A cybersecurity group yesterday called on US President George Bush to invest more in IT issues and to make the top IT security job a bigger posting.
The Cyber Security Industry Alliance recommended a 12-point programme to the White House, including ratification of the Council of Europe’s Convention on Cybercrime and assigning a federal agency to track the costs of cyber-attacks.
"Everyone's saying this is costing us billions of dollars a year," said Paul Kurtz, executive director of the CSIA. "But do we really have a firm handle on this? And how do we know if we're doing better?"
The CSIA also called on the Bush administration to increase R&D funding for cybersecurity, to form a taskforce to secure the IT control systems used by utility companies, and to set up and test an emergency co-ordination network that would take over in the event of a large cyber-attack. Kurtz said the network wouldn't have to be a "hundred billion dollar" project, but could start with efforts as simple as table-top scenario response exercises.
"Bottom line here is, we do not have established means, protocols, procedures in place if we have large-scale disruption on our internet," he said. "What happens if the internet drops out below us? We haven't really thought those issues through as a country."
But Kurtz stopped short of criticising the Bush administration for a poor record on cybersecurity, saying that it was not surprising that it had been given a lower priority than some physical security issues in the aftermath of the 9/11 attacks on the US.
"I've been trying to keep all the focus forward-looking," he said. "What we're doing now is putting our hand up and saying, 'We rely on these information networks.' It's time that cybersecurity gets a bigger play. I'm not trying to paint the White House into a corner. I'm trying to be constructive and point it down the road."
The CSIA and other tech groups have pushed for an assistant secretary for cybersecurity even before the resignation of the director of cybersecurity in September, reportedly because of a lack of focus on the issue at the Department of Homeland Security.
A position paper on the CSIA's cybersecurity recommendations is available at https://www.csialliance.org/resources/pdfs/Agenda_for_Next_Admin_FINAL.pdf.
Members of the CSIA include Computer Associates, Entrust, Juniper Networks, McAfee and Symantec.
Grant Gross writes for IDG News Service