the American voters it polled said identity theft was a problem that needs addressing, and 64 percent wanted the government to do more to protect computer security. In addition, a study commissioned by Adobe and RSA Security found that eight out of 10 "senior-level professionals" in Washington DC thought that lawmakers weren’t doing enough to keep consumer data safe.
*Also appeared on ZDNet and Silicon.com.

Government Technology, June 21, 2005
Voters Say Federal Government Should Take More Active Role in Cyber Security
United we stand, at least on the issue of making the Internet more secure, preventing identity theft and the proliferation of spyware, according to findings in a survey published last week by the Cyber Security Industry Alliance, an Internet security policy advocacy group. According to the survey, both Republicans and Democrats agree that the federal government needs to do more to protect consumers on the Internet. The survey found there was broad consensus on the government being more involved in the safety of the Internet. "Keeping the Internet a place where consumers feel confident doing business can only be achieved through a coordinated, comprehensive approach that includes tough punishment through better laws, high security standards from companies, partnership with consumer groups, and protection for consumers nationwide," Paul Kurtz, executive director of CSIA said. "Voters are looking to government for more leadership and accountability on cyber security issues," Kurtz said. "We must be careful about the public policy course we chart in the next few years. When legislation is deemed necessary, such as in the case of securing personal information, Congress should not duplicate existing requirements, but should address ‘gaps’ in existing law and encourage the adoption of widely accepted cyber security standards."

U.S. News & World Report, June 21, 2005
Tech Trends: Americans seek legislative protection from identity theft
More than 40 million credit cards handled by an Atlanta-based card-processing company have been exposed to fraud. Information from approximately 13.9 million MasterCard brand cards and 20 million Visa cards may have been stolen from systems used by third-party processing company CardSystems Solutions. Cards from other brands such as Discover and American Express may also have been vulnerable. Names, account numbers, and verification codes were exposed, but Social Security numbers were not. This hack attack comes on the heels of a slew of security lapses at Citigroup, Bank of America, and Time Warner, among others. Results from a survey released last week by the Cyber Security Industry Alliance, a public policy group focused on cybersecurity issues, show that Americans are increasingly concerned about identity theft and that they believe Congress isn’t doing enough to prevent it. In a separate survey of 400 senior-level professionals in and around Washington, D.C., iQ Research and Consulting found that 80 percent believe Congress has not done enough to protect Social Security information and that three quarters of those surveyed say the same about financial data and credit card information. The study was commissioned by RSA Security and Adobe Systems.

Milwaukee Journal Sentinel, June 22, 2005*
A shield from identity theft
Thanks to the carelessness of CardSystems Solutions, an Atlanta-based credit card processing firm, enterprising hackers have thousands of credit card numbers to scatter on the black market this week, to be sold and traded like baseball cards. The incident of identity theft was one of the most severe in recent months, but it doesn't look to be the last. And it certainly won’t be the last such occurrence without state and federal regulations that attach real penalties to blundering or inept companies that expose customers to identity theft. Two bills introduced this year demand, among other things, that companies immediately notify customers if their information has been compromised. Wisconsin cannot be content to leave this matter in federal hands, and legislation might now be in the works. Following the lead of California and Illinois, state lawmakers should pass legislation demanding immediate disclosure so victims can close compromised accounts before they are breached by thieves. Consumers are clearly concerned. According to a recent study sponsored by the Cyber Security Industry Alliance, 97% of those surveyed saw identity theft as a serious problem. Seven in 10 believe lawmakers need to pass new laws to protect consumer privacy.
*Subscription required to access full article.

CIO Today, June 23, 2005*
E-Commerce Hammered by Recent Hacks
Headlines highlighting misplaced data files and unauthorized access to sensitive personal information by Internet criminals are having a negative impact on consumer confidence in online commerce, according to recent research conducted by Gartner. The number of consumers targeted by phishing attacks -- carefully designed e-mails that attempt to dupe users into giving up their credit card or other personal information on bogus Web sites -- rose 28 percent in the 12 months ending in May 2005 compared with the previous year, according to the Gartner data. The research also indicates that consumers want the government to play a larger role in Internet security, making company executives more accountable. Gartner’s research confirms results of a recent nationwide poll by the Cyber Security Industry Alliance (CSIA) showing that U.S. Internet users are increasingly wary of Internet-related security threats and are looking to the government, as well as the I.T. industry, to protect them. The survey of 1,003 registered U.S. voters found that 97 percent of those polled rate identity theft as a serious problem, while 93 percent find spyware to be a serious threat. The results show that such fears are having a negative impact on e-commerce, as 48 percent of respondents said that they avoid making purchases on the Internet because of concerns that financial information might be stolen.
*Also appeared in NewsFactor Network and TopTechNews.

eMarketer.com, June 23, 2005
The Mystery of Spyware, Part II
Webroot looked at spyware incidence on corporate and consumer PCs, scanning more than 35,000 corporate systems in about 18,000 companies, and running more than 1 million scans of individual PCs belonging to visitors to the Webroot site. On the corporate side, Webroot found that 87% of computers scanned had spyware, adware, tracking cookies, system monitors and Trojans. Surveying voters around the country, the Cyber Security Industry Alliance (CSIA) found that users are becoming increasingly insecure about using the Internet and are looking for Congress, industry and consumer groups to do more to keep them safe online. Specifically, 97% of voters - with virtually no difference between Republicans and Democrats - rate identity theft as a serious problem, and 93% find spyware a serious problem. In addition, the fear of identity theft is keeping many consumers from doing business online, with 48% indicating that they avoid making purchases on the Internet because they are afraid their financial information may be stolen. "Clearly voters are concerned about the security of their personal information on the Internet, and that fear is inhibiting the full potential of e-commerce. Keeping the Internet a place where consumers feel confident doing business can only be achieved through a coordinated, comprehensive approach that includes tough punishment through better laws, high security standards from companies, partnership with consumer groups, and protection for consumers nationwide," said Paul Kurtz, executive director of CSIA.

ITWeek, June 23, 2005*
US security alliance comes to Europe
The Cyber Security Industry Alliance (CSIA), a US lobby group of IT security firms, is opening European operations today. European representatives of the 15 member companies, which include Symantec, RSA Security and Computer Associates, will meet the CSIA’s executive director, Paul Kurtz, this afternoon to sort out an agenda for the European operation. Topics under discussion are likely to include expanding the membership of security firms based in Europe, and setting out an agenda for lobbying European institutions. "This is not the US riding in and telling the Europeans what to do. We are here to learn, more than anything else. It makes no sense to be a US-centric organisation when IT systems, and all of our members, operate internationally," said Kurtz. Tim Pickard, strategic marketing director for RSA in Europe, said: "We have been encouraging Paul Kurtz to come over for a while now. We want to work with him and expand the European presence of the CSIA. While we may all work in different security fields, we are working at identifying common goals."
*Also appeared in Computing, What PC? and VNUNet.com.

MSNBC, June 23, 2005*
ID theft concerns grow, tools lacking
Overwhelmed by a flood of bad ID theft news, consumers in search of a raft say the government isn’t doing enough to protect them. In one of the most extensive studies yet on consumer attitudes about identity theft, Gartner Inc. found that about half those polled either weren't aware they were entitled to a free credit report or considered them "not effective" in fighting ID theft. The survey, released Thursday, also found that one-third of consumers are "very concerned" about being victims of identity theft, and nearly half are altering their online activities as a result. Identity anxiety is also hampering e-commerce growth, the study found. Forty-two percent of respondents said worries about phishing, data losses, and spyware are affecting their online shopping habits. These findings parallel those of another study released last week by the Cyber Security Industry Alliance.
*Also appeared on Computer Crime Research Center.

Internetretailer.com, June 24, 2005
33% of online shoppers buying less due to fear of fraud, Gartner says
33% of online shoppers are buying fewer items due to concerns about online fraud, and 75% are more cautious about where they shop online, Gartner Inc. says in a new study. The study, based on a survey of 5,000 U.S. adults, also found that concerns about online fraud are lowering consumer confidence in e-mail as a means of communication with businesses. Phishing attacks, however, are not consumers’ biggest worry regarding online security, Gartner said. It noted that nearly twice as many consumers said they worry more about thieves stealing private credit reports and other sensitive financial data. Another study released earlier this month by the Cyber Security Industry Alliance found that 48% of consumers are avoiding shopping online due to fears that criminals might steal their personal financial information.

