Cyber Security Group Flunks Washington
Page 1 of 1
WASHINGTON -- Neither the Bush administration nor Congress is providing significant leadership or legislation to secure the United States against cyber attacks, a security trade association charged Tuesday.
In its first public criticism of the White House and lawmakers' efforts to follow up on President Bush's 2003 much-ballyhooed National Strategy to Secure Cyberspace, the Cyber Security Industry Alliance (CSIA) said Washington has taken only "limited steps" to improving the security of the nation's infrastructure.
The steps are so limited, the CSIA contends, that it gave both the White House and Congress a D for their efforts in 2005.
"Currently, there is little strategic direction or leadership from the executive branch in the area of information security," said Paul Kurtz, CEO of the CSIA. "Ensuring the resiliency and integrity of our information infrastructure and protecting the privacy of our citizens should be higher on the priority list for our government."
Kurtz said this year's massive data breaches, a barrage of security vulnerabilities and the disruption of communications during Hurricane Katrina highlight the urgent need for improved information security preparedness and response.
Instead, Congress has so far failed to pass either data-breach disclosure or spyware legislation. Lawmakers did approve creating the new position of Assistant Secretary of Cyber Security with the Department of Homeland Defense, but the White House has yet to fill the slot.
"Six months downstream, it's time to put a person in that place," Kurtz said. "Part of leadership is delegation."
Kurtz called the 2004 Homeland Security Presidential Directive calling for the United States to reduce identity fraud and protect personal privacy a "toothless tiger with no money attached to it."
Kurtz also noted government cyber-security funding has been cut.
"CSIA believes the government has a responsibility to lead, set priorities, coordinate and facilitate protection and response," Kurtz said.
To underscore the economic impact of Washington's inaction on cyber security, the CSIA also issued its first Digital Confidence Index (DCI), benchmarking the confidence of Americans in the country's information infrastructure. The first numbers came up with a DCI ranking of 58 on a 100-point scale.
The DCI benchmarks six areas of U.S. confidence: finance, health data, telecommunications, Internet, consumer data and power grids.
"A score of 58 on the DCI is less than a passing grade. That's not a good sign," said James Lewis, director of the Technology and Public Policy Program for the Center of Strategic and International Studies. "It's getting kind of old that we're not making progress."
Lewis added, "The effect of a loss of confidence in the networks Americans rely on every day for business transactions, electricity, personal and business communications and even health services will be felt over time."
Having flunked Washington's 2005 cyber security efforts, the CSIA, whose members include Entrust, RSA Security, McAfee and Symantec, challenged lawmakers and the administration to a new set of goals.
CSIA's 2006 agenda will address implementing national laws on data breach notification and spyware, filling the Assistant Secretary of Cyber Security position and increasing funding for cyber-security research and development.
The purpose of our [agenda] is not to dwell on past events or direct blame on any one institution," Kurtz said. "Rather, we wanted to assess where we are today in terms of protecting the integrity of the information infrastructure so that we can determine which steps need to be taken to make improvements."