The US government has made little progress with cybersecurity over the past year, according to the Cyber Security Industry Alliance (CSIA)

The Department of Homeland Security (DHS) has failed to hire an assistant secretary, and research and development within the US government is in "crisis", said Paul Kurtz, executive director CSIA.

The US government has a "special role" to play in promoting and modeling cybersecurity, he said. "The bottom line is there continues to be a lack of leadership, hard work and execution when it comes to securing the information infrastructure. Let me be clear: We are not seeking to condemn the government or those currently involved in cybersecurity. They have good intentions. However, execution is what counts in the end."

CSIA also released a survey showing significant consumer concerns about online safety and graded the US government on 12 cybersecurity priorities. It gave six Ds, one F and only one of the remaining five, scored above C.

One high-ranking Democrat used the CSIA report [pdf] to criticise the DHS. “Where is the government’s leadership on cybersecurity?" said Bennie Thompson of Mississippi. "How long will the nation have to wait? I, for one, hope Mr Chertoff doesn’t wait until a cyberattack causes billions of dollars in damages or results in lost lives before he decides to appoint an assistant secretary to take charge of our nation’s cyber crisis.”

CSIA gave the government a "B" for progress toward ratifying the Council of Europe's Convention on Cybercrime. In July, the Senate Foreign Relations Committee approved the document, which would allow greater international co-operation in cybercrime investigations, but the full Senate has not taken a vote.

Europe's cybercrime laws are "light years ahead" of those in the US, said Phillip Dunkelberger, CEO of CSIA member PGP.

Among those CSIA priorities earning Ds were: direct a federal agency to track costs of cyberattacks; promote cybersecurity corporate governance in the private sector, and; strengthen information sharing between the government and private sector.

CSIA released 13 cybersecurity recommendations for the US government. The list, with many items repeated from CSIA's 2004 list, includes:

  • Pass a national data breach notification bill.
  • Pass a national spyware protection bill.
  • Increase research and development funding for cybersecurity.
  • Promote telework options for government employees, thus creating a backup network of computers for government agencies.
  • Include cybersecurity planning as the US government moves toward IPv6.

The full CSIA report is available here [pdf]. .