To read the newsletter in your Web browser, go to https://www.csialliance.org/news.
IN THIS ISSUE:
Executive Director’s Message
by Paul Kurtz, CSIA Executive Director
Cyber Security Awareness – Taking Stock
“All users of cyberspace have some responsibility, not just for their own security, but also for the overall security and health of cyberspace.”
The President’s National Strategy to Secure Cyberspace, February 2003
This is a powerful sentence. It calls each of us to be “responsible,” suggesting an individual’s inaction could place at risk one’s own use of the Internet, and others' as well. How can this be? A metaphor may help make the point.
Joe gets in his car and disconnects the seatbelts, turn signals, headlights and brakes and drives onto the Washington Beltway during early morning rush hour. Joe has clearly put himself at serious risk, along with those around him. Joe makes it a half mile or so and causes a wreck, injuring himself, damaging his car and several cars around him. The “accident” causes gridlock, which prevents others from getting to work, thus inhibiting commerce. Trucks are unable to make deliveries, people miss flights, meetings and appointments.
Life is similar on the Internet. Joe’s actions are equivalent to disconnecting or not utilizing up-to-date firewall or antivirus software. His actions enable worms and viruses to spread, potentially causing denial-of-service attacks and disrupting legitimate transactions. The metaphor is not perfect; software in itself is imperfect, and many users are subject to Phishing and Spyware attacks while maintaining reasonable security. The market is working to address these issues through a variety of means. One of the most promising is bundling security solutions with other services to ease the burden on the end user. For example, several CSIA firms are working with ISPs or major operating system providers. Such measures are helping to increase security for consumers. Congress and states have also stepped in to address issues such as Spyware (see our Legislative Update in this issue for the latest on Spyware).
However, raising awareness is a strategic-level problem that requires continuous attention from government and the private sector. The President’s National Strategy to Secure Cyberspace specifies four components to build awareness. In this column, we will highlight progress on each.
I. Promote a comprehensive national awareness program to empower all Americans -- businesses, the general workforce and the general population -- to secure their own parts of cyberspace.
Progress: We do, in fact, have a national awareness
campaign in place under the leadership of the National Cyber Security
Alliance (NCSA). As our feature column this month details, NCSA
is the sponsor of National Cyber Security Awareness Month. This
is the first year an entire month has been designated to raise awareness;
in previous years, it was limited to one or two days each year.
The NCSA is a solid example of the partnership called for under
the National Strategy to Secure Cyberspace. Private-sector firms
and the Federal government jointly fund NCSA activities. Recently,
the NCSA appointed an executive director to support the NCSA Board,
which includes representatives from three CSIA member firms.
Challenges: While a large number of firms support the NCSA, further assistance is needed. Additional corporate sponsorship of NCSA -- particularly from traditional industries -- will help support and promote a growing number of programs focused on home users, small businesses, education and child safety online.
For more information about NCSA, please visit: www.staysafeonline.info.
II. Foster adequate training and education programs to support the Nation’s cyber security needs.
Progress: Over the past year, the number of Centers
for Academic Excellence in Information Assurance Education (CAEIAE)
has grown to include almost 60 academic institutions across the
United States. The list of institutions includes longtime leaders
in information security, such as Carnegie Mellon University, as
well as newcomers to the field. The program, which was established
in 1998, is now jointly sponsored by NSA and the Department of Homeland
Security. The program’s goal is to reduce vulnerability in
our national information infrastructure by promoting higher education
in information assurance, and by producing a growing number of professionals
with IA expertise in various disciplines. Universities designated
as Centers are eligible to apply for scholarships and grants through
both the Federal and Department of Defense Information Assurance
Challenges: While the CAEIAE program has grown
significantly over the past couple of years, additional Federal
assistance is needed to support the program, particularly to support
those recently accredited schools seeking to build up their programs.
In addition to Federal support of CAEIAE, additional private-sector
support of academic institutions with information assurance programs
would be of great value. CSIA firms have established relationships
with institutions such as Purdue’s Center for Education and
Research in Information Security.
For more information on CAEIAE, please visit: http://www.nsa.gov/ia/academia/caeiae.cfm
III. Increase the efficiency of existing federal cyber security training programs.
Progress: In April, the Department of Homeland Security and the National Science Foundation announced an agreement to co-sponsor and expand the existing NSF Federal Cyber Service: Scholarship for Service (SFS) program. The partnership will help strengthen cyber security posture by promoting higher education courses that increase the number of information security professionals trained to protect public and private sector IT systems. The SFS program was established in 2000 to support both student and higher education institutions' information assurance training initiatives. The SFS program seeks to increase the number of skilled students entering the fields of information assurance and computer security. Additionally, the SFS program supports the expansion of information assurance course offerings at U.S. higher education institutions.
The SFS Scholarship Track funds colleges and universities to award two-year scholarships in the information assurance and computer security fields. Upon graduation, the scholarship recipients are required to work for a federal agency for two years to fulfill their Federal Cyber Service commitments. The SFS Capacity Building Track supports faculty professional development and academic program creation to increase both the number and proficiency of information assurance and computer security professionals in the workforce. The SFS Capacity Building Track emphasizes partnerships that increase participation by underrepresented groups.
For more information about the Federal Cyber Service: Scholarship for Service (SFS) program, please visit: http://www.ehr.nsf.gov/ehr/DUE/programs/sfs/.
Challenges: While there has been progress in strengthening Federal training programs, more attention is needed on placing SFS graduates in government agencies. Federal agencies should establish clear career tracks for information security professionals.
IV. Promote private sector support for well coordinated, widely recognized professional cyber security certification.
Progress: As the President’s National Strategy
states, certification of individuals provides consumers and employers
greater information about the capabilities of potential employees
or consultants. Significant progress was made this summer in establishing
a more widely recognized certification. The International Organization
for Standards (ISO) U.S. representative organization recognized
the Information Systems Security Certification Consortium (ISC)2
certification credentials. ISC2 is a leading certification organization
for information security professionals. The ISC credential is awarded
to individuals who successfully pass a comprehensive exam on global
information security best practices.
Challenges: More widely recognized security credentials will certainly help improve security. However, the impact will be limited unless government and corporate enterprises more systematically build certification requirements into hiring and promotion for information professionals.
Back to top
CSIA Special Webinar
Join the leadership of the Cyber Security Industry Alliance (CSIA) and your colleagues from the cyber security industry on Friday, October 29 at 12:00 pm (Eastern time) to learn why leading cyber security companies around the world have come together to form the Alliance. Founded in February 2004, the CSIA has quickly become one of the most influential groups in Washington on cyber security issues. As the only CEO-led organization focused exclusively on cyber security, we offer our members unparalleled information and perspective on the changing world of cyber security policy.
Find out how CSIA membership can benefit your organization, and how we can help make sure your voice is heard on Capitol Hill.
Agenda for this interactive Webinar will include:
Overview of the Cyber Security Industry Alliance
Paul Kurtz, Executive Director, CSIA
Benefits of Membership
John Thompson, CEO & Chairman, Symantec Corporation and Chairman, CSIA
Eric Pulaski, President & CEO, BindView Corporation
About Industry Associations
Andy Freed, Vice President, Virtual, Inc.
Q & A
Audience members pose their questions to the speakers
Look for details on signing up for the Webinar in your mailbox soon, or go to https://www.csialliance.org.
Back to top
CSIA Member Spotlight
Name: McAfee, Inc.
Chairman and CEO:
Santa Clara, CA
McAfee has offices in Australia, Austria, Belgium, Brazil, Canada, China, Chile, Costa Rica, Denmark, El Salvador, Finland, France, Germany, Guatemala, Hong Kong, India, Israel, Italy, Japan, Korea, Malaysia, Mexico, Netherlands, New Zealand, Panama, Philippines, Poland, Portugal, Singapore, South Africa, Spain, Taiwan, Thailand, Turkey, United Arab Emirates, United Kingdom, and the United States.
Number of Employees: 2,950
Total Revenue: 2003 – $936million
About McAfee: McAfee, Inc. creates best-of-breed intrusion prevention and risk management solutions. McAfee’s market-leading security products and services help large, medium and small businesses, government agencies, and consumers prevent intrusions on networks and protect computer systems from critical threats. Additionally, through the Foundstone Professional Services division, leading security consultants provide security expertise and best practices for organizations.
Areas of Specialization: McAfee provides comprehensive intrusion prevention and risk management solutions and services. The McAfee System Protection solutions secure all layers of desktop and server systems and applications with secure content management, anti-virus and intrusion prevention products. The McAfee Network Protection solutions keep networks of all sizes up and protected from attacks through security forensics and network-based intrusion prevention. Through the recent Foundstone acquisition, McAfee also offers risk assessment and management solutions and services. McAfee also has two primary research arms. The McAfee Anti-Virus and Vulnerability Emergency Response Team (AVERT™) maintains more than one hundred researchers on five continents and is one of the top-ranked anti-virus and vulnerability research organizations in the world. In addition, McAfee Research is the leading private contractor for advanced security research for the U.S. military and has more than one hundred dedicated researchers. McAfee Research has unique relationships with government customers, which allows it to engage in a high degree of technology transfer, and it frequently contributes breakthrough innovations to McAfee corporate and consumer products.
Back to top
Special Feature – Focus on NCSA Month
During the Cold War, we relied on the Federal government to provide
for national defense and to warn the general public of a potential
attack. The United States government deployed radars, satellites
and planes to provide early warning. In the post-Cold War era we
still rely on the government to defend physical attacks, but defending
and securing our information systems and the Internet requires coordination
and cooperation among all entities that use information systems.
We cannot rely solely on the U.S. government (or any government) to defend information systems from attack. The government has a role in developing contingency plans in case of a large-scale Internet attack, to maintain emergency communications networks, to promulgate common standards, and to lead by example in securing government-operated information networks. However, as the President’s National Strategy to Secure Cyberspace states, the private sector shares in the responsibility of securing the Internet, as it owns and operates the vast majority of information systems.
Home users also share some of the responsibility, as home computers
linked to the Internet can be used as bases to launch or propagate
attacks. CSIA member firms are working to ease the burden by partnering
with ISPs and operating systems providers to bring solutions to
The National Cyber Security Alliance (NCSA) represents our national-level program. NCSA is a public-private partnership that includes government organizations, educational institutions, private sector corporations, and organizations such as CSIA. Key government sponsors include the Department of Homeland Security (DHS), the Federal Trade Commission (FTC) and the Department of Commerce (DOC). Private-sector firms include CSIA members McAfee, RSA Security and Symantec Corporation. NCSA’s mission is to drive awareness and response to pressing cyber security issues. The Alliance provides tools and resources to empower home users, small businesses, and schools, colleges and universities to stay safe online.
To promote awareness among users, NCSA has designated October as
National Cyber Security Awareness Month (NCSA Month). The chief
objective of NCSA Month is to improve the state of computer security
for our nation as a whole, through public awareness events, workshops
and security tips and checklists. Each week of NCSA Month features
a series of events focused on home users, small businesses, colleges
and universities, and K-12 children.
Dozens of government, academic, industry, non-profit and other organizations have signed on in support of NCSA Month and to volunteer time and resources. For example, CSIA took on the task of overseeing the introduction of a “Sense of Congress,” a formal recognition from Congress in support of this initiative. With the help of Chairman Sherwood Boehlert and his staff, the Sense of Congress was introduced in the House of Representatives on September 30 as H. Con. Res. 502.
NCSA Month kicked off on September 30 with a press conference in Washington, D.C. The month includes an array of organizational endorsements; research and findings, including a perception poll and comprehensive study; focused national and regional events; the launch of a cyber security awareness public service announcement program; and national media outreach initiatives. Events this month include:
- a workshop sponsored by the FTC, “Working Together to Create a Culture of Security”
- a home user security study sponsored by AOL
- Small Business Training Workshops
- Elementary school level workshops
NCSA events are backed up by guides and security tips, such as a list of cyber security tips for teens and parents.
As members of NCSA, CSIA members have contributed directly and indirectly to the efforts of preparing the month-long awareness campaign. McAfee, RSA and Symantec serve on the NCSA Board. Ken Watson of Cisco serves as NCSA President, and Martha Lockwood serves as the executive director. The Board also includes representatives of America Online, Microsoft Corporation, and BellSouth.
To learn more about NCSA Month activities, view the initiative’s main Web site (www.staysafeonline.info) for supplemental online resources, tips and toolkits for protection from such threats as viruses, worms, hacker attacks, phishing, identity theft and spyware. Users can find “Top 10 Computer Security Tips,” free security scans, beginner’s guides, and National Cyber Alert System Guidelines. To get more involved in the numerous activities during October, please contact:
National Cyber Security Alliance
1150 18th Street, NW
Washington, DC 20036
Phone: (202) 331-5350
Fax: (202) 872-4318
Back to top
Top Ten Cyber Security Tips for Teens, Educators and Families
- Be a secure and responsible cyber citizen: obey cyber laws and rules; do not give out personal information without permission.
