Slashdot Mirror
Cybersecurity Firms Form Industry Association
An anonymous reader writes "Washington Technology is reporting that a new industry association centered around cybersecurity has been formed, to make sure security firms like RSA Security Inc., PGP Corp., Network Associates Inc., and others get their voices heard in Washington." Art Coviello, CEO of RSA Security Inc, is quoted in the article as saying: "The country is faced with the serious threat of terrorism and the possibility of cyberterrorism. If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure."
So the next new bubble is exploiting people's paranoia huh?
I've actually heard people say that "only paranoids use PGP". Now they'll eat their words!
Let's see. Yesterday on Slashdot we had Microsoft adding anti-viral features into the next generation of Windows and today the anti-malware industry comes up with a lobbist group. Somehow, I think this has more to do of the security of their businesses from Microsoft's strengths than the security of any computers from Microsoft's weaknesses.
Does not equal one technology, one protocol, one methodology, one market...
One target.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Why didn't the executive members of these firms join the High Technology Crime Investigation Association? They already exist, and already have quite a number of members, and a lot of law enforcement are members too.
libertarianswag.com
I thought Kurtz got drummed out of the Homeland Security department (with no shortage of bad blood) after Congress gave his GovNet idea the cold shoulder. Maybe I'm remembering wrong; either way from what I remember of his proposals when he was in DHS they're all based around the idea of putting a (hopefully) impenetrable barrier (a Maginot Firewall?) around critical resources rather than constructing a compartmentalized defense-in-depth.
Am I wrong in remembering that Kurtz was politely but firmly fired? If so will he help CSIA or just make their lobbying efforts more awkward?
All's true that is mistrusted
In case someone hasn't posted it yet, here is their page:
http://www.csialliance.org/
Something tells me that when they say "get their voices heard," it means a line-item in the next budget. Damn Lobbyists.
Translating those bullet points from business blabber to geek speak...
Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats
Promising that their security products have appropirate government backdoors.
Improving corporate governance of information security
Making sure companies are required to purchase more of their products.
Improving federal procurement practices and guidelines
Making sure the government purchases more of their products.
Identifying gaps in cybersecurity research and development
Encuraging government research to do R&D for them.
Collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications for cybersecurity
Making sure that add-on products are always standard equipment, rather than fixing OS flaws.
Supporting campaigns to improve awareness of cybersecurity
Encuraging the government to help with their marketing.
Supporting cybersecurity academic and workforce development programs
Ensuring an even further oversupply of tech workers is created so their labor costs stay low.
Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
Talk the Senate into approving this thing here that mandates international cooperation in anti-hacking investigations.
Oooh! I can't wait to see what kind of wacky, Orwellian, DRM-filled, DMCA protected bills they will try and shove down our throats with their big money lobbying powers.
Perhaps they'll decide that Microsoft is the reason for the (security) season and we'll get some anti-anti-trust laws in there.
OT- what the hell happened to the comment list in the user tab? Did I just eat a mushroom?
...who thinks that this sounds wrong?
"Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats"
How would RSA Security Inc. or PGP Corp. know about terrorist actions? This sounds like an excuse for the government to require back doors in crypto products.
Now I need to find my tin-foil hat...
EVERYDAY IS CATURDAY
I imagine this will be good for making security an issue with lawmakers. But these things have a habit of being bought out by corporate interests. It will be interesting to watch them evolve and see whether a line for the party to toe gets drawn in the sand or whether they really do some good things like attacking the DMCA's restrictions on academic discussion of vulnerabilities.
This is more important than ever with voting becoming privatized (Diebold etc) as certain vulnerabilities are matters of grave public interest.
The whole idea of privatizing voting just does feel right does it? Why should corporate interests be running these things? Is there not such a thing as "society"? And if there is, why can't "society" do some things for itself rather than outsource them to corporations. Getting offtopic here... I will end.
Maybe they'll have a super-useful color coding system to let us know how much of a threat to our computers there is.
Boy, that'll be informative.
Just my $0.55 (US inflation, 1774-2008, for $0.02)
Why on earth isn't Microsoft on this list?
