Nearly half of all adults in the United States avoid making purchases online because they are afraid that their personal information could be stolen, according to a new poll sponsored by the Cyber Security Industry Alliance.
Seventy-two percent of the 1,151 respondents to the poll conducted in November said new laws are needed to protect consumer privacy. The CSIA-sponsored study was conducted by Pineda Consulting, of Pasadena, Calif.
Calling the federal governments progress in improving the security of the countrys networks limited, Paul Kurtz, executive director of the 2-year-old alliance in Washington, said the lack of leadership is reflected in the anxiety of the general public.
One year ago, CSIA outlined 12 recommendations to enhance cyber-security, and this year the group graded the government on its progress, issuing below-average grades for seven of the recommended areas.
The alliance was particularly harsh in its assessment of efforts to fund R&D, to improve information sharing and to enhance the quality of software by strengthening certification.
“There continues to be a lack of leadership and priorities in execution,” Kurtz said, admonishing the Bush administration for not yet filling the position of assistant secretary for cyber-security at the U.S. Department of Homeland Security. “Execution is what counts in the end.”
The group gave the government a “C” for securing digital control systems, establishing an emergency coordination network and improving procurement practices.
Similar assessments of the federal agencies progress in cyber-security can be seen in Congress latest report card on information security and this months study by members of the former 9/11 Commission.
In the area of international initiatives against computer-based crime, CSIA saw some progress this year.
The U.S. Senate Committee on Foreign Relations referred the Council of Europes Convention on Cybercrime to the Senate for ratification.
Industry looks to the treaty to remove legal obstacles for international investigation and prosecution of cyber-crime, including identity theft, hacking and fraud.
“This is almost a no-brainer,” said Phillip Dunkelberger, president and CEO of PGP Corp., in Palo Alto, Calif., praising the Europeans for taking a tougher stance against computer fraud. “Phishing is fraud. Its not some cute little thing that we name in the security business.”
Looking ahead to next year, the cyber-security industry issued another set of 12 recommendations.
At the top of the agenda is passage of a federal data breach notification law establishing a national standard for notification, including notice to the U.S. attorney general.
The group is also pressing for a federal spyware bill, with liability protection for anti-spyware vendors.
The industry is seeking more taxpayer dollars for implementing presidential directive HSPD-12 (Homeland Security Presidential Directive 12), which establishes a policy for authentication in government contracting work.
Under the directive, smart cards used in government must comply with standards set by the National Institute of Standards and Technology by Oct. 27, 2006.
“The bad news is its somewhat of a toothless tiger because theres no money associated with it,” said John McNulty, president, chairman and CEO of Secure Computing Corp., in San Jose, Calif., about the directive.