No one "silver bullet" will solve cybersecurity
problems, but everyone from home computer users to cybersecurity
suppliers are responsible for keeping the internet secure, said
representatives of a new cybersecurity educational
group.
A group of cybersecurity suppliers, consumer groups, trade
associations and e-commerce companies launched Americans for a
Secure Internet (ASI) on 1 April. Members are calling for all
internet users to educate themselves on cybersecurity issues.
ASI, whose members include eBay, Internet Security Systems and
the Computing Technology Industry Association (CompTIA), launched a
website intended to educate users of all levels on cybersecurity
issues:
www.protectingthenet.com/.
ASI called on a number of groups to take action on
cybersecurity. Cybersecurity problems that need to be addressed
range from internet user behaviour and habits to computer and
networking hardware, members said.
"We have been playing a kind of technology blame game, or
searching for a silver bullet," said Tom Santaniello, manager of US
public policy for CompTIA. "The mindset up until now is we can
purchase an IT security solution off the shelf."
The efforts of ASI and other cybersecurity groups may keep the
US Congress from passing cybersecurity mandates, said Bob Dix,
staff director for the technology and information policy
subcommittee of the House Government Reform Committee.
In late 2003, Adam Putnam, the subcommittee's chairman, floated
draft legislation that would have required companies to report
their cybersecurity efforts to the US Securities and Exchange
Commission, but the proposal was shelved after criticism from IT
suppliers and other companies.
But the threat of the bill, plus efforts from industry
groups such as ASI, have increased the awareness of cybersecurity
among private companies, Dix said.
Although the Putnam legislation may never be introduced, the
subcommittee will continue to push private companies to deal with
cybersecurity issues, Dix said. One such method is for government
agencies to push for secure products during the procurement
process, he said.
"We looked at procurement practices, and we got a little
push-back on that," Dix said. "Some people in the vending community
feel that the government should not inject itself in procurement,
but I would argue this: The federal government spends $60bn (£32bn)
a year in IT goods and services. The opportunity to say in the
marketplace, 'we want higher quality, more secure products than
what we buy', seems to be a reasonable position for a purchaser to
take."
ASI's first steps will be to bring together all kinds of IT and
consumer groups to start talking about cybersecurity, said Mark
Blafkin, director of communications for the Association for
Competitive Technology. "Right now, it is about ways to facilitate
these diverse interests to come together to talk about
cybersecurity," Blafkin said. "We are trying to create the broadest
coalition possible."
Unlike some other groups dedicated to cybersecurity, ASI will
focus on internet user issues as well as enterprise issues, Blafkin
said. Consumer Alert is among the 11 original members of ASI.
The focus on educating individual users is important, said Jim
Dempsey, executive director of the Center for Democracy and
Technology. Problems such as spam e-mail and spyware in software
erode the trust users place in the internet, he said.
Dempsey also praised ASI speakers for discounting the one quick
fix approach to cybersecurity. "This is the first event I have been
to where the lead-in line was people saying, 'there is not a silver
bullet'," Dempsey said.
"How many one-pagers, or 250-pagers have we read that purported
to offer a silver bullet to a problem? Here is a group of companies
and trade associations that have come forward and said, 'it is more
complicated than it looks'."
Fred
O'Connor writes for IDG News Service