US CYBER SECURITY INDUSTRY ALLIANCE RELEASES FEDERAL PROGRESS REPORT FOR 2006 AND 2007 AGENDA FOR U.S GOVERNMENT ACTION Cyber Security Industry Alliance (CSIA) - Cyber Security Industry Alliance Releases Federal Progress Report for 2006 and 2007 Agenda for U.S. Government Action:

Urges Congress and the Administration to Assert Greater Leadership and Take Action on Improving Overall State of Information Security

Arlington, Va. January 31, 2007 The Cyber Security Industry Alliance (CSIA) today called upon the federal government to significantly bolster its efforts to ensure the security of sensitive information, improve the security and resiliency of the critical information infrastructure and increase federal information assurance in 2007. CSIA's latest annual report, the 2007 Agenda for U.S. Government Action, identifies specific actions for Congress and the Administration to focus on improving information security for citizens, industry and governments globally. As part of the Agenda, CSIA also issued its Federal Progress Report for 2006 on the government's limited advancements in these same areas.

'While the government has taken some positive steps forward to improve the state of information security, action has been decidedly mixed,' said Liz Gasster, acting executive director and general counsel of CSIA. 'CSIA commends the government for moving forward on several key initiatives including the Senate's ratification of the Council of Europe's Convention on Cyber Crime and the appointment of an Assistant Secretary for Cyber Security and Telecommunications. However, we are discouraged by Congress' inability to pass a comprehensive federal law to protect sensitive personal information, even in the face of more than 100 million Americans having their data records exposed. In 2007, CSIA will work even harder to urge swift action from Congress to pass this much-needed legislation."

Review of the State of Information Security in the U.S. in 2006
One year ago, CSIA called on the Administration and Congress to enhance the nation's information security and reliability for consumers, industry and the government by acting on 13 critical recommendations to protect the nation against cyber threats. Today, CSIA issues a Federal Progress Report to grade the government on its follow-through on its 2006 recommendations. Rather than grade each specific initiative, as done in years past, CSIA offers a composite grade for each area to provide a more holistic view of how the government is performing:

Security of Sensitive Information: Congress ratified the Council of Europe Convention on Cyber Crime but failed to pass a comprehensive law to protect sensitive personal information. Grade: D

Security & Resiliency of Critical Information Infrastructure: The Department of Homeland Security (DHS) appointed an Assistant Secretary for Cyber Security and Telecommunications and implemented programs such as LOGIIC and Cyber Storm, but hasn't offered a clear agenda on the Department's top cyber security R&D priorities or established a survivable emergency coordination network to handle a large-scale cyber security disaster. Grade: D

Federal Information Assurance: Government continues to offer a mixed bag of successes and failures, with progress within OMB and implementation of HSPD-12, but much improvement is needed in the areas of using the power of procurement, resolving systemic telework issues, and releasing information on the cost of cyber attacks. Grade: D

A Government Call to Action for 2007
In its 2007 Agenda for U.S. Government Action, CSIA calls on the Administration and Congress to implement the following recommendations to help improve the privacy, reliability and integrity of information:

Security of Sensitive Information: Pass a comprehensive federal law to secure sensitive personal information and notify consumers in case of a breach. This data security legislation should apply equally to all government and private sector entities that collect, maintain or sell significant numbers of records containing sensitive personal information, and require organizations to establish reasonable security measures to ensure the confidentiality and integrity of sensitive personal information, in order to minimize the likelihood of a breach.

Security & Resiliency of Critical Information Infrastructure: DHS should quickly establish cyber security and telecommunications priorities that address situational awareness, emergency communications and recovery and reconstitution and ensure that appropriate funding is in place to support these programs. In the event of a major information infrastructure attack or disruption, an integrated, dedicated system should be implemented that can monitor the entire information infrastructure.

Federal Information Assurance: Congress and the Administration should work together to strengthen the Federal Information Security Management Act (FISMA). To effectively establish and maintain a comprehensive information security program, the power of federal CIOs should be strengthened so that they can better enforce authority concerning budgets and personnel resources. Federal agencies should increase their assessments and testing of information security controls, and acquisition regulations should be revised to ensure that all federal contractors comply with FISMA requirements. In addition, all agencies establish a common requirement to notify citizens in case of a breach of sensitive personal information.

To obtain a full copy of CSIA's Federal Progress Report for 2006 and 2007 Agenda for U.S. Government Action, please visit: https://www.csialliance.org/resources/pdfs/CSIA_06Report_07Agenda_US_Govt.pdf
About the Cyber Security Industry Alliance

The Cyber Security Industry Alliance is the only advocacy group dedicated exclusively to ensuring the privacy, reliability and integrity of information systems through public policy, technology, education and awareness. Led by CEOs from the world's top security providers, CSIA believes a comprehensive approach to information system security is vital to the stability of the global economy. Visit our web site at www.csialliance.org.

Members of the CSIA include Application Security, Inc.; CA, Inc. (NYSE: CA); BSI Management Systems; Citrix Systems, Inc. (NASDAQ: CTXS); Crossroads Systems, Inc. (OTCBB Pink Sheets: CRDS.PK); Entrust, Inc. (NASDAQ: ENTU); F-Secure Corporation (HEX: FSC1V); Fortinet, Inc.; IBM Internet Security Systems Inc. (NYSE: IBM); iPass Inc. (NASDAQ: IPAS); McAfee, Inc. (NYSE: MFE); Mirage Networks; MXI Security; PGP Corporation; Qualys, Inc.; RSA, The Security Division of EMC (NYSE: EMC); Secure Computing Corporation (NASDAQ: SCUR); Surety, Inc.; SurfControl Plc (LSE: SRF); Symantec Corporation (NASDAQ: SYMC); TechGuard Security, LLC; and Vontu, Inc.

For More Information, Contact:

Michelle Schafer
Merritt Group for CSIA
Phone: 703-390-1525
Email Michelle Schafer