Slashdot Mirror
Cybersecurity Firms Form Industry Association
An anonymous reader writes "Washington Technology is reporting that a new industry association centered around cybersecurity has been formed, to make sure security firms like RSA Security Inc., PGP Corp., Network Associates Inc., and others get their voices heard in Washington." Art Coviello, CEO of RSA Security Inc, is quoted in the article as saying: "The country is faced with the serious threat of terrorism and the possibility of cyberterrorism. If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure."
So the next new bubble is exploiting people's paranoia huh?
I've actually heard people say that "only paranoids use PGP". Now they'll eat their words!
Let's see. Yesterday on Slashdot we had Microsoft adding anti-viral features into the next generation of Windows and today the anti-malware industry comes up with a lobbist group. Somehow, I think this has more to do of the security of their businesses from Microsoft's strengths than the security of any computers from Microsoft's weaknesses.
Does not equal one technology, one protocol, one methodology, one market...
One target.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Why didn't the executive members of these firms join the High Technology Crime Investigation Association? They already exist, and already have quite a number of members, and a lot of law enforcement are members too.
libertarianswag.com
I thought Kurtz got drummed out of the Homeland Security department (with no shortage of bad blood) after Congress gave his GovNet idea the cold shoulder. Maybe I'm remembering wrong; either way from what I remember of his proposals when he was in DHS they're all based around the idea of putting a (hopefully) impenetrable barrier (a Maginot Firewall?) around critical resources rather than constructing a compartmentalized defense-in-depth.
Am I wrong in remembering that Kurtz was politely but firmly fired? If so will he help CSIA or just make their lobbying efforts more awkward?
All's true that is mistrusted
In case someone hasn't posted it yet, here is their page:
http://www.csialliance.org/
Something tells me that when they say "get their voices heard," it means a line-item in the next budget. Damn Lobbyists.
Translating those bullet points from business blabber to geek speak...
Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats
Promising that their security products have appropirate government backdoors.
Improving corporate governance of information security
Making sure companies are required to purchase more of their products.
Improving federal procurement practices and guidelines
Making sure the government purchases more of their products.
Identifying gaps in cybersecurity research and development
Encuraging government research to do R&D for them.
Collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications for cybersecurity
Making sure that add-on products are always standard equipment, rather than fixing OS flaws.
Supporting campaigns to improve awareness of cybersecurity
Encuraging the government to help with their marketing.
Supporting cybersecurity academic and workforce development programs
Ensuring an even further oversupply of tech workers is created so their labor costs stay low.
Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
Talk the Senate into approving this thing here that mandates international cooperation in anti-hacking investigations.
Oooh! I can't wait to see what kind of wacky, Orwellian, DRM-filled, DMCA protected bills they will try and shove down our throats with their big money lobbying powers.
Perhaps they'll decide that Microsoft is the reason for the (security) season and we'll get some anti-anti-trust laws in there.
OT- what the hell happened to the comment list in the user tab? Did I just eat a mushroom?
...who thinks that this sounds wrong?
"Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats"
How would RSA Security Inc. or PGP Corp. know about terrorist actions? This sounds like an excuse for the government to require back doors in crypto products.
Now I need to find my tin-foil hat...
EVERYDAY IS CATURDAY
I imagine this will be good for making security an issue with lawmakers. But these things have a habit of being bought out by corporate interests. It will be interesting to watch them evolve and see whether a line for the party to toe gets drawn in the sand or whether they really do some good things like attacking the DMCA's restrictions on academic discussion of vulnerabilities.
This is more important than ever with voting becoming privatized (Diebold etc) as certain vulnerabilities are matters of grave public interest.
The whole idea of privatizing voting just does feel right does it? Why should corporate interests be running these things? Is there not such a thing as "society"? And if there is, why can't "society" do some things for itself rather than outsource them to corporations. Getting offtopic here... I will end.
Maybe they'll have a super-useful color coding system to let us know how much of a threat to our computers there is.
Boy, that'll be informative.
Just my $0.55 (US inflation, 1774-2008, for $0.02)
Yeah, I think he's now leading a counter-terrorism effort somewhere within the axes of instability. Africa, IIRC? Or was it Vietnam?
