With a mission squarely focused on securing the Internet through public policy, private industry participation and education, a dozen top security companies have formed the Cyber Security Industry Alliance, announced at the RSA security conference in San Francisco this week.
The companies, including Check Point, Computer Associates, Internet Security Systems, Network Associates and Symantec, have come together for the nonprofit alliance to provide a unified industry voice and attempt to address recurring shortcomings in the way companies and the government secure the Internet and IT infrastructure.
“Progress has been slow — it’s been too slow,” Cyber Security Industry Alliance executive director Paul Kurtz told TechNewsWorld. “Essentially, we’re saying as a common voice, we can engage Homeland Security or the Department of Commerce on what we think is needed, and our intention is to help move the ball down the field faster.”
One-Stop Security Voice
Kurtz, also Senior Director for National Security of the Office of Cyberspace Security, helped develop the President’s National Strategy to Secure Cyberspace. He said the cyber security industry has matured over the last several years to a point at which it needs an alliance to synergize industry efforts and concerns.
“Of the many disparate groups dealing with IT security, none has cyber security as its only mission,” said Entrust CEO Bill Conner, whose firm is among other alliance members BindView, NetScreen, PGP Corporation, Qualys, RSA and Secure Computing Corporation.
Referring to a challenge from U.S. Secretary of Homeland Security Tom Ridge late last year — in which the official highlighted that 85 percent of the nation’s critical infrastructure and cyber network is owned and operated by private companies — the alliance said its goals include improved information sharing between government and business; improved federal government procurement; and finding gaps in cyber security research and development.
Boardroom Blindness
Both government and industry have stressed the need for better communication and collaboration to meet the increasing threat of Internet and infrastructure attacks, but critics such as Ronn Bailey, Vanguard Integrity CEO and CTO, have told TechNewsWorld that such efforts are taking too long to bear fruit.
Kurtz said much of the challenge lies in convincing senior executives to recognize the dangers of inadequate security.
“A lot of folks at the technical level understand the issues but haven’t been able to sell it to the higher level,” he said. “We’re raising awareness to the executive boardroom, and the people in this alliance are not CIOs or lower-level, so we have buy-in at the senior level.”
Maintaining Momentum
ISS director of government affairs Katie Ignaszewski said there has been progress between the public and private sectors in their efforts to secure cyberspace and Internet infrastructure.
“There’s been huge growth and attention to it,” she told TechNewsWorld. “We want to continue what’s happening and keep the momentum going.”
Ignaszewski said the research and development aspects of the alliance are among the key initiatives for ISS, adding that the company will be working to promote more education of security professionals.
“It falls into a very skilled workforce we need to continue to build in this country,” she said.
Making It Stop
Kurtz also referred to the research and development goals of the alliance, telling TechNewsWorld that although the security industry is behind in its quest to keep up with attackers, much of the reason is that organizations are “not doing what they’re supposed to be doing.”
Kurtz, who indicated companies and individuals are under attack like never before, said the various R&D efforts of alliance member companies are now coming together to try to get a leg up on the bad guys.
“What we’re hearing more and more from the industry is ‘make it stop,'” he said. “In this case, we’ll have 12 firms with their own R&D efforts identifying what’s down the road and what’s coming at us.”