In This Issue

• President’s Message
• Symantec Reports Cyber Criminals Are Becoming Increasingly Professional
• Schwarzenegger Vetoes California Data Breach Bill
• U.S. Cyber Security Briefs
• Letter from the Director of European Affairs
• European Commission Promotes Public-Private Dialogue in Security Research
• E.U. and Global Cyber Security Briefs
• Cyber Security Corner: Security and Regulatory Compliance Technologies Need to Converge
• CSIA Congressional Spotlight
  • Representative Jim Langevin (D-RI)
    
  • A Conversation with Representative Jim Langevin
    
• CSIA Member Spotlight
  • Application Security, Inc.
    
  • It's About the Database, Stupid!!!
    
• U.S. Legislative Update
• CSIA in the News
• Cyber Security Industry Events
• Member List
• Contact Us
• Unsubscribe
  
• Archives
• CSIA Home Page

President's Message

by Tim Bennett, President

October is National Cyber Security Awareness Month, and there has been a host of activity that has helped promote awareness of the issue and reinforce the need for a federal data security and breach notification law.

The month kicked off with the National Cyber Security Awareness Summit at the National Press Club in Washington, DC, where a recent study by McAfee was presented that revealed while 98 percent of American consumers are concerned about online security, 78 percent of those polled do not have core protection (updated antivirus, antispyware, firewall) and 48 percent have expired anti-spyware. Many universities around the country (in Texas, Illinois, Kansas, Alabama, Missouri, Rhode Island, New Hampshire, Georgia, Massachusetts, New Jersey, Maryland, Indiana, Tennessee, New Mexico, and New York) have held events this month, usually with participation from DHS officials and industry represenatives.

The ongoing public education effort comes none too soon, as the list of data breach incidents continues to accelerate. Perhaps most disturbing were the October 24 news stories that the TJX data breach affected twice as many consumers as previously reported: about 96 million versus previously reported 45.8 million.

This news would seem to confirm what CSIA has been saying for awhile: the number of breaches is probably double the number actually reported. And on October 22 we learned that not even baseball is exempt from cyber attacks, as the computer servers of the Colorado Rockies were hit by “an external, malicious attack” that prevented the sale of World Series tickets for games 3 and 4 and perhaps a game 5 to be played in Denver. On October 26 the FBI annnounced that it is investigating this attack which involved 8.5 million hits by five-digit codes meant to mimic humans trying to buy tickets and which overwhelmed the web server operated by Paciolan, Inc, in Irvine, CA.

Congress is starting to take notice. Separate hearings were held by House subcommittees this month on issues related to the cyber security of the controls systems of the power grid; on public and private efforts to secure the nation's internet infrastructure; and on the fuctioning of the public-private committees aimed at developing a risk assessment process for protecting the nation's infrastructure in 17 critical sectors.

Common to all of these sectors is the need for protection of the networks and databases. The Senate Banking Committee held a closed-door staff briefing in mid-month to hear from CSIA member company represenatives and a Department of Justice official on the nature and extent of the cyber threat. Two cybercrime bills have been introduced in the Senate in the past two weeks which, among other things, would crack down on cyber extortion, creation of botnets, and other malicious activity that threatens sensitive data held by businesses.

What's more, National Cyber Security Awareness Month will conclude with a roundtable discussion organized by CSIA and hosted by the Congressional High Tech Caucus which will examine this issue of cyber threats to government and private information systems. The event, to be held in House Longworth Office Building on Capitol Hill on October 31 at 10 AM ET, will include a technology demonstration of Symantec's “DarkVision” system, which is a state-of-the-art application for visualizing and tracking the underground economy servers that cyber criminals use globally to trade personal data, such as credit card and social security numbers.

The take-away from this month for our readers is that the cyber security problems continue to spread; public education needs to continue; nobody is immune from a cyber incident; congressional awareness of and attention to the issue is growing; and we are reaching the point where Congress needs to act.

Tim Bennett
President