Leading security firms, including Network Associates, Symantec and Computer Associates, have created an industry body to help influence public policy and improve Internet security.
The Cyber Security Industry Alliance (CSIA) will use its resources to try to influence public policy, foster new security technology standards and improve education about cybersecurity, according to a statement put out at the RSA conference in San Francisco this week.
CSIA is forming member committees to focus on individual issues, the group said. It will work with the US Department of Homeland Security to make it easier for businesses and the government to share information on cyberthreats. It will also collaborate with international standards organisations to back emerging security standards and specifications.
CSIA will be akin to other technology industry alliances, including the Business Software Alliance and TechNet, but will focus solely on cybersecurity issues, said Ron Moritz, chief security strategist at Computer Associates. Security companies often get overlooked in those groups, which have to balance the needs of disparate members, he explained. Through CSIA, group members hope to be able to influence domestic cybersecurity policy by speaking with a single voice to lawmakers and government officials on cybersecurity issues.
Legislators often lack good information on cybersecurity when drafting legislation, Moritz said, noting the proliferation of often confusing anti-spam legislation on Capitol Hill, including the recently passed Controlling the Assault of Non-Solicited Pornography and Marketing (CAN SPAM) Act of 2003. When poorly written, technology legislation, like CAN SPAM, can put financial and technical burdens on Internet service providers and other technology companies, yet fail to solve the problem it was written to address, Moritz said.
"If regulations are not designed properly as they move through The Hill, then the legislation fails and everyone is disappointed," he said. Cybersecurity companies can help avoid such failures by conferring with lawmakers before and while legislation is being considered, he said.
Moritz likened the CSIA to the actions of defense contractors such as Raytheon and others with business before the government. "We’re a new industry. In the cybersecurity space, our voices are individually being heard. Now, for first time, we're going to bring our ideas together and speak with a collective voice," he said.