New York Times, June 26, 2005
Love the Web? Love Your Privacy? You Can't Have Both.
Our headlong love affair with the Internet has clearly progressed from starry-eyed digital passion to a murkier, more tangled dependence. We can’t live without it, and we’re finding it ever harder to live with it. Sure, we love all the bells and whistles, the instant access to a mind-numbing array of facts (some of which are even true), but we’d clearly prefer that this be a one-way street: we want to do our surfing in anonymity. No such luck - not in the age of identity theft. The Internet demons that are feared most, though, are not villains like mobsters and terrorists, but restless teenagers and penny-ante con artists, according to a survey done by Pineda Consulting for the Cyber Security Industry Alliance. And we want something done about it: 71 percent of those surveyed said that new laws were needed to protect consumer privacy on the Web. Nearly half of the respondents said they were avoiding making online purchases for fear of personal data being stolen.

InfoWorld, June 27, 2005
Cybersecurity group spreads to Europe
There isn’t a colored alert system indicating the level of threat faced by global information systems, but if there were former White House security director Paul Kurtz reckons it would currently be shining a bright orange for "high risk." "It's not appropriate to say the sky is falling, but I do think we are taking information security for granted," Kurtz said during an interview in London on Friday. It’s this concern that prompted Kurtz to come to Europe last week in his current role as executive director of the Cyber Security Industry Alliance (CSIA), a public policy advocacy group focused on cybersecurity issues. CSIA was launched in February of 2004 by a handful of IT security firms, including RSA Security, McAfee, and Symantec, and it is now seeking to expand its membership in Europe and to begin tackling issues across the Atlantic. At CSIA, Kurtz and the member companies want to work on global cybersecurity issues such as privacy and information integrity, as well as help develop policies like notifying the public when their information has been exposed in a data breach. The group is focused on enterprise issues and it's CEO-driven - its board comprises executives from McAfee, Symantec, and RSA, among others. "The bottom line is that the private sector is going to get attacked," Kurtz said. The U.S. government isn’t taking cybersecurity seriously enough, in fact it reduced research and development spending for the area in its latest budget, he said.

Washington Technology, June 29, 2005
Coalition Lobbies for Ratification of Convention of Cybercrime
A coalition of industry associations and individual companies from different sectors of the economy are asking the Senate Foreign Relations Committee to ratify the Convention on Cybercrime adopted through the Council of Europe. In a letter sent to the committee today, the coalition asks lawmakers to review the treaty and focus on the importance of global cooperation in fighting Internet-based crime, including fraud, identity theft, hacking and other offenses. The Convention on Cybercrime is the first and only international, multilateral treaty specifically addressing the need for cooperation in investigating and prosecuting computer network crimes. The United States signed the treaty in November 2001; ratification would minimize obstacles to international cooperation that currently hinder U.S. investigation and prosecution of computer-related crimes. To date, eight of the 42 countries that signed the treaty have completed the ratification process. The coalition backing the call for ratification includes the Business Software Alliance (BSA), the Cyber Security Industry Alliance (CSIA), the American Bankers Association, the American Chemistry Council, ASIS International, the Association for Competitive Technology, the Bankers’ Association for Finance and Trade, the Business Roundtable, the Dow Chemical Co., the Financial Services/Information Sharing and Analysis Center, the Financial Services Roundtable, the Information Technology Association of America, InfraGard, the Internet Commerce Coalition and Verisign Inc.

SC Magazine, July 1, 2005
Lobby Groups Urge Ratification of the Cybercrime Treaty
A coalition of industry groups has urged the Senate to ratify the Convention on Cybercrime and help prevent internet abuse. The convention, adopted through the Council of Europe and signed by the U.S. in 2001, requires global cooperation in cybercrime prosecution. "The Convention on Cybercrime is the first and only international, multilateral treaty to specifically address the need for cooperation in the investigation and prosecution of computer network crimes," said the letter, written to the U.S. Senate. The American Bankers Association (ABA), the Cyber Security Industry Alliance (CSIA) and Verisign are amongst the groups that undersigned the letter believing ratification of the convention would create "an important tool in the global fight against those who seek to disrupt computer networks, misuse private or sensitive information, or commit traditional crimes utilizing internet-enabled technologies."