Cybersecurity Firms Form Industry Association 129
An anonymous reader writes "Washington Technology is reporting that a new industry association centered around cybersecurity has been formed, to make sure security firms like RSA Security Inc., PGP Corp., Network Associates Inc., and others get their voices heard in Washington." Art Coviello, CEO of RSA Security Inc, is quoted in the article as saying: "The country is faced with the serious threat of terrorism and the possibility of cyberterrorism. If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure."
the new 'dot com'? (Score:5, Interesting)
Re:the new 'dot com'? (Score:5, Insightful)
Re:the new 'dot com'? (Score:2)
Let me get this straight, a guy with a pickup truck full of explosives is going to blow up (all withing a 10 block radius):
Re:the new 'dot com'? (Score:3, Funny)
Luxury mall for lockpicks (Score:1)
PGP (Score:3, Funny)
Re:PGP (Score:5, Funny)
I used to say that, now all the paranoids are out to get me!
Re:PGP (Score:1, Funny)
usually, there have to be 2 paranoids connected to get PGP useful
OT: The ultimate paranoid: (Score:1)
What do you say to a person like that?
Just what are we securing here? (Score:5, Interesting)
Re:Just what are we securing here? (Score:1)
*cough Lobby Group annoucement *cough. :)
Re:Just what are we securing here? (Score:3, Funny)
What I'm looking at as noteworthy here is that it might actually do some good in the process (maybe), since frankly I expect MS's own anti-viral features to suck more ass than a donkey vacuum.
Re:Just what are we securing here? (Score:2)
Even though their browser sucked, people stopped downloading Netscape. Now it is the RealPlayer's turn. Tomorrow it will be the anti-viruses, &c.
They wrestled the exception to allow themselves to add enhancements to the OS, and that is what they are doing. Other firms know, they are doomed and are trying to delay it...
Re:Just what are we securing here? (Score:3, Insightful)
I don't plan on touching a Windows box without first putting a combo of virus scanner and Spybot [safer-networking.org] on it first. I would expect that MS is targeting all of the idiots who don't have any virus protection (the same idiots who have yet to disable Messenger and enable the XP firewall). The people who have t
Re:Just what are we securing here? (Score:2, Interesting)
Re:Just what are we securing here? (Score:5, Insightful)
I doubt that this is an anti-Microsoft group as people are conspiricizing. It would make sense to join if you are a small to medium size business player and you don't run a policy office direct.
Its not just Microsoft thats missing, VeriSign and IBM are not there either, but they don't need this type of group.
Membership fees are pretty rich $150K or $60K. Thats not chump change. But it is much less than what a full DC policy setup would cost to run.
Lobbying for insecure software. (Score:5, Interesting)
I agree, but for a different reason.
The entire business model of the anti-malware industry (or at least the named companies) depends on widespread deployment of insecure networks and servers to create a demand for their products.
So one can expect them to advise and pressure congress and other government officials to keep the deployed base as insecure as possible, to maintain and expand their market and thus their bottom line.
Government pressure on the dominant software vendor to improve its own security, government support for (or removal of roadblocks against) secure software alternatives and development models, and government conversion to secure software, are all a threat to their bottom line.
So expect them to advise the government to take action that would inhibit all of the above.
Re:Lobbying for insecure software. (Score:1, Insightful)
Re:Lobbying for insecure software. (Score:3, Insightful)
Re:Lobbying for insecure software. (Score:2)
Re:Just what are we securing here? (Score:5, Insightful)
I may be sounding harsh... but think about it, and I know you will recognize many of the people you know who fit this mindset description. Just think work, school, or home.
Re:Just what are we securing here? (Score:1)
So, OK. If getting past a firewall involved shooting the gaurd in a fantasy world, then we'd all be screwed.
I helped run an ISP with my parents, and she was terrified for our safety after she watched The Net.
Re:Just what are we securing here? (Score:1)
Actually that was a mistake in the story's title. MS isn't planning on adding an anti-virus program to windows, but merely a security tool that monitors 3rd party an
Hopefully One Voice... (Score:5, Insightful)
Does not equal one technology, one protocol, one methodology, one market...
One target.
Re:Hopefully One Voice... (Score:5, Funny)
What was wrong with the HTCIA? (Score:5, Interesting)
Re:What was wrong with the HTCIA? (Score:1, Funny)
Headed by Paul Kurtz? (Score:5, Interesting)
I thought Kurtz got drummed out of the Homeland Security department (with no shortage of bad blood) after Congress gave his GovNet idea the cold shoulder. Maybe I'm remembering wrong; either way from what I remember of his proposals when he was in DHS they're all based around the idea of putting a (hopefully) impenetrable barrier (a Maginot Firewall?) around critical resources rather than constructing a compartmentalized defense-in-depth.
Am I wrong in remembering that Kurtz was politely but firmly fired? If so will he help CSIA or just make their lobbying efforts more awkward?
Re:Headed by Paul Kurtz? (Score:5, Insightful)
My instincts tell me that this is brain-dead. Any practical barrier is, by necessity, penetrable. A compartmental solution minimizes potential damage.
Of course, all of this is just metaphoric thinking.
Re:Headed by Paul Kurtz? (Score:2)
Their page (Score:5, Informative)
http://www.csialliance.org/ [csialliance.org]
What they really want (Score:5, Interesting)
Re:WHY is it a TROLL??? (Score:3, Insightful)
Keep /. fair and intelligent!!!
Re:WHY is it a TROLL??? (Score:2)
Paul B.
For the business impared... (Score:5, Insightful)
Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats
Promising that their security products have appropirate government backdoors.
Improving corporate governance of information security
Making sure companies are required to purchase more of their products.
Improving federal procurement practices and guidelines
Making sure the government purchases more of their products.
Identifying gaps in cybersecurity research and development
Encuraging government research to do R&D for them.
Collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications for cybersecurity
Making sure that add-on products are always standard equipment, rather than fixing OS flaws.
Supporting campaigns to improve awareness of cybersecurity
Encuraging the government to help with their marketing.
Supporting cybersecurity academic and workforce development programs
Ensuring an even further oversupply of tech workers is created so their labor costs stay low.
Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
Talk the Senate into approving this thing here [coe.int] that mandates international cooperation in anti-hacking investigations.
Re:For the business impared... (Score:2)
Encuraging government research to do R&D for them.
This is the only one of your points that I don't agree with. I think it's better read as "Encouraging the government to provide them with research funding."
Hmm. (Score:5, Interesting)
Oooh! I can't wait to see what kind of wacky, Orwellian, DRM-filled, DMCA protected bills they will try and shove down our throats with their big money lobbying powers.
Perhaps they'll decide that Microsoft is the reason for the (security) season and we'll get some anti-anti-trust laws in there.
OT- what the hell happened to the comment list in the user tab? Did I just eat a mushroom?
Re:Hmm. (Score:4, Funny)
Then how the hell do we work out which side we're on?
%-(
Re:Hmm. (Score:1)
Re:Hmm. (Score:2)
This is Slashdot.
We are on both sides (or against both sides depending on viewpoint;)
You have a significant tactical advantage if you can convince your enemy to "bunch up".
Re:Hmm. (Score:4, Funny)
Judge Orders Microsoft to Keep Security Flaws
Redmond (AP) - In a stunning revision of the laws of the free market, Justice Penfield Jackson has ruled today that Microsoft's closing of the vast plethora of security holes in its operating system is an anti-competetive act and ordered an injunction against releasing the patches to close these holes.
"This is the only possible just ruling," says the head of CSIA, stooge for security companies made rich by Microsoft's past stupidity ....
I am the only one... (Score:5, Insightful)
"Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats"
How would RSA Security Inc. or PGP Corp. know about terrorist actions? This sounds like an excuse for the government to require back doors in crypto products.
Now I need to find my tin-foil hat...
Re:I am the only one... (Score:4, Funny)
Let's see them... (Score:3, Insightful)
We'll have safe code as long as we write and watch the code.
lobby group good, industry censorship bad (Score:4, Interesting)
This is more important than ever with voting becoming privatized (Diebold etc) as certain vulnerabilities are matters of grave public interest.
The whole idea of privatizing voting just does feel right does it? Why should corporate interests be running these things? Is there not such a thing as "society"? And if there is, why can't "society" do some things for itself rather than outsource them to corporations. Getting offtopic here... I will end.
Re:lobby group good, industry censorship bad (Score:1)
Re:lobby group good, industry censorship bad (Score:1)
Group's initiatives to include (Score:5, Funny)
Maybe they'll have a super-useful color coding system [dhs.gov] to let us know how much of a threat to our computers there is.
Boy, that'll be informative.
Re:Group's initiatives to include (Score:5, Funny)
- Red Hat [redhat.com]
- OrangeLinux [sourceforge.net]
- Yellow Dog
- Blue Linux [bluelinux.org]
- Green [fbeedle.com]
Re:Group's initiatives to include (Score:2)
- Yellow Dog [yellowdoglinux.com]
Re:Group's initiatives to include (Score:3, Funny)
I have a question. (Score:5, Interesting)
Now, before anyone chimes in with "Microsoft? Security? Thou smoketh crack!"