Hmm. Definitely something scary going on at the heart of this.
Why on earth isn't Microsoft on this list?
... consider this:
Now, before anyone chimes in with "Microsoft? Security? Thou smoketh crack!"
Members said the group's mission is to improve cybersecurity through public policy initiatives, public-sector partnerships, corporate outreach, academic programs, adoption of industry technology standards and public education.
Microsoft is an influence in some of those areas, a heavy influence in others, and a governing influence in others.
Would it not be of vital importance that they be a member of this group?
The coolest voice ever.
I could see the government supporting companies like Lockheed and the such. Yet, if I was the president of my very own nation why would I would trust anything in the public software industry, no matter how secure they say they are, when the very technology they create can easily be leaked and used against whoever uses the creations of the cybersecurity companies? Maybe a example would be better. If I worked at a war factory and gave the schematics of some sort of top secret, new tank. There are a couple problems in that the country that receives the information might not be able to use the plans because of lack of complicated subcomponents either because another company makes that subcomponent or the country can't make it because of lack of tools to manufacture. Now if a software company had their code stolen it can be enacted almost immediatly. Maybe the stripped down OSs might not be able to work the code but what prevents other nations from importing the hardware and software to get it to compile and run?
I think most knowledgeable security people read that quote and cringed. I'm dissapointed to see RSA going the fear salesman route. Well if you can't beat the charlatans, might as well join them.
It's generally accepted within the legitimate security community that cyber terrorism is a non-issue. The threat can be completely mitigated by creating laws that prohibit safety critical systems from being connected to the internet. (eg. Traffic systems). And if we expand the definition of cyberspace to the limit, we need to move away from insecure SCADA systems. That's it.
I strongly advocate all those who value liberty boycotting CSI and all member companies.
Any organization which advocates ratification of the CoE's Convention on Cybercrime is an extreme threat to free speech, liberty, and commerce online.
Specifically, boycott:
# BindView Corp.
# Check Point Software Technologies Ltd.
# Computer Associates International Inc.
# Entrust Inc.
# Internet Security Systems Inc.
# NetScreen Technologies Inc.
# Network Associates Inc.
# PGP Corp.
# Qualys Inc.
# RSA Security Inc.
# Secure Computing Corp.
# Symantec Corp
Thankfully it is easy to boycott all of these companies, since they tend to be evil to begin with.
I recommend Mike. He sounds authoritative. ^^
i think we would benefit from a unified voice of the encryption technologies and their developers just like the article says. but do we really want to mess with the already fascist feds when it comes to encryption algorithms? i am sure that groups like the NSA, CIA, and FBI have their own versions of encryption algorithms that might just put the ones in the civillian sectors to shame.
Keep the faith, share the code
Rather, quite a reasonable observation...
we won't need them anymore now that Microsoft is Trustworthy.
...
Wow, another association to cloud the minds of the legislature and people. Professional associations have so much power nowadays with the way they influence policy and are practically infallible in the judicial system.
Even worse, many people don't even know that Adam Smith, writer of The Wealth of Nations who first described capitalist marketism, was vehemently against professional associations and corporations for the fact that they reduce competition and free markets.
Clearly, a market isn't 'free' anymore if the only selections that you have in the store are corporate products.
I think for the moment it's purely a lobbying organization, an association on paper, and not much more. Perhaps Microsoft will eventually sign on? I'd like to see them do so, it would show they will follow through with opportunities that present themselves.
this group may well be being formed as a reaction to MS planning to enter the security business
RSA is practically a standard-setter in themselves, and their encryption is used in countless Microsoft products. RSA is effectively a partner with almost the entire software industry, including Microsoft. Do you seriously think the only reason they were so instrumental in forming this group was that they were scared of Microsoft's security enhancements?
Furthermore, Paul Kurtz is heading the team. As the website puts it, he was "special assistant to the president and senior director for critical infrastructure protection on the White House Homeland Security Council." I don't see how a fear of Microsoft factors into the choice of Kurtz as executive director of the group.
....put that backdoor in any open source project.
We'll have safe code as long as we write and watch the code.
if MS were to put out a perfectly secure operating system, these companies would lose a good chuck of their revenues...
