CSIA sets agenda for government action


Helen Martin

Virus Bulletin, UK
Editor: Helen Martin


Cyber Security Industry Alliance calls for US government action

The Cyber Security Industry Alliance (CSIA) has called for the US Federal Government to take action on a series of recommendations to strengthen the defences of the nation's information infrastructure in 2006.

The CSIA, an industry group which aims to ensure the privacy, reliability and integrity of information systems through public policy, technology, education and awareness, has produced a 'National Agenda for Information Security in 2006'. The Agenda identifies specific actions required to improve information security in the US. In addition, the Alliance has produced a report on the US government's progress (or what it considers the lack thereof) in strengthening information security over the past year. According to the report, 65 per cent of Americans believe that the government needs to make information security a higher priority than it currently is.

The CSIA calls on the US Administration and Congress to implement the following actions:

  • Pass a national data breach notification bill.

  • Pass a national spyware protection bill.

  • Ensure cyber security protection is applied to the health care infrastructure.

  • Promote information security governance in the private sector.

  • Direct a federal agency to track the costs associated with cyber attacks.

  • Secure digital control systems.

  • Improve the quality of software security by strengthening NIAP certification.

  • Fill new cyber security posts in the Department of Homeland Security.

  • Ratify the Council of Europe's Convention on Cybercrime.

  • Increase R&D funding for information security.

  • Complete the HSPD-12 initiative for government-wide authentication.

  • Ensure continuity of government operations with telework.

Paul Kurtz, executive director of the CSIA, explained: 'We urge the government to take action on the 13 critical steps ... that we believe will help to immediately strengthen our information systems and begin to raise the confidence of our citizens in our networks.'



Latest articles:

VB99 paper: Giving the EICAR test file some teeth

There are situations that warrant the use of live viruses. There are also situations where the use of live viruses is unwarranted. Specifically, live viruses should not be used when safer and equally effective methods can be used to obtain the…

Powering the distribution of Tesla stealer with PowerShell and VBA macros

Since their return more than four years ago, Office macros have been one of the most common ways to spread malware. In this paper, Aditya K Sood and Rohit Bansal analyse a campaign in which VBA macros are used to execute PowerShell code, which in…

VB2017 paper: Android reverse engineering tools: not the usual suspects

In the Android security field, all reverse engineers will probably have used some of the most well-known analysis tools such as apktool, smali, baksmali, dex2jar, etc. These tools are indeed must‑haves for Android application analysis. However, there…

VB2017 paper: Exploring the virtual worlds of advergaming

As adverts in gaming (‘advergaming’) ecosystems continue to become more sophisticated, so the potential complications grow for parents, children and gamers, who just want to play without having to worry about where their data is going (and how it is…

Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach

Two or more mobile apps, viewed independently, may not appear to be malicious - but in combination, they could become harmful by exchanging information with one another and by performing malicious activities together. In this paper we look at how…

Bulletin Archive