Security firms form public policy group

SAN FRANCISCO -- Leading security firms are joining forces to help influence public policy and improve cybersecurity, according to an announcement Wednesday at the RSA Conference in San Francisco.

The Cyber Security Industry Alliance (CSIA) includes representatives from leading cybersecurity companies, including Network Associates, RSA Security, Symantec and Computer Associates International. The group will use its resources to try to influence public policy, foster new security technology standards and improve education about cybersecurity, according to a statement.

CSIA is forming member committees that are focused on issues such as public policy, education, alliances and standards, the group said. The group will work with the U.S. Department of Homeland Security to make it easier for businesses and the government to share information on cyberthreats. It will also collaborate with international and U.S.-based standards organizations to back emerging security standards and specifications, CSIA said.

CSIA will be akin to other technology industry alliances, including the Business Software Alliance and TechNet, but will focus solely on cybersecurity issues, said Ron Moritz, chief security strategist at Computer Associates. Security companies often get overlooked in those groups, which have to balance the needs of disparate members, Moritz said. Through CSIA, group members hope to be able to influence domestic cybersecurity policy by speaking with a single voice to lawmakers and government officials on cybersecurity issues, he said.

Legislators often lack good information on cybersecurity when drafting legislation, Moritz said, noting the proliferation of often confusing antispam legislation on Capitol Hill, including the recently passed Controlling the Assault of Non-Solicited Pornography and Marketing (CAN SPAM) Act of 2003. When poorly written, technology legislation like CAN SPAM can put financial and technical burdens on Internet service providers and other technology companies, yet fail to solve the problem it was written to address, Moritz said.

"If regulations are not designed properly as they move through The Hill, then the legislation fails and everyone is disappointed," he said. Cybersecurity companies can help avoid such failures by conferring with lawmakers before and while legislation is being considered, he said.

Moritz likened the CSIA to the actions of defense contractors such as Raytheon and others with business before the government. "We’re a new industry. In the cybersecurity space, our voices are individually being heard. Now, for first time, we're going to bring our ideas together and speak with a collective voice," he said.