RSA pushes for DHS cybersecurity czar

RSA pushes for DHS cybersecurity czar

The federal government must lead by example in online security and privacy, RSA Security Inc.'s Art Coviello said today at a Capitol briefing sponsored by the Congressional Internet Caucus.

'You can't let agencies continue to get failing grades for computer security,' said the president and CEO of the Bedford, Mass., encryption vendor. Instead, he urged Congress to fund agencies' systems security as a matter of course and to support the elevation of a cybersecurity czar with proper budget authority at the Homeland Security Department.

'We must rule Internet technology, not let it take advantage of us,' he said. But, 'don't rush to regulation or legislation'the technology is moving too fast. Regulations should be general enough not to become obsolete quickly but still have teeth.'

Instead of passing new laws, he said, Congress should extend existing legislation such as the 2002 Sarbanes-Oxley Act. He called Sarbanes-Oxley 'wonderful, though painful and expensive,' because its focus on internal controls to guard assets has made his company more efficient and effective.

Also, he said, 'Before we fully understand how radio frequency ID tags will be deployed, let's not rush to regulate them.' Privacy protection is on the way from so-called blocker tags that Coviello said will keep sensitive data from being broadcast.

Vendors need to simplify and consolidate their e-commerce and e-government products to enable the next round of innovation, he said. They must find a way to increase users' confidence in online transactions by stopping spam, identity theft and 'phishing' attacks that, he said, have soared more than tenfold since last December.

Nations such as Japan and South Korea are ahead of the United States by a factor of 10 in broadband Net access, Coviello said.

He predicted current Internet standards and protocols will coalesce around Extensible Markup Language and public-key infrastructure tools for secure authentication. Passwords 'no longer make the grade,' Coviello said, because masses of them can now be automatically cracked in seconds or minutes.

Instead, he advocated credential tokens such as his company's SecurID device, which uses the Security Assertion Markup Language to 'federate' or securely exchange user information across system boundaries.

RSA spokesman Matt Buckley said RSA and America Online Inc. have begun a joint project to sell the SecurID passcode-generating token for $9.95 as a premium service to protect accounts of AOL's Internet subscribers. SecurID is in use at multiple government sites, including the White House.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected