News

New Association to Raise Cyber Security Awareness

Security companies form coalition to combat growing threats of cyber- crime, cyber-terrorism.

• By Keith Ward
• 02/25/2004

(San Francisco) A new coalition of IT security companies has banded together to "speak with one voice" on issues affecting Internet security. Announced at RSA Conference 2004 today, the Cyber Security Industry Alliance intends to raise awareness of the industry, and has an ambitious agenda that includes affecting legislation and government regulation, creating education programs at all levels to train more security workers and developing industry technology standards.

"This is the security industry's time," said Art Coviello, president and CEO of RSA Security, at a press conference announcing the group's creation. "We're mainstream and critical, and it's time we had our own association.

"The country's faced with a serious threat of terrorism. A factor in that is cyber-terrorism," Coviello continued. The CSIA, he said, "can play a critical role in protecting the [IT] infrastructure of the country."

According to a press release, the CSIA will be organized by committees of member representatives, in four key areas: public policy, education and alliances, awareness and standards. Although the group's primary focus will be on the United States, there will be a global component; for instance, one of the organization's aims is to pursue Senate ratification of the Council of Europe's Convention on Cyber-crime.

"We've seen [cyber threats] become more severe, more complex and more costly," said Paul Kurtz, CSIA's executive director and a former special assistant to the president and Senior Director for Critical Infrastructure Protection on the Homeland Security Council at the White House. Kurtz believes that the public's confidence in cyber security may erode without concrete steps being taken.

Paul Kurtz, CSIA Executive Director (Photo: CSIA)

"We have crucial decisions being made now about the future of cyber security," Kurtz said, adding that CSIA will be involved in those decisions. "We will work with Congress and the [Bush] administration," and with governments at the local, national and global levels.

Kurtz also hinted at the alliance's laissez-faire attitude toward government legislation in the arena of Internet security. "We believe regulation can't be the primary means of securing cyber-security," he said.

Founding members of the CSIA include BindView Corp.; Check Point Software; Computer Associates International; Entrust, Inc.; Internet Security Systems, Inc.; NetScreen Technologies, Inc.; Network Associates, Inc.; PGP Corporation; RSA Security Inc.; Secure Computing; and Symantec Corp.

One company prominently absent from the roster is Microsoft Corp. Kurtz said that since the association is comprised of companies whose primary business is security, Microsoft wasn't a fit. Pressed on the matter, Kurtz said he's had discussions with Microsoft about the alliance, but hasn't asked them to join.

Kurtz said the CSIA doesn't have a specific political agenda. "Right now, we don't have a plan to establish a PAC (political action committee)," he said, but didn't rule out the possibility of forming one in the future to donate to political campaigns.

Asked about determining which goals would be pushed when there's a conflict among the CSIA's members, since many companies are competitors in the security space, Kurtz responded that like any other association, they "would have to work that out" among themselves.

It will cost a company $150,000 per year to be a Charter Member of the CSIA, and $60,000 to be a Principal Member. Companies with "a substantial business in providing Internet security hardware, software, or services," both U.S.-based and foreign, are encouraged to apply for membership, according to the press release. The organization has a Web site at http://csialliance.org.