Digital Discourse / Software / Security

SIIA, Industry Gather at White House to Pledge Leadership Role in Stopping Botnets

May 30, 2012 By

At a White House event today, the Software & Information Industry Association (SIIA) expressed a commitment to working with the Administration to address the growing dangers posed by botnets. SIIA is part of a multi-industry group that today announced its Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace. SIIA President Ken Wasch and representatives of other industry groups were joined by Cybersecurity Coordinator Howard Schmidt, Secretary of Homeland Security Janet Napolitano, other administration officials and industry leaders including Michael DeCeasare CEO of McAfee.

As the leading organization representing software and digital media companies, SIIA and its members are at the forefront of the fight against botnets and other forms of Internet security threats. For example, McAfee provides a suite of tools for consumers and businesses to keep their systems free of infections and to remove malware and botnets from their infected systems. And Google recently launched a notification effort for users of computers and routers infected with the DNSChanger malware.

SIIA is committed to addressing botnet security threats by working collaboratively with the government and by promoting the work of our members. It is vital that industry and government work together to ensure that public policy encourages private sector innovation and flexibility. After all, it is the products and tools produced by companies such as McAfee and Google that are empowering consumers and businesses to fight Internet security threats.

To that aim, SIIA is part of the Industry Botnet Group (“IBG”), which was formed earlier this year to collaborate on and encourage voluntary efforts to reduce the effectiveness of botnets. Botnets infect computers, threatening the trust and confidence of online users and undermining the efficiencies and economic growth spurred by the Internet. The IBG’s principles call on Internet participants to coordinate and communicate with each other and voluntarily work to fight the effectiveness of botnets across the botnet lifecycle. More information is available at www.industrybotnetgroup.org.

Ken WaschKen Wasch is President of SIIA.

Share|
Filed Under: Government, Policy, Policy - Cybersecurity, Security, Software Tagged With: , ,

Webinar: How to Develop Software in the Cloud – Securely

April 23, 2012 By

Companies look to develop their software and services in a Cloud-based environment for its convenient and flexible access.  However, this convenience and flexibility comes with its own risk.  Listen to this pre-recorded webinar as Grant Thornton and CloudPassage discuss how to develop software in the Cloud – securely.

Speakers:
Mitchell Simon, Managing Director, Grant Thornton
Rand Wacker, Vice President of Product Management, CloudPassage

Grant Thornton’s slides

CloudPassage’s slides

Share|
Filed Under: Cloud Computing, Security, Software, Uncategorized Tagged With: , , , ,

Facebook, Cyber Security and Small Businesses Dominate the Hill

November 30, 2011 By

Headlining the day, the FTC announced that Facebook agreed to settle the Commission’s charges that it deceived consumers. The proposed settlement requires Facebook to take several steps to enhance its privacy practices, including the terms for which it provides notice to consumers and provides for consent for information sharing, and it would require the Company to undergo privacy audits over the next two decades. The settlement underscores the need for broad privacy legislation, this is further confirmation that the FTC’s long-standing authority over unfair or deceptive trade practices is sufficient for providing thorough enforcement in the privacy arena.

Keeping the cybersecurity train moving forward in the House, and keeping consistent with the House Cybersecurity Task Force goal to address cyber on an individual basis within the committees of jurisdiction, there are two cyber developments scheduled for this week. First Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) will unveil new bipartisan cybersecurity legislation on Wednesday to provide the government “the authority to share classified cyber threat information on potential attacks with approved American companies.”

And on Thursday, the House Small Business Committee will hold a cyber hearing on protecting small businesses, where Phyllis Schneck, Vice President for McAfee, Inc., will be testifying on behalf of SIIA. The hearing will also include testimony from Task Force leader Rep. Mac Thornberry (R-TX), highlighting the recent recommendations of the House Task Force.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Court Cases, Digital Policy Roundup, Policy, Security, Software Tagged With: , ,

SIIA submits comments on Cybersecurity, Innovation and the Internet Economy

August 3, 2011 By

In our continuing effort to maintain and expand the partnership between the private sector and the government to address our nation’s cybersecurity challenges, SIIA submitted comments to the Department of Commerce on Monday in response to their recent Green Paper on Cybersecurity, Innovation and the Internet Economy.

At the heart of the Green Paper is an effort to help define the roles of the Government and the private sector in combating cybersecurity threats and protecting the systems and networks that support the infrastructure that drives the nation’s economy. In our comments, SIIA offered strong support for the Department’s approach of looking toward voluntary codes of conduct for an innovative sector such as the Internet and Information Innovation Sector (I3S). We noted that the most critical element of achieving these goals is to resist an approach that is overly-prescriptive, where mandates would have the adverse effect of slowing the development of standards in the private sector, or the unintended effect of putting U.S. companies at a disadvantage to their counterparts around the world. Given the broad, rapidly-evolving cross-section of industry that comprises the I3S, a flexible industry-led approach is the correct best path forward to achieve an ideal security framework, rather than a regulatory model.

SIIA also noted that while the primary purpose of the Green Paper is to discuss an area that is outside of the critical infrastructure segment, and to bolster security in this area, this exercise can also help to appropriately define the critical framework of what is “covered critical infrastructure,” and it can help to avoid confusion and appropriately allocate resources where they are most needed.

