ASI, coordinated at first by the Association for Competitive Technology, will publish two papers and announce plans to make policy recommendations that take into account every internet user’s responsibilities for securing the internet.
While ASI is not explicitly endorsed by Microsoft, it will be supported by groups that backed the firm during its antitrust problems, including ACT, the Computing Technology Industry Association (CompTIA), and the Cato Institute.
Also participating in the group are tech companies and organizations including VeriSign, CapNet, Consumer Alert, eBay, GigaTrust, the Internet Alliance, Internet Security Systems, Orbitz, TechNet and Truste.
A paper drafted by ACT is expected to propose a view of security with six layers – users, operating systems, applications, computer hardware, network hardware, and network services – and emphasize that each is important.
A second whitepaper, actually published yesterday by CompTIA, calls for both business and consumer technology users to become more aware of secure issues and to protect themselves accordingly through best practices.
Security is a much more diverse and complex issue that people often think it is, said Mark Blafkin, spokesperson for ACT. People have been looking to companies like Microsoft and AOL and saying ‘Make the bugs stop, just fix it’.
Bob Dix, staff director for the Technology & Information Policy Subcommittee of the House of Representatives’ Government Reform Committee will also speak at the ASI announcement in Washington DC today.
Blafkin said that the group will focus first on education, and will over time start to formulate policy recommendations for government. Part of it is some people in Congress think if they just regulate how software is made, that’ll fix it, he said.
While Microsoft, for example, needs to write better code, users also need to educate themselves and to learn to better behave, said Blafkin. And internet service providers can do a lot on their own to help secure the internet.
The ASI/ACT paper will deconstruct last year’s Blaster worm, showing how it affected each of the purported six layers. The layered view is in contrast to recent studies that have laid the blame for the internet’s high risk profile mostly with Microsoft.
Last September, a study published by the Computer and Communications Industry Association, a group made up largely of Microsoft’s competitors, said that the dominance of Windows made the internet vulnerable to cascade failure.
The CCIA’s argument, which was cast in the context of a national security issue, was that Microsoft’s near-monopoly presents a target-rich environment where attackers can be assured of a great deal of success with their attacks.
ASI is in part a response to that, but it is not driven by that, it will say that’s a myopic view of security, CompTIA spokesperson Mike Wendy said. ASI is pro- looking at the issue in a broader context… as a multilayered stack, not a monolith.
While the ASI is not directly connected to the many cyber-related initiatives that were spawned by last year’s National Strategy to Secure Cyberspace, it will explore many of the same themes, including breaking down responsibilities by type of user.
This article is based on material originally published by ComputerWire