Grant Gross, IDG News Service
WASHINGTON -- The U.S. government has made little progress in most cybersecurity areas in the past year, despite warnings from several groups, a trade group representing cybersecurity vendors says.
The Department of Homeland Security has failed to hire an assistant secretary for cybersecurity even though DHS Secretary Michael Chertoff announced an elevated position in July, and cybersecurity research and development within the U.S. government is "at a crisis," said Paul Kurtz, executive director of the Cyber Security Industry Alliance (CSIA).
The U.S. government has a "special role" to play in promoting and modeling cybersecurity, he said.
"The bottom line is there continues to be a lack of leadership, hard work, and execution when it comes to securing the information infrastructure," Kurtz said. "Let me be clear: We are not seeking to condemn the government or those currently involved in cybersecurity. They have good intentions. However, execution is what counts in the end."
CSIA has also released a survey showing significant consumer concerns about online safety and graded the U.S. government on 12 cybersecurity priorities that the group released in December 2004. The group gave the U.S. government six "D" grades and one "F" on seven of the 12 priorities. Only one priority received a grade higher than a "C."
A DHS representative wasn't immediately available for comment on the CSIA report.
One high-ranking Democrat used the CSIA report to criticize DHS in a statement. Where is the government's leadership on cybersecurity?" said Representative Bennie Thompson (news, bio, voting record) of Mississippi, the ranking Democrat on the U.S. House Committee on Homeland Security. "How long will the nation have to wait? I, for one, hope Mr. Chertoff doesn't wait until a cyberattack causes billions of dollars in damages or results in lost lives before he decides to appoint an assistant secretary to take charge of our nation's cyber crisis.
CSIA gave the government a "B" for making progress toward ratifying the Council of Europe's Convention on Cybercrime. In July, the U.S. Senate Foreign Relations Committee approved the document, which would allow greater international cooperation in cybercrime investigations, but the full Senate has not taken a vote.
Europe's cybercrime laws are "light years ahead" of those in the U.S., said Phillip Dunkelberger, president and chief executive officer of CSIA member PGP. "Neither does Europe tolerate the massive amount of spam, scam and phishing so prevelant in the United States," he noted.
Among those CSIA priorities earning "D's": direct a federal agency to track costs of cyberattacks; promote cybersecurity corporate governance in the private sector; and strengthen information sharing between the government and private sector. There's been "little action" in the federal government on those priorities in the past year, CSIA said.
In the survey, done in November by CSIA and Pineda Consulting, respondents were asked to rate the safety of networks and services on a scale from one to ten, with ten the safest. The average safety score for the Internet was 4.9, and consumer data also scored at 4.9. Health data and financial networks scored slightly better, both at 5.2.
The survey of 1151 U.S. adults found 48 percent of Internet users avoid making purchases online because of concerns about information security. Sixty-five percent of respondents agreed that the U.S. government needs to give information security a higher priority, CSIA said.
CSIA members said they're worried about a lack of consumer confidence in the Internet. "Assume that 48 percent of consumers were afraid to go to the mall because they could potentially be hijacked," said Steve Solomon, chairman and chief executive officer of Citadel Security Software. "What would Congress do then?"
Recommendations for Action
CSIA released 13 cybersecurity recommendations for the U.S. government going forward. The list, with many items repeated from CSIA's 2004 list, includes:
Pass a national data breach notification bill.Pass a national spyware protection bill. Increase research and development funding for cybersecurity. Promote telework options for government employees, thus creating a backup network of computers for government agencies.Include cybersecurity planning as the U.S. government moves toward Internet Protocol version 6 (IPv6), a more full-featured replacement for the current IPv4.
Copyright 2005 PC World Communications, Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at. Hundreds of new articles daily. And, discuss this and other topics in our forum at (or) *** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, PC World Communications, Inc.
For more information go to: