Advocacy group faults federal government for lack of fraud prevention
By Staff -- Manufacturing Business Technology, 3/1/2006 12:00:00 AM
A Cyber Security Industry Alliance (CSIA) report released last December roundly criticizes the federal government for not doing enough to curb cyber crime. The alliance—formed two years ago by system security vendors McAfee, Symantec, Check Point Software Technologies, Entrust, and others—gave the federal government failing grades in seven of 12 areas for which CSIA gave policy proposals in early 2005.
Reflective of the dire problem cyber crime poses to the economy and to national security, the report gauged the public's confidence in cyber security in its first Digital Confidence Index at only 58 out of 100, a failing grade (see graphic).
According to Alan Paller, research director for Bethesda, Md.-based SANS Institute, "The economic criminal element of the world, mostly outside the U.S., has discovered that [cyber crime] is safe and highly profitable. You don't get shot, and you can make a lot of money."
Breaches in cyber security and instances of cyber fraud come at a huge cost that is still difficult to accurately gauge, in part because the crimes are vastly underreported. The FBI estimates it to be in the billions of dollars, while the World Bank says it is a bigger problem than global drug trafficking. Industry experts agree it's escalating at an alarming pace.
"The failure of action is caused by a lack of understanding and a lack of will," says Paul Kurtz, CSIA executive director. "So often IT security issues are handled by technical people, and when they try to explain it to senior policy makers, they make their point in technical terms and lose their audience. The lack of understanding leads to a lack of will."
James Lewis, director of technology and policy at the Washington-based Center for Strategic and International Studies, stresses that though it is fundamentally a lack of will among policy makers, "in terms of law enforcement, there is good effort. It's growing faster, but they're getting better at attacking it."
Elevating the issue to a matter of national and economic security with policy makers is one of the prime purposes of CSIA.
"We need to think globally about it," Kurtz says. "It used to be about worms and viruses, but it is much more than that." It requires policy initiatives at the highest levels of government, he adds.
The CSIA December report includes national policy agenda recommendations in three key areas:
-
Address privacy and security of consumer data.
-
Enhance the security and resiliency of such information infrastructures as those for health care and communications systems.
-
Establish federal government programs for information assurance, including the appointment of an Assistant Secretary for Cyber Security.