I don't know about that... so many of the security protocols (like ssh) and the encryptions like rsa) used in ms's stuff was produced by totally different companies--seems like they have a solid role to play in the evolution of ms wares, since the r&d associated with all sorts of security is so flippin' broad that even a titan like ms can't foot the whole dollar-and-resource bill.
In other words, if MS were to put out a perfectly secure operating system, these companies would lose a good chuck of their revenues...
Now if that's not job security, nothing is.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
again america will be a frontrunner in creating a new enviroment. a safe computing enviroment for the masses. designed by coroprations, with the the goverment in mind.
they will take care of all your needs...
finaly we will see this funky abstract interface to the internet that _they_ think it should have looked like. lockin at every corner. intenet with an windows xp design (hey, this is slashdot), running on drm restricted hardware. computers limited and controled by someone else, but not who paid for it. computer experience for mom'n'pop, save and controlable.
thinking too much into this? yeah, sure. i see freedoms get lost in free america day by day. and this will be forced on all of the world. just as those features they propose will become obligatory with the right goverment. - hey we all have the right goverment? don't we? we/you elected them. so they will do the right thing. - right.
Yesterday on Slashdot we had Microsoft adding anti-viral features into the next generation of Windows and today the anti-malware industry comes up with a lobbist group. Somehow, I think this has more to do of the security of their businesses from Microsoft's strengths than the security of any computers from Microsoft's weaknesses.
I agree, but for a different reason.
The entire business model of the anti-malware industry (or at least the named companies) depends on widespread deployment of insecure networks and servers to create a demand for their products.
So one can expect them to advise and pressure congress and other government officials to keep the deployed base as insecure as possible, to maintain and expand their market and thus their bottom line.
Government pressure on the dominant software vendor to improve its own security, government support for (or removal of roadblocks against) secure software alternatives and development models, and government conversion to secure software, are all a threat to their bottom line.
So expect them to advise the government to take action that would inhibit all of the above.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I don't think there is anything called a "perfectly secure operating system". Sure microsoft could make its operating system more secure. The same could be said for any other operating system be it linux or BSD or MAC OS.
Watchdog group to oversee their activities? Any takers?
This sounds to me like the government will be putting in standardized backdoors, not helping to secure our yada yada yada. You want to see who's responsible for terrorism? That's all I have to say.
Asymetric encryption in every pot!
Personal firewalls as a right!
Tax breaks for vulnerability scans!
Secure coding is bad for the economy!
America's childred deserve the latest bolt-on, after-the-fact, security solutions! You aren't against America's children...are you?
Seriously, print this out for future reference.
Boy, I sure hope a cyberterrorist doesn't cyber-hijack a cyberplane, and cybercrash it into a big cyberbuilding!
I might even have to stand up from my cyberterminal in cyberspace, if that were to cyber-happen.
All I can say is, I'm cyber-scared, and I hope the cybercops can protect me and my cyberfamily!
Amazing. Considering who's heading things up, I guess one should *not* be suprised to see that Counterpane and Bruce Schneier are not part of the list.
Mr. Schneier represents a calm voice that is firmly, lucidly, and actively opposed to the tradeoffs being made by giving away too much liberty in return for too little new security.
He's got some excellent essays here. Highly recommended.
Cadmann
Everything OK on my Mac, everything is a calm blue.
Actions like modding this post to 'troll' are the reason metamoderation exists... Proving once again that metamoderation is a civic duty, don't shirk it!
First you post something fair and intelligent ...
Keep /. fair and intelligent!!!
...then you sucker-punch us with a masterful troll.
I think exploiting (pun intended) peoples fears has been part and parcel of the landscape for quite a while. It's just tech firms are finally figuring it out for themselves.
Now the general geek population needs to figure it out.
From their web site, they say their initiatives are:
# Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats
# Improving corporate governance of information security
# Improving federal procurement practices and guidelines
# Identifying gaps in cybersecurity research and development
# Collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications for cybersecurity
# Supporting campaigns to improve awareness of cybersecurity
# Supporting cybersecurity academic and workforce development programs
# Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
They sound pretty reasonable to me..
