No one "silver bullet" will solve cybersecurity problems, but everyone from home computer users to cybersecurity suppliers are responsible for keeping the internet secure, said representatives of a new cybersecurity educational group.
A group of cybersecurity suppliers, consumer groups, trade associations and e-commerce companies launched Americans for a Secure Internet (ASI) on 1 April. Members are calling for all internet users to educate themselves on cybersecurity issues.
ASI, whose members include eBay, Internet Security Systems and the Computing Technology Industry Association (CompTIA), launched a website intended to educate users of all levels on cybersecurity issues: www.protectingthenet.com/.
ASI called on a number of groups to take action on cybersecurity. Cybersecurity problems that need to be addressed range from internet user behaviour and habits to computer and networking hardware, members said.
"We have been playing a kind of technology blame game, or searching for a silver bullet," said Tom Santaniello, manager of US public policy for CompTIA. "The mindset up until now is we can purchase an IT security solution off the shelf."
The efforts of ASI and other cybersecurity groups may keep the US Congress from passing cybersecurity mandates, said Bob Dix, staff director for the technology and information policy subcommittee of the House Government Reform Committee.
In late 2003, Adam Putnam, the subcommittee's chairman, floated draft legislation that would have required companies to report their cybersecurity efforts to the US Securities and Exchange Commission, but the proposal was shelved after criticism from IT suppliers and other companies.
But the threat of the bill, plus efforts from industry groups such as ASI, have increased the awareness of cybersecurity among private companies, Dix said.
Although the Putnam legislation may never be introduced, the subcommittee will continue to push private companies to deal with cybersecurity issues, Dix said. One such method is for government agencies to push for secure products during the procurement process, he said.
"We looked at procurement practices, and we got a little push-back on that," Dix said. "Some people in the vending community feel that the government should not inject itself in procurement, but I would argue this: The federal government spends $60bn (£32bn) a year in IT goods and services. The opportunity to say in the marketplace, 'we want higher quality, more secure products than what we buy', seems to be a reasonable position for a purchaser to take."
ASI's first steps will be to bring together all kinds of IT and consumer groups to start talking about cybersecurity, said Mark Blafkin, director of communications for the Association for Competitive Technology. "Right now, it is about ways to facilitate these diverse interests to come together to talk about cybersecurity," Blafkin said. "We are trying to create the broadest coalition possible."
Unlike some other groups dedicated to cybersecurity, ASI will focus on internet user issues as well as enterprise issues, Blafkin said. Consumer Alert is among the 11 original members of ASI.
The focus on educating individual users is important, said Jim Dempsey, executive director of the Center for Democracy and Technology. Problems such as spam e-mail and spyware in software erode the trust users place in the internet, he said.
Dempsey also praised ASI speakers for discounting the one quick fix approach to cybersecurity. "This is the first event I have been to where the lead-in line was people saying, 'there is not a silver bullet'," Dempsey said.
"How many one-pagers, or 250-pagers have we read that purported to offer a silver bullet to a problem? Here is a group of companies and trade associations that have come forward and said, 'it is more complicated than it looks'."
Fred O'Connor writes for IDG News Service