- Use “anti-virus software” and keep it up to date.
- Don’t open e-mails or attachments from unknown sources. Be suspicious of any unexpected e-mail attachment even if it appears to be from someone you know.
- Protect your computer from Internet intruders – use “firewalls.”
- Regularly download security updates and “patches” for operating systems and other software.
- Use hard-to-guess passwords. Mix uppercase, lowercase, numbers, or other characters not easy to find in a dictionary, and make sure each password is at least eight characters long.
- Back up your computer data.
- Don’t share access to your computers with strangers. Learn about file sharing risks.
- Disconnect from the Internet when it is not actively in use.
- Check your security on a regular basis. When you change your clocks for daylight-savings time, reevaluate your computer security.
Click here for more detailed information on these tips.
Back to top
CSIA Snapshot: The Common Criteria Users’ Forum
The Common Criteria Users’ Forum (CCUF), organized by CSIA and TechNet and held October 6-7 in Washington, D.C., welcomed more than 100 representatives from government and industry to discuss ways to improve the National Information Assurance Partnership (NIAP). NIAP is a national program for evaluating information technology products for conformity to the Common Criteria, a set of international information technology security standards. (See NIAP Certification: Proposals by CSIA for Strengthening Security Certification for additional information)
During the CCUF, industry and government exchanged views on the strengths and weaknesses of NIAP. Discussions focused on improving and adapting the Common Criteria to better meet the needs of all users -- both government and commercial -- rather than abandoning them. The CCUF featured a series of presentations and panels, including one panel devoted to sharing tips and best practices for a successful evaluation. Four workshops focused on developing solutions and specific actions to address some key problems, such as reducing cost and time of evaluations.
There was consensus among attendees on developing a set of best practices to assist with the evaluation process, as well as on bringing commercial end users to the table to gauge their interest in learning more about using NIAP-certified products. Much work remains to be done, but the Forum was a good step forward. A report with next steps will be issued in November.
The Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), the National Cyber Security Partnership (NCSP), Symantec, Inc., Internet Security Systems (ISS), Sun Microsystems, Inc., and Corsec sponsored the conference.
Back to top
H.R. 10 -- 911 Recommendations Implementation Act
Latest Update: Passed the House on 10/8/04
Summary: This bill affects cyber security in two important ways: 1) it creates an Assistant Secretary for Cyber Security in the Information Analysis and Infrastructure Protection Division at the Department of Homeland Security; and 2) it amends the Clinger-Cohen Act to include cyber security as a requirement for systems planning and acquisition by agencies.
CSIA Comment: Cyber security has fallen in stature
from a Special Advisor to the President at the White House to an
office director at the Department of Homeland Security. We believe
that creating an Assistant Secretary of Cyber Security to work alongside
an Assistant Secretary for physical infrastructure is critical,
given our dependence on the information infrastructure. CSIA was
very active in supporting the provision in HR 10 that creates an
Assistant Secretary for Cyber Security (see this
document). The Senate version does not include
a similar provision. CSIA supports the amendment to the Clinger-Cohen
Act, and the provision is expected to encounter little opposition.
Over the next several weeks, we will work with Conferees to ensure
both provisions are included in the final Conference Report.
Latest Update: Since last month’s newsletter, there has been a great deal of activity in the House and Senate regarding Spyware. During the week of October 5, the House passed two different Spyware bills, both of which are summarized below. Generally, it is uncommon for a body of Congress to pass two versions of the same bill; therefore, the two bills must be reconciled into one. At present, the ultimate outcome is unclear. On the Senate side, the Committee on Commerce, Science and Transportation passed Mr. Burns’ Spyblock Act on September 22. Senate floor action may take place when Congress returns after the elections.
H.R. 2929 – The Spy Act – Ms. Bono (R-Calif.)
Summary: This bill would prevent spyware purveyors
from hijacking a home page or tracking users’ keystrokes.
It requires that spyware programs must be easily identifiable and
removable, and it allows for collection of personal information
only after express consent from the user. Additionally, fines are
exponentially increased against abusers. As passed, this bill contains
an exemption for legitimate security operations.
CSIA Comment: Given the changes to HR 2929, allowing
legitimate security activities to continue uninterrupted, CSIA no
longer objects to the bill. It is our preference, however, to pursue
HR 4661, as it is more appropriate to pursue enforcement of those
who seek unauthorized access to personal information or to damage
H.R. 4661 – Internet Spyware (I-SPY) Prevention Act of 2004 – Mr. Goodlatte (R-Va.)
Summary: This bill would establish prison sentences
and fines for using software to gain unauthorized access to such
sensitive information as credit card or Social Security numbers
or to damage a computer.
CSIA comment: CSIA supports this legislation and
views it as more appropriate to pursue enforcement of those who
seek unauthorized access to personal information or to damage a
S. 2145 – Software Principles Yielding Better Levels of Consumer Knowledge Act or SPY BLOCK Act – Mr. Burns (R-Mont.)
Summary: This bill prohibits surreptitious installation, misleading inducements to install, and preventing reasonable efforts to uninstall or disable software with one exception: an authorized user (i.e. parent or system administrator) may prevent other authorized users from uninstalling or disabling software. It outlaws software that collects and transmits information about a computer user that is not reasonably related to, or in support of, software the authorized user has chosen to install or execute without notice. This does not apply to software used to authenticate a user, or access to information a user has previously authorized. It bans ads unrelated to the Web site the user is viewing, in addition to ads that do not have proper disclosure. The bill prohibits software that: sends unsolicited material to other computers; diverts the user away from the intended Web site; delivers ads that cannot be closed without closing all sessions of the browser or turning off the computer; or covertly modifies the start-up page, bookmarks, Internet provider and/or security settings. S.2145 exempts passive transmission, hosting services and search engines in all cases, and network security providers in certain cases. It also allows for FTC civil enforcement of an unfair or deceptive act or practice, and criminal enforcement that includes prison time (up to 5 years) and/or fines. No private right of action is included, and it preempts state law.
CSIA Comment: As with H.R. 2929, we want to ensure that legitimate security functions are exempted from this legislation. We continue to work with the committee on the bill's language.
AB 1950 – An act to add Section 1798.81.5 to the Civil Code, relating to privacy
Latest Update: Signed into law on September 29, 2004
Summary: This law will require a business, other than specified entities, that owns or licenses personal information about a California resident to implement and maintain reasonable security procedures and practices to protect personal information from unauthorized access, destruction, use, modification, or disclosure. The law also requires a business that discloses personal information to a nonaffiliated third party to require by contract that those entities maintain reasonable security procedures, as specified. A business subject to other laws providing greater protection to personal information in regard to subjects regulated by the law shall be deemed in compliance with the law's requirements, as specified.
SB 1436: A bill to ban spyware
Latest Update: Signed into law – September 28, 2004
Summary: This law prohibits an unauthorized person or entity from installing software on a consumer's computer that would take over control of the computer, modify its security settings, collect the user's personally identifiable information, interfere with its own removal, or otherwise deceive the authorized user, as specified. This law prohibits a number of different types of spyware activities: collecting personally identifiable information through keystroke logging; collecting Web browsing histories; taking control of a user's computer to send unauthorized emails or viruses; creating false financial charges; orchestrating group attacks on other computers; opening aggressive pop-up ads; modifying security settings; and generally interfering with a user's ability to identify or remove the spyware. The law also includes substantial penalties.
Back to top
Cyber Security Policy Maker Spotlight
Senator Joseph Lieberman
Born: Stamford, Conn., February 24, 1942
HomeTown: New Haven, Conn.
Elected: 1988 (now in third term)
Education: Yale University, B.A. 1964 (politics and economics); J.D. 1967
- Armed Services (Airland – ranking member; Emerging Threats & Capabilities; Seapower)
- Environment & Public Works (Clean Air, Climate Change & Nuclear Safety; Transportation & Infrastructure)
- Governmental Affairs -- ranking member
- Small Business & Entrepreneurship
Career: Lawyer; Elected to Connecticut State Senate in 1970 (served 10 years, last six as Majority Leader); Connecticut’s 21 st Attorney General, 1983-1988
Notable: 2000 Democratic Vice Presidential nominee; 2004 Presidential candidate
IT Awards: Winner of the “Federal 100” from Federal Computer Week for being a champion of information technology.
Even before 9-11, Senator Lieberman was at the forefront of government information technology, critical infrastructure protection, and its important relationship to cyber security. In April 2000, Senator Lieberman, then Ranking Member of the Senate Governmental Affairs Committee, co-authored a letter to 24 Federal agencies to determine whether they were complying with information technology law. The letter explained that agencies were suffering due to information technology failures and urged effective use of government Chief Information Officers.
In May 2000, Senator Lieberman launched an online, interactive Web project to develop ways to improve the access of American citizens to their government. This effort eventually led to a legislative initiative, and in March 2001, Senator Lieberman, then Chairman of the Governmental Affairs Committee, introduced the E-Government Act (S. 803). The Act was designed to maximize organization, efficiency, accessibility and quantity of the Federal government’s online resources while reducing cost.
Moreover, as finally enacted in 2002, the Act helped ensure the security of information systems by revising and making permanent the Thompson-Lieberman Government Information Security Reform Act (GISRA), now known as the Federal Information Security Management Act (FISMA).
In July 2002, at the request of Chairman Lieberman and Senator Robert Bennett (R-Utah), the Government Accountability Office (GAO) released a report on the government’s critical infrastructure vulnerabilities that disclosed a lack of information sharing among agencies. The report found that none of the agencies studied had appropriated funds specifically for cyber protection programs, which made it impossible to track any efforts put forth to remedy these vulnerabilities. And just this past May, the GAO released yet another important report at the request of Senators Lieberman, Collins, and Hollings and Chairman Putnam: Technology Assessment: Cyber Security for Critical Infrastructure Protection detailed how vital cyber security is to our Nation’s critical infrastructure and what technologies are being deployed to protect it.
Senator Lieberman has not only supported efforts to improve cyber security and reduce vulnerabilities; he has also been very critical of the slow pace at which the President’s National Strategy to Secure Cyber Space is being enacted in the Department of Homeland Security. The Senator has written several letters to Secretary Ridge outlining his ongoing concerns and requesting detailed information on specific actions, timetables and protective measures regarding the Nation’s cyber security protections.
Through numerous hearings, engagement of the Executive Branch, effective use of the GAO, and a keen understanding of the interconnectivity of the Nation’s critical infrastructure and information networks, Senator Lieberman has been, and remains, a strong advocate for the vitality of our Nation’s cyber security protections.
Back to top
Cyber Security News Developments
Spyware: The FTC has filed a lawsuit in the U.S. District Court in New Hampshire against Sanford Wallace and two companies. The suit alleges that Wallace placed spyware on individuals’ computers without their knowledge. The spyware would cause an action on the user’s computer such as opening the CD-ROM tray. At that point, a popup ad for anti spyware software would appear, stating that if the CD-ROM tray was open, the computer was infected with spyware and the user must buy a particular anti-spyware product to remove it. CSIA will continue to follow the case.
Back to top
CSIA in the News
Article of interest
CIO Today, October 5, 2004
Computer Users Ignorant of Security Risks
A shockingly high percentage of U.S. computer users are prepared to take risks with the security of their PCs, according to a survey commissioned by the National Cyber Security Alliance.
VNUNet.com, September 6, 2004
Security: the bigger picture
Part of the motivation for setting up the Cyber Security Industry Alliance earlier this year was that we as an industry need to do a better job of understanding the regulatory environment, understanding the technical standards we will have to build into products to facilitate interoperability, and to have better coordinated efforts about education and training programs.
This article also appeared in Computing, Help Net Security, What PC
Investor’s Business Daily, September 9, 2004
Industry Group Voicing Cybersecurity Concerns In Washington (Article requires subscription).Paul Kurtz participates in Q&A to discuss the industry’s chief cybersecurity concerns.
Daily Times, September 19, 2004
"Make Internet less of a cyberjungle"
During the month of September, CSIA joined together with organizations to urge the U.S. ratification of the Council of Europe’s Convention on Cybercrime. “This is an opportunity for the United States to show strong leadership in the area of cybercrime,” said Paul Kurtz, executive director of the Cyber Security Industry Alliance.
Coverage also appeared in the following publications:
National Journal’s Technology Daily, September 17, 2004
International: European Issues Draw U.S. Technology Industry's Notice
Computer Business Review, September 17, 2004
CSIA gets support for Europe crime treaty push
Washington Post, October 2, 2004
Top U.S. Cyber-Security Official Resigns
October was full of cyber security changes in Washington D.C. with the resignation of Amit Yoran as director of the Homeland Security Department's National Cyber Security Division. CSIA was very vocal on its position that an Assistant Secretary for Cybersecurity was needed, stating that “Yoran's resignation underscores a concern in the private sector that government is not taking the issue seriously enough.”
