Trade group gives U.S. government low cybersecurity grade

The Cyber Security Industry Alliance has given the U.S. government D grades on its cybersecurity efforts in 2006, and renewed its call for the U.S. Congress to pass a comprehensive data protection law in 2007.

The CSIA, a trade group representing cybersecurity vendors, gave the U.S. government D grades in three areas: security of sensitive information, security and reliability of critical infrastructure, and federal government information assurance.

"Government needs to take these issues very seriously," said Liz Gasster, the CSIA's acting executive director and general counsel.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Cyber Security Industry Alliance has given the U.S. government D grades on its cybersecurity efforts in 2006, and renewed its call for the U.S. Congress to pass a comprehensive data protection law in 2007.

The CSIA, a trade group representing cybersecurity vendors, gave the U.S. government D grades in three areas: security of sensitive information, security and reliability of critical infrastructure, and federal government information assurance.

"Government needs to take these issues very seriously," said Liz Gasster, the CSIA's acting executive director and general counsel.

Among the problems in 2006: The U.S. Department of Veterans Affairs reported a data breach involving the personal information of 26.5 million military veterans and family members. Other agencies also reported multiple lost laptops containing personal information. The CSIA called on agencies to notify citizens of data breaches.

After a series of reported data breaches in early 2005, members of Congress introduced multiple bills requiring companies with data breaches to notify affected consumers. But a breach-notification law failed to pass, partly because of jurisdictional fights between multiple congressional committees.

A comprehensive data security bill should include breach notification, but also a requirement that all organizations holding sensitive data -- including private companies, government agencies, nonprofits, and educational institutions -- use reasonable security standards, Gasster said. The U.S. Federal Trade Commission has taken action against several companies, but a comprehensive law would give the FTC or another agency broad jurisdiction to investigate data breaches, she said.

The IDG News Service is a Network World affiliate.