CSIA sets agenda for government action


Helen Martin

Virus Bulletin, UK
Editor: Helen Martin


Cyber Security Industry Alliance calls for US government action

The Cyber Security Industry Alliance (CSIA) has called for the US Federal Government to take action on a series of recommendations to strengthen the defences of the nation's information infrastructure in 2006.

The CSIA, an industry group which aims to ensure the privacy, reliability and integrity of information systems through public policy, technology, education and awareness, has produced a 'National Agenda for Information Security in 2006'. The Agenda identifies specific actions required to improve information security in the US. In addition, the Alliance has produced a report on the US government's progress (or what it considers the lack thereof) in strengthening information security over the past year. According to the report, 65 per cent of Americans believe that the government needs to make information security a higher priority than it currently is.

The CSIA calls on the US Administration and Congress to implement the following actions:

  • Pass a national data breach notification bill.

  • Pass a national spyware protection bill.

  • Ensure cyber security protection is applied to the health care infrastructure.

  • Promote information security governance in the private sector.

  • Direct a federal agency to track the costs associated with cyber attacks.

  • Secure digital control systems.

  • Improve the quality of software security by strengthening NIAP certification.

  • Fill new cyber security posts in the Department of Homeland Security.

  • Ratify the Council of Europe's Convention on Cybercrime.

  • Increase R&D funding for information security.

  • Complete the HSPD-12 initiative for government-wide authentication.

  • Ensure continuity of government operations with telework.

Paul Kurtz, executive director of the CSIA, explained: 'We urge the government to take action on the 13 critical steps ... that we believe will help to immediately strengthen our information systems and begin to raise the confidence of our citizens in our networks.'



Latest articles:

VB2017 paper: Browser attack points still abused by banking trojans

With the ever-increasing use of banking-related services on the web, browsers have naturally drawn the attention of malware authors. They are interested in adjusting the behaviour of the browsers for their purposes, namely intercepting the content of…

Does malware based on Spectre exist?

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack. Since many excellent explanations of the attack already exist, this article focuses on the probability of finding Spectre being exploited on Android…

EternalBlue: a prominent threat actor of 2017–2018

At the centre of last year's infamous WannaCry ransomware attack was an NSA exploit leaked by the Shadow Brokers hacker group, known as ‘EternalBlue’. The worm-like functionality of the exploit made a deadly impact by propagating to interconnected…

VB99 paper: Giving the EICAR test file some teeth

There are situations that warrant the use of live viruses. There are also situations where the use of live viruses is unwarranted. Specifically, live viruses should not be used when safer and equally effective methods can be used to obtain the…

Powering the distribution of Tesla stealer with PowerShell and VBA macros

Since their return more than four years ago, Office macros have been one of the most common ways to spread malware. In this paper, Aditya K Sood and Rohit Bansal analyse a campaign in which VBA macros are used to execute PowerShell code, which in…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.