This article was transmitted over the AP Wire and appeared in numerous outlets:
CBS News.com, October 1, 2004
Cybersecurity Chief Quits
Separate related articles appeared in the Contra Costa Times, Detroit News, Federal Times, GoveExec.com, San Francisco Chronicle and theWashington Post:
GovExec.com, October 6, 2004
Naming of interim cyber chief not the solution, industry says
CSIA Press Releases
Cyber Security Industry Alliance Forms Coalition to Ratify the European Convention on Cybercrime
Washington, D.C. – September 16, 2004 - Cyber Security Industry Alliance (CSIA), the only CEO-led public policy and advocacy group exclusively focused on cyber security policy, today announced the formation of a coalition of technology companies and industry organizations to promote the ratification of the Council of Europe’s Convention on Cybercrime. Read more.
CSIA Supports October National Initiative Focused on Strengthening National Cyber Security
Washington, D.C. – September 30, 2004 – The Cyber Security Industry Alliance (CSIA)…today announced its full support for the National Cyber Security Awareness Month initiative organized by the National Cyber Security Alliance (NCSA), of which CSIA is an active member. Read more.
House Passage of 9/11 Legislation Enhances Cyber Security
Washington, D.C. – October 8, 2004 – Today, the U.S. House of Representative passed the 9/11 Recommendations Implementation Act, H.R. 10. Included in this legislation is the creation of an Assistant Secretary for Cybersecurity within the Department of Homeland Security. In addition, the Act amends the Clinger-Cohen Act to place a greater emphasis on computer security within the federal government. Read more.
Back to top
October 2004 - National Cyber Security Awareness
For more information on NCSA Month, please visit http://www.staysafeonline.info/
Magazine’s IT Security Executive Forum 2004
Napa Valley, CA
The IT Security Executive Forum gives security professionals
the ability to discuss with both peers and infosec authorities
the best security solutions, strategies and policies for their
business in a focused but relaxed businesslike environment.
Paul Kurtz, executive director of CSIA, will lead a session
on Corporate Governance that will discuss how Federal and
state regulations are dictating that organizations must better
secure their networks, customer information, financial documents
and more. This session provides details on how organizations
can comply. Among the other speakers and session leaders,
the keynote will be given by Howard Schmidt, CISO of eBay.
By the Forum's end, attendees will be armed with useful advice
and a bevy of information security pointers from experts and
colleagues, as well as have in-hand a list of suppliers who
could make a difference to your business.
Join the leadership of the Cyber Security Industry Alliance
(CSIA) and your colleagues from the cyber security industry
on Friday, October 29 to learn why leading cyber security
companies around the world have come together to form the
Alliance. More information in this issue.
RSA Conference, Europe
The RSA® Conference, Europe 2004 brings together IT
professionals, developers, policy makers, industry leaders
and academics to share information and exchange ideas on technology
trends and best practices in preventing identity theft, hacking,
and cyber-terrorism, and the use of biometrics, network forensics,
perimeter defense, secure web services, encryption and related
topics. Please visit the following site for more information:
31 st Annual Security Conference
Paul Kurtz will appear on the Cyberterrorism Panel at CSI’s
Conference. The panel entitled “Cyberterrorism : Are
We Ready?” will feature our panelists discussing the
importance of public and private enterprise collaboration
against cyber attacks and how to map out a national protection
plan. They will also explore ideas on how to encourage the
private sector to perform risk assessment on their critical
Back to top
CSIA’s newsletter is issued monthly, to keep you informed
and up-to-date on activities, issues and breaking news that affect
cyber security public policy. If you have comments or questions,
please send a message to Laura Brown, CSIA Policy Analyst, [email protected].
To view past editions of the CSIA newsletter, please visit: https://www.csialliance.org/news
To share your comments about this newsletter or to submit information, send a message to [email protected].
Stay in touch with CSIA:
Membership questions: [email protected]
CSIA (Cyber Security Industry Alliance)
1201 Pennsylvania Avenue, NW
Washington, DC 20004
To leave this list, please send a message with your request to [email protected].
© 2004 Cyber Security Industry Alliance. All rights reserved.