Cybersecurity vendors form policy advocacy group

A collection of technology providers working in the online-security sector announced the formation of a new industry oversight organization Wednesday, in the name of establishing common ground among vendors, legislators and users to discuss threats to Internet safety.

Introduced at security software maker RSA's ongoing conference in San Francisco, the group has been christened the Cyber Security Industry Alliance (CSIA) and will be headed by Paul Kurtz,

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

a former special assistant to the president who has worked on technology issues for the White House's Homeland Security Council.

Among the 12 companies represented in the organization are security specialists such as Check Point Software, Computer Associates International, Entrust, Internet Security Systems, Network Associates, Symantec and RSA. The group announced plans to outline its agenda over the coming weeks, but representatives said CSIA would focus primarily on four topics related to Internet security: policy, education, standards and increasing public awareness of Web safety issues.

In a phone interview with CNET News.com, Kurtz said the overriding goal of CSIA would be to gather input from leading cybersecurity providers and create initiatives for proposals to fellow technology vendors and government regulators alike.

"Because we are building a common voice, we can provide a single point of reference to speak with the federal administration on security, rather than having 30 different vendors giving regulators individual perspectives," Kurtz said. "Before we launched, I spoke with a number of people (in government agencies) who thought it would be very useful to have the cybersecurity industry come together in such a manner."

Kurtz said the CSIA would emphasize development of security policies and initiatives rather than focus on consumer privacy issues, but he highlighted his belief that the group's efforts will eventually serve to protect private citizens as well as businesses.

"Privacy and security are two sides of the same coin," said Kurtz. "If we can improve Web security, we will be able to have a positive impact on privacy as well."

Kurtz said he expects the CSIA to have its first proposals ready for submission to government regulators and vendors in roughly 90 days. The group will be broken up into four committees that address the association's major areas of interest.

Although Microsoft and other information technology leaders were not asked to be directly involved with the organization, Kurtz said it would be critical to generate participation from such companies in order to gain support for CSIA measures.

CSIA will specifically pursue the challenge recently leveled at IT vendors by U.S. Secretary of Homeland Security Tom Ridge, who asked IT companies to help the federal government grapple with rapidly emerging Internet security threats. In that address, Ridge pointed out that some 85 percent of the country's critical infrastructure is owned and operated by the private sector, leaving many issues of homeland security in the hands of those companies.