Members said the group's mission is to improve cybersecurity through public policy initiatives, public-sector partnerships, corporate outreach, academic programs, adoption of industry technology standards and public education.
Microsoft is an influence in some of those areas, a heavy influence in others, and a governing influence in others.
Would it not be of vital importance that they be a member of this group?
Re:I have a question. (Score:5, Interesting)
I think it would be better microsoft doesn't joing the group. why? 'cause then the security groups policies would be influenced more microsoft's business gains. Microsoft, like any other business organization would first look out for its business interests more than standards.
Re:I have a question. (Score:3, Interesting)
Oh yeah, and thou smoketh crack.
Whaaat? (Score:3, Insightful)
RSA is practically a standard-setter in themselves, and their encryption is used in countless Microsoft products. RSA is effectively a partner with almost the entire software industry, including Microsoft. Do you seriously think the only reason they were so instrumental in forming this group was that they were scared of Microsoft's security enhancements?
Furthermore, Paul Kurtz is heading the team. As the web
Re:I have a question. (Score:5, Interesting)
really? hmm... (Score:3, Insightful)
I don't know about that... so many of the security protocols (like ssh) and the encryptions like rsa) used in ms's stuff was produced by totally different companies--seems like they have a solid role to play in the evolution of ms wares, since the r&d associated with all sorts of security is so flippin' broad that even a titan like ms can't foot the whole dollar-and-resource bill.
Wow (Score:2)
Now if that's not job security, nothing is.
There is no "perfectly secure operating system" (Score:2)
Re:There is no "perfectly secure operating system" (Score:2)
Re:There is no "perfectly secure operating system" (Score:1)
My own observation is that the basic kernel of both Linux and Microsoft is way, way, way too complex. I still can't see why the kernel itself needs to be much more than a couple hundred KB of tight code. Of course, it can launch whatever processes needed for I/O, filesystem, etc. The kernel itself though should be damn close to incorruptible, with it being a standard configuration - with its MD5 well known - so in the event it
Re:I have a question. (Score:1)
Re:I have a question. (Score:1)
This is an industry lobby group, not a government committee. Whoever forms the group can decide who joins the fun. In politics, lobby groups are purely about promoting their own interests. They are not about putting together a fair cross section of the industry.
If this was a government hearing on cyber security, then yes MS should be invited to the party as they are a big player. But...its not.
Government trusts public industry for security. (Score:4, Interesting)
Cyber Terrorism? (Score:5, Interesting)
It's generally accepted within the legitimate security community that cyber terrorism is a non-issue. The threat can be completely mitigated by creating laws that prohibit safety critical systems from being connected to the internet. (eg. Traffic systems). And if we expand the definition of cyberspace to the limit, we need to move away from insecure SCADA systems. That's it.
Re:Cyber Terrorism? (Score:5, Insightful)
Cyberterrorism is not only a non-issue, the word itself only belongs in the mouths of those with something to sell by misdirection. Someone who rips off credit card numbers is certainly a criminal, but calling them a terrorist is as incorrect as saying they are from the planet mars.
Re:Cyber Terrorism? (Score:3, Funny)
Oh no! Suicide Robots! What has the world come to?
If you value liberty, boycott CSI (Score:5, Informative)
Any organization which advocates ratification of the CoE's Convention on Cybercrime is an extreme threat to free speech, liberty, and commerce online.
Specifically, boycott:
# BindView Corp.
# Check Point Software Technologies Ltd.
# Computer Associates International Inc.
# Entrust Inc.
# Internet Security Systems Inc.
# NetScreen Technologies Inc.
# Network Associates Inc.
# PGP Corp.
# Qualys Inc.
# RSA Security Inc.
# Secure Computing Corp.
# Symantec Corp
Thankfully it is easy to boycott all of these companies, since they tend to be evil to begin with.
Re:If you value liberty, boycott CSI (Score:1, Informative)
Yeah, RSA's so damn evil. Their awesome encryption just drips with it.
Just to be clear : the RSA algorithm existed before the company did. Further, since September 2001, the patent on the RSA algorithm has expired, meaning that RSA-the-company no more own it than you or I. Yay for us!
Re:If you value liberty, boycott CSI (Score:5, Insightful)
RSA is a great algorithm. RSA is an evil company. Witness the Jim Bidzos threats to Phil Zimmerman, etc. RSA the *company* has set back practical, deployed internet security almost as much, if not more, than Rivest, Shamir, and Adleman advanced it with their algorithms. The whole reason we have fractionalized PGP with 2 vs. 5 is the software patent on RSA (in the US)
Voices? (Score:1, Funny)
I recommend Mike [att.com]. He sounds authoritative. ^^
unified voices (Score:1)
But (Score:5, Funny)
Adam Smith, anyone? (Score:5, Insightful)
Even worse, many people don't even know that Adam Smith, writer of The Wealth of Nations who first described capitalist marketism, was vehemently against professional associations and corporations for the fact that they reduce competition and free markets.