For SIIA policy updates including upcoming events, news and analysis, subscribe to SIIA’s weekly policy email newsletter, Digital Policy Roundup.

Share|
Filed Under: Government, Legislation, Policy, Policy - Cybersecurity, Security, SIIA News

Intuit Network | Fueling Innovation and Growth in the Cloud

June 3, 2011 By

How does a company transition from strictly desktop software to one that today generates about 60 percent of its revenue in connected services?

Delivering a keynote at All About the Cloud, Intuit CIO Ginny Lee talked about Intuit’s journey from desktop to anytime, anywhere access on any device and how the company is fueling innovation and growth in the cloud.

Whether you’re running a cloud business or transitioning to one, Lee stressed the importance of:

Mindset – IT plays a critical role in enabling growth and a great customer experience. Therefore, put customers at the heart of everything you do. Think business first, tech second. Be explicit about roles and hold everyone accountable.

Innovation – Break down the barriers to innovation by creating tools that foster rapid prototyping and innovation both inside and outside of your company. Tap into the vast ecosystem of external developers at the ready to help create great offerings.

Data - The nature of data is maturing and how you use it can be a competitive advantage. Intuit embraces data driven innovation and looks beyond basic reporting to data driven actions and insights.

To see the slides and watch the video replay, visit The Inuit Network.

Share|
Filed Under: All About the Cloud, Cloud Computing, Mobility, Security, Software, Software Events Tagged With: , , , , , , , , ,

SIIA sends cybersecurity recommendations to Administration

April 27, 2011 By

As the Administration completes its review of the legislative proposals to improve the security of federal and critical information infrastructure, SIIA pushed for a robust partnership between the private sector and the government in a letter to officials today.

The Administration’s legislative recommendations on cybersecurity will be released shortly and are expected to provide impetus to the legislative process on the issue in Congress. Sens. Leiberman and Collins have reintroduced their cybersecurity bill, and it will likely be combined with a similar bill from Sens. Rockefeller and Snow–with the possible outcome of a combined legislative vehicle on the part of Senate Majority Leader Reid.

SIIA’s letter features six recommendations that would help the government keep pace with the ever-evolving challenges of protecting the nation’s online systems, networks and data. Here are the recommendations:

Public Private Partnership

The private sector is on the frontlines of active security defense for our nation’s critical infrastructure since the majority is owned, operated, and maintained by industry. Therefore, a robust partnership between the public and private sectors is vital. Government should collaborate with industry to develop reasonable security practices and find technology solutions that ensure our nation’s security.

Risk-Based Security

No set of precautions can ensure absolute security.  Reasonable cybersecurity measures must address threats based on the importance of the networks and systems involved and the nature of the threat they face. For this reason, government should address risks to systems and networks that are part of our nation’s critical infrastructure differently from its approach to risks to systems and networks that are not part of our critical infrastructure.  To ensure predictability and transparency for the private-sector companies that manage these systems and network, government should provide a clear, public and consistent boundary between critical and non-critical infrastructure.  Further, critical infrastructure should be narrowly defined to include only the systems and networks of the utmost importance to national security.

Layered Security

Experts regard a layered approach to security as the best practice.  Security in depth minimizes the chances that any single point of failure will result in the leak of information or the compromise of a system.  Elements of a layered approach to security include protection at the data/document level, the application and OS levels, and finally at the network/perimeter level.  Government should utilize adopt layered security for its own use, and encourage its adoption by the private sector through voluntary means.

International Coordination

Security threats are global.  Adequate countermeasures can be developed only through global cooperation among governments and industry.  For this reason, government and the private sector should cooperate to establish, maintain, and upgrade internationally accepted security standards. In particular, government should look to the Common Criteria to ensure that technology products exhibit security.  For supply chain requirements, governments should adhere to public, internationally accepted standards which are audited pursuant to international standards.

Security Incentives

Strong market incentives already exist within the marketplace to promote increased innovation within the constantly evolving cybersecurity landscape. To the extent that government and the private sector agree that the needed level of security goes beyond that for which a business case can be made, government should provide incentives such as confidentiality, liability protection, and tax incentives that lead the private sector to implement desired security measures. The government should not mandate specific measures that need to be adopted by the private sector. Specific mandates generally do not adapt with the changing threat and technology landscape, potentially becoming a hindrance to security advancement later on.

Innovation

Cybersecurity is a dynamic and evolving field that must respond to the rapidly changing, innovative nature of the information technology sector itself.  For that reason, government should provide resources, support, and guidance for research and development in this field and use its role as a convener to encourage multi-stakeholder cooperation and information sharing.

Share|
Filed Under: Government, Policy, Policy - Cybersecurity, Security Tagged With:

Announcing CEO Interview Publication: SIIA’s Vision From The Top

April 18, 2011 By

SIIA is launching a new publication at this year’s All About the Cloud conference, “SIIA’s Vision From The Top”!

The publication brings together thought leadership from over 45 of SIIA Member companies. Their CEO’s were asked to address the past, present and future changes in the software industry.

Share|
Filed Under: All About the Cloud, Cloud Computing, Government, Mobility, Security, Social Media, Software, Software Events Tagged With: , , , , , , , , , , , , , ,
« Older Posts