Grant Gross, IDG News Service
WASHINGTON -- The U.S. government has made little progress in most
cybersecurity areas in the past year, despite warnings from several
groups, a trade group representing cybersecurity vendors says.
The Department of Homeland Security has failed to hire an assistant
secretary for cybersecurity even though DHS Secretary Michael Chertoff
announced an elevated position in July, and cybersecurity research and
development within the U.S. government is "at a crisis," said Paul
Kurtz, executive director of the Cyber Security Industry Alliance
The U.S. government has a "special role" to play in promoting and
modeling cybersecurity, he said.
"The bottom line is there continues to be a lack of leadership, hard
work, and execution when it comes to securing the information
infrastructure," Kurtz said. "Let me be clear: We are not seeking to
condemn the government or those currently involved in cybersecurity.
They have good intentions. However, execution is what counts in the end."
CSIA has also released a survey showing significant consumer concerns
about online safety and graded the U.S. government on 12 cybersecurity
priorities that the group released in December 2004. The group gave
the U.S. government six "D" grades and one "F" on seven of the 12
priorities. Only one priority received a grade higher than a "C."
A DHS representative wasn't immediately available for comment on the
One high-ranking Democrat used the CSIA report to criticize DHS in a
statement. Where is the government's leadership on cybersecurity?"
said Representative Bennie Thompson (news, bio, voting record) of
Mississippi, the ranking Democrat on the U.S. House Committee on
Homeland Security. "How long will the nation have to wait? I, for one,
hope Mr. Chertoff doesn't wait until a cyberattack causes billions
of dollars in damages or results in lost lives before he decides to
appoint an assistant secretary to take charge of our nation's cyber
CSIA gave the government a "B" for making progress toward ratifying
the Council of Europe's Convention on Cybercrime. In July, the
U.S. Senate Foreign Relations Committee approved the document, which
would allow greater international cooperation in cybercrime
investigations, but the full Senate has not taken a vote.
Europe's cybercrime laws are "light years ahead" of those in the U.S.,
said Phillip Dunkelberger, president and chief executive officer of
CSIA member PGP. "Neither does Europe tolerate the massive amount of
spam, scam and phishing so prevelant in the United States," he noted.
Among those CSIA priorities earning "D's": direct a federal agency to
track costs of cyberattacks; promote cybersecurity corporate
governance in the private sector; and strengthen information sharing
between the government and private sector. There's been "little
action" in the federal government on those priorities in the past
year, CSIA said.
In the survey, done in November by CSIA and Pineda Consulting,
respondents were asked to rate the safety of networks and services on
a scale from one to ten, with ten the safest. The average safety score
for the Internet was 4.9, and consumer data also scored at 4.9. Health
data and financial networks scored slightly better, both at 5.2.
The survey of 1151 U.S. adults found 48 percent of Internet users
avoid making purchases online because of concerns about information
security. Sixty-five percent of respondents agreed that the
U.S. government needs to give information security a higher priority,
CSIA members said they're worried about a lack of consumer confidence
in the Internet. "Assume that 48 percent of consumers were afraid to
go to the mall because they could potentially be hijacked," said Steve
Solomon, chairman and chief executive officer of Citadel Security
Software. "What would Congress do then?"
Recommendations for Action
CSIA released 13 cybersecurity recommendations for the U.S. government
going forward. The list, with many items repeated from CSIA's 2004
Pass a national data breach notification bill.Pass a national spyware
protection bill. Increase research and development funding for
cybersecurity. Promote telework options for government employees, thus
creating a backup network of computers for government agencies.Include
cybersecurity planning as the U.S. government moves toward Internet Protocol
version 6 (IPv6), a more full-featured replacement for the current IPv4.
Copyright 2005 PC World Communications, Inc.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or) http://telecom-digest.org/chat/index.html
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, PC World Communications, Inc.
For more information go to: