Slashdot Mirror
Cybersecurity Firms Form Industry Association
An anonymous reader writes "Washington Technology is reporting that a new industry association centered around cybersecurity has been formed, to make sure security firms like RSA Security Inc., PGP Corp., Network Associates Inc., and others get their voices heard in Washington." Art Coviello, CEO of RSA Security Inc, is quoted in the article as saying: "The country is faced with the serious threat of terrorism and the possibility of cyberterrorism. If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure."
So the next new bubble is exploiting people's paranoia huh?
Let's see. Yesterday on Slashdot we had Microsoft adding anti-viral features into the next generation of Windows and today the anti-malware industry comes up with a lobbist group. Somehow, I think this has more to do of the security of their businesses from Microsoft's strengths than the security of any computers from Microsoft's weaknesses.
Does not equal one technology, one protocol, one methodology, one market...
One target.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Why didn't the executive members of these firms join the High Technology Crime Investigation Association? They already exist, and already have quite a number of members, and a lot of law enforcement are members too.
libertarianswag.com
I thought Kurtz got drummed out of the Homeland Security department (with no shortage of bad blood) after Congress gave his GovNet idea the cold shoulder. Maybe I'm remembering wrong; either way from what I remember of his proposals when he was in DHS they're all based around the idea of putting a (hopefully) impenetrable barrier (a Maginot Firewall?) around critical resources rather than constructing a compartmentalized defense-in-depth.
Am I wrong in remembering that Kurtz was politely but firmly fired? If so will he help CSIA or just make their lobbying efforts more awkward?
All's true that is mistrusted
In case someone hasn't posted it yet, here is their page:
http://www.csialliance.org/
Something tells me that when they say "get their voices heard," it means a line-item in the next budget. Damn Lobbyists.
Translating those bullet points from business blabber to geek speak...
Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats
Promising that their security products have appropirate government backdoors.
Improving corporate governance of information security
Making sure companies are required to purchase more of their products.
Improving federal procurement practices and guidelines
Making sure the government purchases more of their products.
Identifying gaps in cybersecurity research and development
Encuraging government research to do R&D for them.
Collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications for cybersecurity
Making sure that add-on products are always standard equipment, rather than fixing OS flaws.
Supporting campaigns to improve awareness of cybersecurity
Encuraging the government to help with their marketing.
Supporting cybersecurity academic and workforce development programs
Ensuring an even further oversupply of tech workers is created so their labor costs stay low.
Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
Talk the Senate into approving this thing here that mandates international cooperation in anti-hacking investigations.
Oooh! I can't wait to see what kind of wacky, Orwellian, DRM-filled, DMCA protected bills they will try and shove down our throats with their big money lobbying powers.
Perhaps they'll decide that Microsoft is the reason for the (security) season and we'll get some anti-anti-trust laws in there.
OT- what the hell happened to the comment list in the user tab? Did I just eat a mushroom?
...who thinks that this sounds wrong?
"Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats"
How would RSA Security Inc. or PGP Corp. know about terrorist actions? This sounds like an excuse for the government to require back doors in crypto products.
Now I need to find my tin-foil hat...
EVERYDAY IS CATURDAY
I imagine this will be good for making security an issue with lawmakers. But these things have a habit of being bought out by corporate interests. It will be interesting to watch them evolve and see whether a line for the party to toe gets drawn in the sand or whether they really do some good things like attacking the DMCA's restrictions on academic discussion of vulnerabilities.
This is more important than ever with voting becoming privatized (Diebold etc) as certain vulnerabilities are matters of grave public interest.
The whole idea of privatizing voting just does feel right does it? Why should corporate interests be running these things? Is there not such a thing as "society"? And if there is, why can't "society" do some things for itself rather than outsource them to corporations. Getting offtopic here... I will end.
Maybe they'll have a super-useful color coding system to let us know how much of a threat to our computers there is.
Boy, that'll be informative.
Just my $0.55 (US inflation, 1774-2008, for $0.02)
Why on earth isn't Microsoft on this list?
... consider this:
Now, before anyone chimes in with "Microsoft? Security? Thou smoketh crack!"
Members said the group's mission is to improve cybersecurity through public policy initiatives, public-sector partnerships, corporate outreach, academic programs, adoption of industry technology standards and public education.
Microsoft is an influence in some of those areas, a heavy influence in others, and a governing influence in others.
Would it not be of vital importance that they be a member of this group?
The coolest voice ever.
I could see the government supporting companies like Lockheed and the such. Yet, if I was the president of my very own nation why would I would trust anything in the public software industry, no matter how secure they say they are, when the very technology they create can easily be leaked and used against whoever uses the creations of the cybersecurity companies? Maybe a example would be better. If I worked at a war factory and gave the schematics of some sort of top secret, new tank. There are a couple problems in that the country that receives the information might not be able to use the plans because of lack of complicated subcomponents either because another company makes that subcomponent or the country can't make it because of lack of tools to manufacture. Now if a software company had their code stolen it can be enacted almost immediatly. Maybe the stripped down OSs might not be able to work the code but what prevents other nations from importing the hardware and software to get it to compile and run?
I think most knowledgeable security people read that quote and cringed. I'm dissapointed to see RSA going the fear salesman route. Well if you can't beat the charlatans, might as well join them.
It's generally accepted within the legitimate security community that cyber terrorism is a non-issue. The threat can be completely mitigated by creating laws that prohibit safety critical systems from being connected to the internet. (eg. Traffic systems). And if we expand the definition of cyberspace to the limit, we need to move away from insecure SCADA systems. That's it.
I strongly advocate all those who value liberty boycotting CSI and all member companies.
Any organization which advocates ratification of the CoE's Convention on Cybercrime is an extreme threat to free speech, liberty, and commerce online.
Specifically, boycott:
# BindView Corp.
# Check Point Software Technologies Ltd.
# Computer Associates International Inc.
# Entrust Inc.
# Internet Security Systems Inc.
# NetScreen Technologies Inc.
# Network Associates Inc.
# PGP Corp.
# Qualys Inc.
# RSA Security Inc.
# Secure Computing Corp.
# Symantec Corp
Thankfully it is easy to boycott all of these companies, since they tend to be evil to begin with.
we won't need them anymore now that Microsoft is Trustworthy.
...
Wow, another association to cloud the minds of the legislature and people. Professional associations have so much power nowadays with the way they influence policy and are practically infallible in the judicial system.
Even worse, many people don't even know that Adam Smith, writer of The Wealth of Nations who first described capitalist marketism, was vehemently against professional associations and corporations for the fact that they reduce competition and free markets.
Clearly, a market isn't 'free' anymore if the only selections that you have in the store are corporate products.
Yesterday on Slashdot we had Microsoft adding anti-viral features into the next generation of Windows and today the anti-malware industry comes up with a lobbist group. Somehow, I think this has more to do of the security of their businesses from Microsoft's strengths than the security of any computers from Microsoft's weaknesses.
I agree, but for a different reason.
The entire business model of the anti-malware industry (or at least the named companies) depends on widespread deployment of insecure networks and servers to create a demand for their products.
So one can expect them to advise and pressure congress and other government officials to keep the deployed base as insecure as possible, to maintain and expand their market and thus their bottom line.
Government pressure on the dominant software vendor to improve its own security, government support for (or removal of roadblocks against) secure software alternatives and development models, and government conversion to secure software, are all a threat to their bottom line.
So expect them to advise the government to take action that would inhibit all of the above.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I used to say that, now all the paranoids are out to get me!
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Boy, I sure hope a cyberterrorist doesn't cyber-hijack a cyberplane, and cybercrash it into a big cyberbuilding!
I might even have to stand up from my cyberterminal in cyberspace, if that were to cyber-happen.
All I can say is, I'm cyber-scared, and I hope the cybercops can protect me and my cyberfamily!
Amazing. Considering who's heading things up, I guess one should *not* be suprised to see that Counterpane and Bruce Schneier are not part of the list.
Mr. Schneier represents a calm voice that is firmly, lucidly, and actively opposed to the tradeoffs being made by giving away too much liberty in return for too little new security.
He's got some excellent essays here. Highly recommended.
Cadmann
The AV companies talk about terrorism? Yeah, "wee care". Really. That's hilarious. They are just interested in their profits. Only in the US can they use such excusions and are not laughed off the stage.
The word terrorism has suffered an inflation when it has been misused after sept. 11th. When I hear that word on tv I immediately switch channel.
Nowadays anything bad may be categorized as terrorism. But we have had laws before sept. 11th that punish for crimes. Why can't we just use those laws? Why we need an extra "terrorism" label for those actions? It's just that those in power are fooling people. They created the new "terrorism" category and repeat it over and over again until it becomes a fact.
Disgusting.