The Cyber Security Industry Alliance (CSIA) has recommended that the Bush administration get a handle on cybersecurity issues, and has issued a 12 point recommendation to the White House to aid in the education process.
“Everyone´s saying this is costing us billions of dollars a year,” said Paul Kurtz, executive director of the CSIA. “But do we really have a firm handle on this? And how do we know if we´re doing better?”
The CSIA is made up of security companies and experts from around the world and is also calling on Bush to increased funding for cybersecurity research, to form a taskforce to secure the national IT infrastructure such as utilities and to setup an organization that would co-ordinate the defense against an large-scale cyber-attack. Kurtz said the network wouldn´t have to be a “hundred billion dollar” project, but could start with efforts as simple as table-top scenario response exercises.
“Bottom line here is, we do not have established means, protocols, procedures in place if we have large-scale disruption on our internet,” he said. “What happens if the internet drops out below us? We haven´t really thought those issues through as a country.”
The CSIA isn’t being critical of the Bush administration, but is simply trying to point out that when the US is in a war where the terrorists have access to machines powerful enough to break into most government networks, it is time to start maturing the nation’s cybersecurity infrastructure in much the same way as the nation’s critical infrastructure was re-secured during the Cold War.
“I´ve been trying to keep all the focus forward-looking,” he said. “What we´re doing now is putting our hand up and saying, ´We rely on these information networks.´ It´s time that cybersecurity gets a bigger play. I´m not trying to paint the White House into a corner. I´m trying to be constructive and point it down the road.”
A position paper on the CSIA´s cybersecurity recommendations is available here.