... consider this:
Now, before anyone chimes in with "Microsoft? Security? Thou smoketh crack!"
Members said the group's mission is to improve cybersecurity through public policy initiatives, public-sector partnerships, corporate outreach, academic programs, adoption of industry technology standards and public education.
Microsoft is an influence in some of those areas, a heavy influence in others, and a governing influence in others.
Would it not be of vital importance that they be a member of this group?
The coolest voice ever.
I could see the government supporting companies like Lockheed and the such. Yet, if I was the president of my very own nation why would I would trust anything in the public software industry, no matter how secure they say they are, when the very technology they create can easily be leaked and used against whoever uses the creations of the cybersecurity companies? Maybe a example would be better. If I worked at a war factory and gave the schematics of some sort of top secret, new tank. There are a couple problems in that the country that receives the information might not be able to use the plans because of lack of complicated subcomponents either because another company makes that subcomponent or the country can't make it because of lack of tools to manufacture. Now if a software company had their code stolen it can be enacted almost immediatly. Maybe the stripped down OSs might not be able to work the code but what prevents other nations from importing the hardware and software to get it to compile and run?
I think most knowledgeable security people read that quote and cringed. I'm dissapointed to see RSA going the fear salesman route. Well if you can't beat the charlatans, might as well join them.
It's generally accepted within the legitimate security community that cyber terrorism is a non-issue. The threat can be completely mitigated by creating laws that prohibit safety critical systems from being connected to the internet. (eg. Traffic systems). And if we expand the definition of cyberspace to the limit, we need to move away from insecure SCADA systems. That's it.
I strongly advocate all those who value liberty boycotting CSI and all member companies.
Any organization which advocates ratification of the CoE's Convention on Cybercrime is an extreme threat to free speech, liberty, and commerce online.
Specifically, boycott:
# BindView Corp.
# Check Point Software Technologies Ltd.
# Computer Associates International Inc.
# Entrust Inc.
# Internet Security Systems Inc.
# NetScreen Technologies Inc.
# Network Associates Inc.
# PGP Corp.
# Qualys Inc.
# RSA Security Inc.
# Secure Computing Corp.
# Symantec Corp
Thankfully it is easy to boycott all of these companies, since they tend to be evil to begin with.
we won't need them anymore now that Microsoft is Trustworthy.
...
Wow, another association to cloud the minds of the legislature and people. Professional associations have so much power nowadays with the way they influence policy and are practically infallible in the judicial system.
Even worse, many people don't even know that Adam Smith, writer of The Wealth of Nations who first described capitalist marketism, was vehemently against professional associations and corporations for the fact that they reduce competition and free markets.
Clearly, a market isn't 'free' anymore if the only selections that you have in the store are corporate products.
this group may well be being formed as a reaction to MS planning to enter the security business
RSA is practically a standard-setter in themselves, and their encryption is used in countless Microsoft products. RSA is effectively a partner with almost the entire software industry, including Microsoft. Do you seriously think the only reason they were so instrumental in forming this group was that they were scared of Microsoft's security enhancements?
Furthermore, Paul Kurtz is heading the team. As the website puts it, he was "special assistant to the president and senior director for critical infrastructure protection on the White House Homeland Security Council." I don't see how a fear of Microsoft factors into the choice of Kurtz as executive director of the group.
....put that backdoor in any open source project.
We'll have safe code as long as we write and watch the code.
if MS were to put out a perfectly secure operating system, these companies would lose a good chuck of their revenues...
I don't know about that... so many of the security protocols (like ssh) and the encryptions like rsa) used in ms's stuff was produced by totally different companies--seems like they have a solid role to play in the evolution of ms wares, since the r&d associated with all sorts of security is so flippin' broad that even a titan like ms can't foot the whole dollar-and-resource bill.
Keep /. fair and intelligent!!!