They one that might have some bad implications is the last one:
# Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure. . .
and operate as a cartel under color of the public weal.
illegitimii non ingravare
Wow. Coincidence? I heard something about FCC fines going up all of a sudden. Bet you this is related to the whole Janet Jackson thing. I'm not kidding.
I believe it was moderated offtopic because, although accurate, it was not ontopic. Wait, ontopic?
It's a business lobbying consortium. It's not designed to advocate the views of the individual -- it's to try to siphon Homeland Security money into the coffers of RSA and a couple of security-related companies.
That doesn't mean that it won't have positive benefits -- I would *dearly* love to somehow see increased emphasis on security finally convince people to use PGP more -- but these people are not out to try and make your life better, a la the EFF.
May we never see th
and make a huge pile of money^H^H^H^H^H^H^H^H^H^H^H^H^H um, contribution to national security. cuz, we're like, um, patriots.
Sacred cows make the best burgers.
not getting out much either.
Think of it as a luxury mall selling lockpicks: for a few millions of dollars a foreign government can buy software to encrypt and authentify its records. for a few hundreds of millions of dollars the department of homeland security can buy software to audit any foreign records.
This is not a signature.
Look at the auto industry. They have advisory bodies actively working with government to ensure policians understand the ramifications of passing that latest pollution bill. They have taken the time to learn how politicans think and can talk both in the proper political language and also in the ever important WIIFM (What's in it for me) language. Making things personal for the people that make the decisions might not give them the ideal outcome (especially considering how much of a political issue the environment is) but they do get concessions, delayed implementations, compliance periods or any number of ways to water things down.
If by establishing an association of security professionals that are prepared to learn politician talk to actively promote security ideals we can improve the state of cybersecurity this is great. This means there will now be an organisation out there lobbying politicians to see that all those security principals we want to see employed are given sufficient focus.
What's the old saying.... the squeaky wheel get's the grease? Well now we are going to be a squeaky wheel for a while! If that even leads to one less government system hacked or reduces the damage associated with the latest virus attack this has got to be a great thing for all of us?
For your own sake, give the government everything it wants right now ! Think of the children !
The AV companies talk about terrorism? Yeah, "wee care". Really. That's hilarious. They are just interested in their profits. Only in the US can they use such excusions and are not laughed off the stage.
The word terrorism has suffered an inflation when it has been misused after sept. 11th. When I hear that word on tv I immediately switch channel.
Nowadays anything bad may be categorized as terrorism. But we have had laws before sept. 11th that punish for crimes. Why can't we just use those laws? Why we need an extra "terrorism" label for those actions? It's just that those in power are fooling people. They created the new "terrorism" category and repeat it over and over again until it becomes a fact.
Disgusting.
[insert witty comment here]
Ok, so these fucktards call themselves "Cyber Security Industry Alliance" .. and the *minimum* ante to play the game is 60 FUCKING THOUSAND DOLLARS?!?! PER YEAR!?!??!
I'm sorry. I must be wholly confused. I run a smallish business that does high quality network, host, and application security for a couple specific markets. We know the risks associated with those markets well, therefore we can tailor our solutions better than any 'bolt-on' possibly could.
I'm part of this "Industry" as they call it and there's no way I've got $60K just laying around to toss at this. I'm not seeing a direct ROI here. Perhaps a $1K, $5K, or even a $10K level might be attractive, but these buttmunches are strictly going for an exclusive club.
HEY, GUYS. IF YOU PORTEND TO SPEAK FOR AN INDUSTRY, MAKE SURE THE INDUSTRY -CAN ACTUALLY HAVE A MOTHERFUCKING VOICE-. If this isn't blatantly apparent to any Schmoe off the street that this organization is nothing more than a tax-dollar-sucking, self-serving, feed-off-fears gaggle of mouthbreathing asshats, then said Schmoe need eir vision and common sense checked.
Grah. Pigfuckers.
Please check out washingtonpost.com's more detailed report on the new group's goals.
If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure.
Speaking with one voice is a good thing: Strength in Unity.
Speaking with one voice is a bad thing: Way of the Fascist.
-kgj
-kgj
Howard Stern likes to pick on the internet, but it won't be long before it is the only place to hear him.
What do you say to a person like that?
Free Software: Like love, it grows best when given away.