Cybersecurity post needs a promotion, firms say

Cyber Security Industry Alliance calls on Bush administration to create new assistant secretary position in Homeland Security Department.

Declan McCullagh Former Senior Writer

Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

See full bio

Declan McCullagh

Dec. 7, 2004 12:54 p.m. PT

2 min read

The U.S. government is not taking cybersecurity seriously enough and should spend more money and energy on the topic, a group of computer security firms said Tuesday.

At an event in Washington, D.C., members of the Cyber Security Industry Alliance warned of the potential dangers of Internet attacks and called on the next Bush administration to create a new assistant secretary position inside the Department of Homeland Security and to ratify a computer crime treaty.

"It seems to me that this should have a much higher profile within the administration," said Art Coviello, CEO of RSA Security. "In addition to infrastructure protection, (we need) an assistant secretary for cybersecurity."

Lending additional weight to this call to arms was the presence of Amit Yoran, who was director of the National Cyber Security Division inside the Department of Homeland Security before resigning in October.

Promoting the department's cybersecurity official to the rank of assistant secretary is not a new idea. A bipartisan bill introduced in September proposed that reorganization. Yoran had at least two levels of middle management between his office and outgoing department head Tom Ridge.

A report released Monday by the House of Representatives' Homeland Security committee also calls for the creation of an assistant secretary position. The report cautions that the Department of Homeland Security has not "fully implemented" a cybersecurity strategy and that key information about progress "has not been fully shared" with Congress.

That echoes a series of dismal reports from government auditors, who have charged the department with withholding important information from the private sector and failing to link its own incompatible computer systems together.

Among the security companies' other recommendations on Tuesday: The Senate should ratify the Council of Europe's cybercrime treaty, which has been criticized by civil liberties groups; an emergency coordination network should be created to handle Internet outages; the government should increase R&D funding for cybersecurity; and a federal agency should be designated to track the costs of cyberattacks.

RSA and the other members of the Cyber Security Industry Alliance stand to benefit from their call for more attention to cybersecurity, which could result in larger government contracts and a higher profile for their industry. The group's members include Check Point Software Technologies, McAfee, Symantec, Entrust, PGP and Computer Associates.