New Association to Raise Cyber Security Awareness
Security companies form coalition to combat growing threats of cyber- crime, cyber-terrorism.
A new coalition of IT security companies has banded
together to "speak with one voice" on issues affecting Internet
Announced at RSA Conference 2004 today, the Cyber Security Industry Alliance
intends to raise awareness of the industry, and has an ambitious agenda
that includes affecting legislation and government regulation, creating
education programs at all levels to train more security workers and developing
industry technology standards.
"This is the security industry's time," said Art Coviello,
president and CEO of RSA Security, at a press conference announcing the
group's creation. "We're mainstream and critical, and it's time we
had our own association.
"The country's faced with a serious threat of terrorism. A factor
in that is cyber-terrorism," Coviello continued. The CSIA, he said,
"can play a critical role in protecting the [IT] infrastructure of
According to a press release, the CSIA will be organized by committees
of member representatives, in four key areas: public policy, education
and alliances, awareness and standards. Although the group's primary focus
will be on the United States, there will be a global component; for instance,
one of the organization's aims is to pursue Senate ratification of the
Council of Europe's Convention on Cyber-crime.
"We've seen [cyber threats] become more severe, more complex and
more costly," said Paul Kurtz, CSIA's executive director and a former
special assistant to the president and Senior Director for Critical Infrastructure
Protection on the Homeland Security Council at the White House. Kurtz
believes that the public's confidence in cyber security may erode without
concrete steps being taken.
|Paul Kurtz, CSIA Executive Director (Photo:
"We have crucial decisions being made now about the future of cyber
security," Kurtz said, adding that CSIA will be involved in those
decisions. "We will work with Congress and the [Bush] administration,"
and with governments at the local, national and global levels.
Kurtz also hinted at the alliance's laissez-faire attitude toward government
legislation in the arena of Internet security. "We believe regulation
can't be the primary means of securing cyber-security," he said.
Founding members of the CSIA include BindView Corp.; Check Point Software;
Computer Associates International; Entrust, Inc.; Internet Security Systems,
Inc.; NetScreen Technologies, Inc.; Network Associates, Inc.; PGP Corporation;
RSA Security Inc.; Secure Computing; and Symantec Corp.
One company prominently absent from the roster is Microsoft Corp. Kurtz
said that since the association is comprised of companies whose primary
business is security, Microsoft wasn't a fit. Pressed on the matter, Kurtz
said he's had discussions with Microsoft about the alliance, but hasn't
asked them to join.
Kurtz said the CSIA doesn't have a specific political agenda. "Right
now, we don't have a plan to establish a PAC (political action committee),"
he said, but didn't rule out the possibility of forming one in the future
to donate to political campaigns.
Asked about determining which goals would be pushed when there's a conflict
among the CSIA's members, since many companies are competitors in the
security space, Kurtz responded that like any other association, they
"would have to work that out" among themselves.
It will cost a company $150,000 per year to be a Charter Member of the
CSIA, and $60,000 to be a Principal Member. Companies with "a substantial
business in providing Internet security hardware, software, or services,"
both U.S.-based and foreign, are encouraged to apply for membership, according
to the press release. The organization has a Web site at http://csialliance.org.
Keith Ward is the editor in chief of Virtualization Review.