CSIA Calls for Strategic National Information Assurance Policy

ARLINGTON, Va., Sept. 13 /PRNewswire/ -- The Cyber Security Industry Alliance (CSIA) today called for a more strategic and coordinated approach from the federal government to ensuring our nation's cyber security in two separate testimonies before...


ARLINGTON, Va., Sept. 13 /PRNewswire/ -- The Cyber Security Industry Alliance (CSIA) today called for a more strategic and coordinated approach from the federal government to ensuring our nation's cyber security in two separate testimonies before Congressional subcommittees. CSIA Executive Director Paul Kurtz emphasized that the level of attention given to securing our information infrastructure is inadequate considering the reliance of Americans on our cyber systems.

In testimony before the House Committee on Energy and Commerce's Subcommittee on Telecommunications and the Internet, Kurtz highlighted the importance of our nation's cyber systems, calling them the newest and most pervasive portion of our critical infrastructure, and discussed the federal government's role in its protection. At the core of CSIA's recommendations is the need for a Strategic National Information Assurance Policy that would outline the key roles that relevant government agencies should play in the protection of our cyber infrastructure.

"No single entity owns our information infrastructure and no single government agency is solely responsible for its protection. While the Department of Homeland Security clearly plays a critical role, many other agencies share responsibility for the overall well being of our cyber systems," said Kurtz. "Yet the government has shown little strategic direction or leadership when it comes to ensuring the resiliency and integrity of our information infrastructure and the protection of the privacy of our citizens. This is baffling when one considers that nearly every service we use, from our communications and utility networks to our financial and medical systems, is in some way reliant upon our nation's digital networks."

Kurtz gave more specific insight into the Department of Homeland Security's (DHS) role in ensuring our national cyber security in a separate testimony before House Committee on Homeland Security's Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity. In these remarks, he discussed the specific responsibilities DHS has for safeguarding our nation's cyber systems given its role as the focal point for infrastructure protection. He also noted the ways in which DHS is not living up to its responsibilities, including its lack of attention to the issue, the absence of DHS leadership in cyber security and the fact that there is no plan for preventing or minimizing a major cyber disaster and no strategy for working with the private sector to recover from a cyber disaster.

"Clearly the Department of Homeland Security has focused its efforts on securing our physical well-being, and rightly so. Yet, by not addressing the threats to our cyber systems, the Department is inadvertently leaving our nation vulnerable to a new attack vector," said Kurtz. "Our digital systems are already under a daily assault and while we have not yet seen a major cyber catastrophe, doing little to prevent or prepare for one is simply irresponsible given our national reliance on these systems."

Kurtz specifically pointed to the need to fill the position of assistant secretary for cybersecurity and telecommunications, a post that has been empty for the 14 months since its creation. He also encouraged DHS to focus on a smaller set of priorities around preventing and/or minimizing a major cyber disaster and to articulate a clear chain-of-command between the government and private sector in the case of such an incident.

In both testimonies, Kurtz called out the need for a cyber early warning system that provides the nation with situational awareness of attacks. This mechanism would be similar to the National Oceanic and Atmospheric Administration's (NOAA) National Hurricane Center, which can provide advance notice before a storm. While there are some similar warning mechanisms in place, we still are lacking a federally-supported, formal system that provides rapid and clear indication that an attack is underway and alerts all key stakeholders.

This content continues onto the next page...