SIIA Joins other Trade Groups in Supporting Cyber Legislation Introduced Today

Today, SIIA joined with other leading trade associations in support of the Cyber Intelligence Sharing and Protection Act (CISPA), bipartisan cybersecurity legislation introduced today by Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) to enhance sharing of cyber threat information between the public and private sectors.  Early detection and notification of cybersecurity threats is the most critical component of preventing and mitigating cyber-attacks. CISPA would establish a framework that enables the public and private sectors to work together in sharing information on known threats and vulnerabilities, and enactment of this legislation would increase security across the board.


Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

SIIA Applauds Cybersecurity Commitment Announced in Tonight’s State of the Union Address

SIIA congratulates President Obama and his Administration for making cybersecurity a priority. We appreciate the President’s efforts to seek broad input in crafting the Executive Order signed today. We are particularly pleased that the Executive Order excludes commercial information technology products and consumer information technology services from the definition of ‘critical infrastructure at greatest risk.’ The Administration is clearly seeking to advance American innovation with this effort, however, the way in which the Order is implemented will be critical in determining its success or failure.

As we work with the Administration on implementation, a priority for our industry will be to avoid rigid regulations that impede the innovation that is essential for effective cybersecurity.

A regulatory approach seeking to cover a broad, rapidly-evolving cross-section of industry would have the unintended consequence of slowing technological innovation and limiting our collective cybersecurity preparedness. Therefore, it is essential that the Administration work with industry to implement the Executive Order in a way that retains necessary flexibility. Technological innovation must be allowed keep up with rapid developments pertaining to both cybersecurity threats and protections.

To that end, we look forward to continuing to work closely with the Administration and congressional leaders to implement this policy.


Ken WaschKen Wasch is President of SIIA. Follow the SIIA Policy team on Twitter at @SIIAPolicy.

SIIA Says Proposed EU Cybersecurity Strategy is too Prescriptive and Overly Broad

In reaction to today’s European Union cybersecurity announcement, SIIA is concerned that the new strategy is too broad in the scope of industries to be covered and will threaten innovation. In response, I issued the following statement:

SIIA commends the European Commission for conducting a thoughtful, comprehensive review of network and information security across the European Union. There is a critical need to focus on the best cybersecurity practices that will help protect governments, businesses and citizens around the world from increasingly sophisticated cyber-attacks.

However, we are concerned about the scope of the Commission’s regulatory approach.  It is overly broad, too prescriptive and threatens to suppress the very innovation that will help businesses, governments and citizens anticipate and address changing cybersecurity threats.

The proposal’s cybersecurity performance requirements will likely lead to technical mandates and rigid regulatory standards and reporting obligations.  Its scope goes well beyond critical infrastructure, where the harms from cyber-attacks are the greatest.  In doing so, it threatens to engulf a broad range of other industries, thereby wasting scarce security resources on areas where the dangers are not urgent.

Today’s cyber threats are global and ever-changing – rigid, far-reaching regulations will almost certainly do more harm than good.  SIIA supports policies that provide the necessary flexibility to keep up with rapid technological developments pertaining to both threats and protections.  SIIA and its member companies look forward to working with the Commission as it considers this proposal and possible amendments.


Ken WaschKen Wasch is President of SIIA. Follow the SIIA Policy team on Twitter at @SIIAPolicy.

SIIA Announces Commitment to Data-Driven Innovation as a Top Policy Priority in 2013

The SIIA Government Affairs Council met Wednesday to outline the organization’s policy priorities for 2013.  In addition to identifying the specific initiatives it will pursue in the year ahead, SIIA and its member companies expressed a commitment to making data-driven innovation a top policy priority in the year ahead.  The SIIA Government Affairs Council includes: Reed Elsevier, IBM, Adobe, Cengage, Dow Jones, Intuit,  Kaplan, Kiplinger, Google, McGraw Hill Education, McGraw Hill Financial, Oracle, Pearson, Red Hat, SAS, and Thomson Reuters.

A key theme unifying the work of SIIA on behalf of its members is an increased focus on advancing the effective collection and positive use of data. It is essential that public policy recognizes that innovation and business strategies are increasingly driven by data. Importantly, data-driven innovation not only holds the promise of advancing economic opportunity and jobs, but of providing tremendous consumer and societal benefits.

With so much at stake, SIIA is committed to actively promoting the economic and social value of data-driven innovation. Our efforts will involve direct outreach to legislators, along with a White Paper that includes recommendations for policymakers and governments. Our goal is to make certain that public policy helps enable the tremendous societal and economic benefits of data-driven innovation.

With members in both technology and information services, SIIA is uniquely positioned to highlight and address the public policy issues that arise from the increased salience of data-driven innovation. We began to focus more strongly on this issue in 2012, and it will be an even more important part of our work in 2013.

SIIA also announced its general tech policy priorities for 2013, along with policy priorities in the areas of: intellectual property; public sector IT, and; education technology. [Read more...]

