Security Firms Forge 'Cyber' Alliance
A dozen software, hardware, and services companies will lobby for public policy and standards, but without the help of Microsoft.
SAN FRANCISCO -- A dozen computer security firms announced a new advocacy group Wednesday with the goal of protecting the enterprise and critical networked infrastructures.
The Washington-based non-profit collective calls itself the Cyber Security Industry Alliance (CSIA).
Paul Kurtz, former special assistant to President Bush and a senior director for the White House Homeland Security Council, is serving as executive director of the new group. Charter members include Symantec, Network Associates, Computer Associates, RSA Security, BindView, Entrust, Internet Security Systems, PGP Corp, Secure Computing, Qualys, NetScreen Technologies and CheckPoint Software.
Members said the group came together as a direct response to Department of Homeland Security (DHS) secretary Tom Ridge's call in December for private enterprise to take the lead on protecting critical systems.
Kurtz said CSIA is different from other trade organizations, such as the 400-member Information Technology Association of America (ITAA), in that it is solely focused on security software and hardware. Kurtz said CSIA would automatically work with other groups as well.
"We clearly have a lot of work ahead of us," Kurtz told attendees at the RSA Security Conference here. "If we can speak with one voice, however, we can help protect the critical infrastructure."
When asked why Microsoft, one of the largest influences in security software, was not a member of the group, Kurtz said the company had not been contacted. "Our initiatives must work within the major operating systems," he said. "We're going to have to work with Microsoft and other vendors eventually."
A spokesperson for Redmond, Wash.-based software vendor was not immediately available for comment. In his keynote address Tuesday, Microsoft's Chairman and Chief Software Architect Bill Gates said the biggest part of the company's $6 billion R&D investment is focused on security.
For its fledgling year, Kurtz said CSIA would focus primarily on public policy, education programs, awareness campaigns, and setting standards. The group said it is also awaiting the results of the December DHS study, which many of the member companies are helping to compile. Kurtz said it was too early to talk about using the collective power of the membership to establish a legal body capable of litigating against hackers or spammers.
Kurtz said CSIA would also extend its invitation to non-U.S. companies and that it was in contact with the European Union and other NATO states. The new group, however, would focus more on setting public policy with regard to Common Criteria and related standards. The group said Charter and Principle Membership is open to companies focused on security, but must be approved by the Board of directors.
Overall, Kurz called for more collaboration in the industry and cited the recent "MyDoom" epidemic and the Pentagon's decision this year to suspend electronic voting for military personnel abroad as proof that security issues are still suffering from incompatibility and a lack of structure.