RSA pushes for DHS cybersecurity czar

RSA pushes for DHS cybersecurity czar

The federal government must lead by example in online security and privacy, RSA Security Inc.'s Art Coviello said today at a Capitol briefing sponsored by the Congressional Internet Caucus.

'You can't let agencies continue to get failing grades for computer security,' said the president and CEO of the Bedford, Mass., encryption vendor. Instead, he urged Congress to fund agencies' systems security as a matter of course and to support the elevation of a cybersecurity czar with proper budget authority at the Homeland Security Department.

'We must rule Internet technology, not let it take advantage of us,' he said. But, 'don't rush to regulation or legislation'the technology is moving too fast. Regulations should be general enough not to become obsolete quickly but still have teeth.'

Instead of passing new laws, he said, Congress should extend existing legislation such as the 2002 Sarbanes-Oxley Act. He called Sarbanes-Oxley 'wonderful, though painful and expensive,' because its focus on internal controls to guard assets has made his company more efficient and effective.

Also, he said, 'Before we fully understand how radio frequency ID tags will be deployed, let's not rush to regulate them.' Privacy protection is on the way from so-called blocker tags that Coviello said will keep sensitive data from being broadcast.

Vendors need to simplify and consolidate their e-commerce and e-government products to enable the next round of innovation, he said. They must find a way to increase users' confidence in online transactions by stopping spam, identity theft and 'phishing' attacks that, he said, have soared more than tenfold since last December.

Nations such as Japan and South Korea are ahead of the United States by a factor of 10 in broadband Net access, Coviello said.

He predicted current Internet standards and protocols will coalesce around Extensible Markup Language and public-key infrastructure tools for secure authentication. Passwords 'no longer make the grade,' Coviello said, because masses of them can now be automatically cracked in seconds or minutes.

Instead, he advocated credential tokens such as his company's SecurID device, which uses the Security Assertion Markup Language to 'federate' or securely exchange user information across system boundaries.

RSA spokesman Matt Buckley said RSA and America Online Inc. have begun a joint project to sell the SecurID passcode-generating token for $9.95 as a premium service to protect accounts of AOL's Internet subscribers. SecurID is in use at multiple government sites, including the White House.


inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group