Clearly, a market isn't 'free' anymore if the only selections that you have in the store are corporate products.
science fiction (Score:3, Insightful)
they will take care of all your needs...
finaly we will see this funky abstract interface to the internet that _they_ think it should have looked like. lockin at every corner. intenet with an windows xp design (hey, this is slashdot), running on drm restricted hardware. computers limited and controled by someone else, but not who paid for it. computer experience for mom'n'pop, save and controlable.
thinking too much into this? yeah, sure. i see freedoms get lost in free america day by day. and this will be forced on all of the world. just as those features they propose will become obligatory with the right goverment. - hey we all have the right goverment? don't we? we/you elected them. so they will do the right thing. - right.
Where's the ... (Score:3, Insightful)
Re:Where's the ... (Score:2)
Whether you like it or not, congress has the ultimate descision. If the bill has any implications that may be harmful to corporations or groups that are donors to congerssmen (ACLU or the Chinese Government,) chances are they'll vote against the bill. If enough of them vote against it, it won't become law.
Whoohooo! (Score:3, Funny)
Personal firewalls as a right!
Tax breaks for vulnerability scans!
Secure coding is bad for the economy!
America's childred deserve the latest bolt-on, after-the-fact, security solutions! You aren't against America's children...are you?
Seriously, print this out for future reference.
cyberterrorism (Score:5, Funny)
Boy, I sure hope a cyberterrorist doesn't cyber-hijack a cyberplane, and cybercrash it into a big cyberbuilding!
I might even have to stand up from my cyberterminal in cyberspace, if that were to cyber-happen.
All I can say is, I'm cyber-scared, and I hope the cybercops can protect me and my cyberfamily!
Re:cyberterrorism (Score:1)
Thanks for the laugh, whoever you are.
YAW.
No Counterpane or Bruce Schneier? (Score:4, Informative)
Mr. Schneier represents a calm voice that is firmly, lucidly, and actively opposed to the tradeoffs being made by giving away too much liberty in return for too little new security.
He's got some excellent essays here [schneier.com]. Highly recommended.
Cadmann
Because Bruce Schneier is for the people (Score:4, Interesting)
That doesn't mean that it won't have positive benefits -- I would *dearly* love to somehow see increased emphasis on security finally convince people to use PGP more -- but these people are not out to try and make your life better, a la the EFF.
new? (Score:1)
Now the general geek population needs to figure it out.
Their intiatives (Score:3, Interesting)
# Coordinating with the Homeland Security Department to improve information sharing between business and government on cyber threats
# Improving corporate governance of information security
# Improving federal procurement practices and guidelines
# Identifying gaps in cybersecurity research and development
# Collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications for cybersecurity
# Supporting campaigns to improve awareness of cybersecurity
# Supporting cybersecurity academic and workforce development programs
# Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
They sound pretty reasonable to me..
They one that might have some bad implications is the last one:
# Pursuing Senate ratification of the Council of Europe's Convention on Cyber-Crime.
the rest of the quote -- (Score:3, Insightful)
If we can speak with one voice, we can play an important role in protecting the nation's critical infrastructure. . .
and operate as a cartel under color of the public weal.
its the patriotic thing to do (Score:3, Funny)
and make a huge pile of money^H^H^H^H^H^H^H^H^H^H^H^H^H um, contribution to national security. cuz, we're like, um, patriots.
Lobbying.... a polite word for taming the beast! (Score:1)
Look at the auto industry. They have advisory bodies actively working with government to ensure policians understand the ramifications of passing that latest pollution bill. They have taken the time to learn how politicans t
Re:Lobbying.... a polite word for taming the beast (Score:2)
4L Q43id4 HaXX0RS !!!! (Score:1)
On the usage of the word terrorism (Score:5, Insightful)
The word terrorism has suffered an inflation when it has been misused after sept. 11th. When I hear that word on tv I immediately switch channel.
Nowadays anything bad may be categorized as terrorism. But we have had laws before sept. 11th that punish for crimes. Why can't we just use those laws? Why we need an extra "terrorism" label for those actions? It's just that those in power are fooling people. They created the new "terrorism" category and repeat it over and over again until it becomes a fact.
Disgusting.
washingtonpost.com's more detailed report (Score:3, Informative)
Speaking With One Voice (Score:4, Interesting)
Speaking with one voice is a good thing: Strength in Unity.
Speaking with one voice is a bad thing: Way of the Fascist.
-kgj