CSIA sets agenda for government action


Helen Martin

Virus Bulletin, UK
Editor: Helen Martin


Cyber Security Industry Alliance calls for US government action

The Cyber Security Industry Alliance (CSIA) has called for the US Federal Government to take action on a series of recommendations to strengthen the defences of the nation's information infrastructure in 2006.

The CSIA, an industry group which aims to ensure the privacy, reliability and integrity of information systems through public policy, technology, education and awareness, has produced a 'National Agenda for Information Security in 2006'. The Agenda identifies specific actions required to improve information security in the US. In addition, the Alliance has produced a report on the US government's progress (or what it considers the lack thereof) in strengthening information security over the past year. According to the report, 65 per cent of Americans believe that the government needs to make information security a higher priority than it currently is.

The CSIA calls on the US Administration and Congress to implement the following actions:

  • Pass a national data breach notification bill.

  • Pass a national spyware protection bill.

  • Ensure cyber security protection is applied to the health care infrastructure.

  • Promote information security governance in the private sector.

  • Direct a federal agency to track the costs associated with cyber attacks.

  • Secure digital control systems.

  • Improve the quality of software security by strengthening NIAP certification.

  • Fill new cyber security posts in the Department of Homeland Security.

  • Ratify the Council of Europe's Convention on Cybercrime.

  • Increase R&D funding for information security.

  • Complete the HSPD-12 initiative for government-wide authentication.

  • Ensure continuity of government operations with telework.

Paul Kurtz, executive director of the CSIA, explained: 'We urge the government to take action on the 13 critical steps ... that we believe will help to immediately strengthen our information systems and begin to raise the confidence of our citizens in our networks.'



Latest articles:

VB2018 paper: Uncovering the wholesale industry of social media fraud: from botnets to bulk reseller panels

In this paper GoSecure researchers Masarah Paquet-Clouston and Olivier Bilodeau explore an undocumented segment of the social media fraud (SMF) industry: wholesaling, from botnet supply operations to bulk reselling.

VB2018 paper: Now you see it, now you don't: wipers in the wild

There has recently been a trend of APT campaigns including a 'wiper' functionality to destroy data, either as a means to remove evidence or as its core purpose. This paper examines three different classifications of wipers through examples of various…

VB2018 paper: Who wasn’t responsible for Olympic Destroyer

Paul Rascagnères & Warren Mercer present the malware that they have identified – with moderate confidence – as having been used in the attack against the 2018 Winter Olympic Games. They describe the malware’s propagation techniques and its…

VB2018 paper: From drive-by download to drive-by mining: understanding the new paradigm

Jérôme Segura discusses the rise of drive-by cryptocurrency mining, explaining how it works and putting it in the broader context of changes in the cybercrime landscape.

The dark side of WebAssembly

The WebAssembly (Wasm) format rose to prominence recently when it was used for cryptocurrency mining in browsers. This opened a Pandora’s box of potential malicious uses of Wasm. In this paper Aishwarya Lonkar & Siddhesh Chandrayan walk through some…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.