To understand recursion, you must first understand recursion.
again america will be a frontrunner in creating a new enviroment. a safe computing enviroment for the masses. designed by coroprations, with the the goverment in mind.
they will take care of all your needs...
finaly we will see this funky abstract interface to the internet that _they_ think it should have looked like. lockin at every corner. intenet with an windows xp design (hey, this is slashdot), running on drm restricted hardware. computers limited and controled by someone else, but not who paid for it. computer experience for mom'n'pop, save and controlable.
thinking too much into this? yeah, sure. i see freedoms get lost in free america day by day. and this will be forced on all of the world. just as those features they propose will become obligatory with the right goverment. - hey we all have the right goverment? don't we? we/you elected them. so they will do the right thing. - right.
Yesterday on Slashdot we had Microsoft adding anti-viral features into the next generation of Windows and today the anti-malware industry comes up with a lobbist group. Somehow, I think this has more to do of the security of their businesses from Microsoft's strengths than the security of any computers from Microsoft's weaknesses.
I agree, but for a different reason.
The entire business model of the anti-malware industry (or at least the named companies) depends on widespread deployment of insecure networks and servers to create a demand for their products.
So one can expect them to advise and pressure congress and other government officials to keep the deployed base as insecure as possible, to maintain and expand their market and thus their bottom line.
Government pressure on the dominant software vendor to improve its own security, government support for (or removal of roadblocks against) secure software alternatives and development models, and government conversion to secure software, are all a threat to their bottom line.
So expect them to advise the government to take action that would inhibit all of the above.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Watchdog group to oversee their activities? Any takers?
Asymetric encryption in every pot!
Personal firewalls as a right!
Tax breaks for vulnerability scans!
Secure coding is bad for the economy!
America's childred deserve the latest bolt-on, after-the-fact, security solutions! You aren't against America's children...are you?
Seriously, print this out for future reference.
Boy, I sure hope a cyberterrorist doesn't cyber-hijack a cyberplane, and cybercrash it into a big cyberbuilding!
I might even have to stand up from my cyberterminal in cyberspace, if that were to cyber-happen.
All I can say is, I'm cyber-scared, and I hope the cybercops can protect me and my cyberfamily!
Amazing. Considering who's heading things up, I guess one should *not* be suprised to see that Counterpane and Bruce Schneier are not part of the list.
Mr. Schneier represents a calm voice that is firmly, lucidly, and actively opposed to the tradeoffs being made by giving away too much liberty in return for too little new security.
He's got some excellent essays here. Highly recommended.
Cadmann
From their web site, they say their initiatives are:
# Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats
# Improving corporate governance of information security
# Improving federal procurement practices and guidelines
# Identifying gaps in cybersecurity research and development
# Collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications for cybersecurity
# Supporting campaigns to improve awareness of cybersecurity
# Supporting cybersecurity academic and workforce development programs
# Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
They sound pretty reasonable to me..
They one that might have some bad implications is the last one:
# Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure. . .
and operate as a cartel under color of the public weal.
illegitimii non ingravare
It's a business lobbying consortium. It's not designed to advocate the views of the individual -- it's to try to siphon Homeland Security money into the coffers of RSA and a couple of security-related companies.
That doesn't mean that it won't have positive benefits -- I would *dearly* love to somehow see increased emphasis on security finally convince people to use PGP more -- but these people are not out to try and make your life better, a la the EFF.
May we never see th
and make a huge pile of money^H^H^H^H^H^H^H^H^H^H^H^H^H um, contribution to national security. cuz, we're like, um, patriots.
Sacred cows make the best burgers.
The AV companies talk about terrorism? Yeah, "wee care". Really. That's hilarious. They are just interested in their profits. Only in the US can they use such excusions and are not laughed off the stage.
The word terrorism has suffered an inflation when it has been misused after sept. 11th. When I hear that word on tv I immediately switch channel.
Nowadays anything bad may be categorized as terrorism. But we have had laws before sept. 11th that punish for crimes. Why can't we just use those laws? Why we need an extra "terrorism" label for those actions? It's just that those in power are fooling people. They created the new "terrorism" category and repeat it over and over again until it becomes a fact.
Disgusting.
Please check out washingtonpost.com's more detailed report on the new group's goals.
If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure.
Speaking with one voice is a good thing: Strength in Unity.
Speaking with one voice is a bad thing: Way of the Fascist.
-kgj
-kgj