Maintain Cybersecurity Spending

A recent article in Politico warned that cybersecurity could be a casualty of a sequester ax.  The problem is that without a change in course, the federal budget is headed for a uniform across the board reduction and that would include the multiple programs that carry out our nation’s responsibilities for protecting federal networks, staving off foreign cyber attacks and researching new technologies. As Politico put it: “Many of those initiatives would be hit hard by deep cuts beginning in 2013 unless Congress pushes back the target date for its legally mandated cuts, exempts some categories of spending or does away entirely with its fallback, deficit-reduction plans.”

And then the news hit that the White House itself had been the target of a cyber attack. Fortunately, this time, no classified systems were compromised and no data was extracted.  This time.

It is not often that events illustrate so vividly the risks to the nation in continuing an unacceptable compromise policy.  No one really wants a sequester, and no one really wants the consequences that would flow from one. Policymakers need to do what it takes to avoid it.

But failing that, the Administration should find a way to prioritize cyber security spending.  Congress did not agree on all aspects of the stalled cybersecurity legislation, but they did agree that more Federal funding for cyber security programs and research was an urgent national priority. Sequester planning should maintain that priority.


Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

The Value of Large-Scale Data Collection and Analysis: BotNet Prevention

At today’s White House event on Stopping Botnets, Michael DeCesare, Co-President of McAfee, made a compelling case for the value of large-scale data analysis in botnet prevention.

“We’re often asked what can be done to combat botnets, and here is the basic answer: We need to make sure that individual machines are not infected in the first place. We need to do this by delivering security faster than our adversaries deliver malware…Indeed, having real-time visibility into emerging threats and a comprehensive view across the threat landscape is a powerful means of defeating botnets, which can multiply extremely quickly. One robust technology that enables this real-time global visibility is called Global Threat Intelligence. With Global Threat Intelligence, millions of sensors scan the Internet across the globe and feedback real-time data on botnets and other threats. This data is instantaneously correlated and fed back into security products, delivering real-time protection to customers, as we identify and block the malicious files, IPs and URLs used by the botnets. With even more threat data from more security organizations fed into this network, customers would get even more comprehensive visibility into the quickly changing patterns of botnet infestations and could take immediate steps to counter them.”

Mr. DeCesare’s comment at the White House today echoes what all security professionals know: constant monitoring of the Internet by security firms and real-time analysis of the vast quantities of data collected is absolutely vital to the fight against infected computers and other cybersecurity threats.

Other companies also collect and analyze Internet data for the purpose of cybersecurity threat detection. Google recently launched a notification effort for users of computers and routers infected with the DNSChanger malware. Users will see a message at the top of the Google search results page. Without the compilation and analysis of vast amounts of Internet information such a notification project could not even get off the ground.

The problem is enormous. According to McAfee’s latest quarterly report, more than 5 million systems were infected with botnets per month between January and March of 2012. The collection and analysis of massive amounts of Internet data for security threats cannot by itself solve this worldwide collective problem. But without it efforts to reduce the problem will surely fail.

At the White House meeting today, speakers emphasized the need for public private partnerships, collaboration across industry, the need for all agents in the ecosystem to do their part, the importance of the government as a convener of collective effort. While all this is important and can be done with additional regulation, the domestic and international policy space must be large enough to accommodate the needs of security firms to collect and analyze large amounts of Internet data.


Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

SIIA, Industry Gather at White House to Pledge Leadership Role in Stopping Botnets

At a White House event today, the Software & Information Industry Association (SIIA) expressed a commitment to working with the Administration to address the growing dangers posed by botnets. SIIA is part of a multi-industry group that today announced its Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace. SIIA President Ken Wasch and representatives of other industry groups were joined by Cybersecurity Coordinator Howard Schmidt, Secretary of Homeland Security Janet Napolitano, other administration officials and industry leaders including Michael DeCeasare CEO of McAfee.

As the leading organization representing software and digital media companies, SIIA and its members are at the forefront of the fight against botnets and other forms of Internet security threats. For example, McAfee provides a suite of tools for consumers and businesses to keep their systems free of infections and to remove malware and botnets from their infected systems. And Google recently launched a notification effort for users of computers and routers infected with the DNSChanger malware.

SIIA is committed to addressing botnet security threats by working collaboratively with the government and by promoting the work of our members. It is vital that industry and government work together to ensure that public policy encourages private sector innovation and flexibility. After all, it is the products and tools produced by companies such as McAfee and Google that are empowering consumers and businesses to fight Internet security threats.

To that aim, SIIA is part of the Industry Botnet Group (“IBG”), which was formed earlier this year to collaborate on and encourage voluntary efforts to reduce the effectiveness of botnets. Botnets infect computers, threatening the trust and confidence of online users and undermining the efficiencies and economic growth spurred by the Internet. The IBG’s principles call on Internet participants to coordinate and communicate with each other and voluntarily work to fight the effectiveness of botnets across the botnet lifecycle. More information is available at www.industrybotnetgroup.org.


Ken WaschKen Wasch is President of SIIA.