IEEE-SA Forms ICSG for Computer Security

The IEEE Standards Association (IEEE-SA) announced the Industry Connections Security Group (ICSG), an effort to pool experience and resources in combating the systematic and rapid rise in computer security threats.

AVG Technologies, McAfee, Microsoft, Sophos, Symantec, and Trend Micro are initial members of ICSG.

"We've seen a whole ecosystem develop around threats to computer security. Trends such as open-source development, collaboration and software-as-a-service are firmly established in the malware community, with a lot of money changing hands to fuel more coordinated and automated attacks," said Jeff Green, ICSG chair and senior vice president of McAfee Avert Labs. "The industry has fragmented itself among various siloed efforts designed to solve very specific problems, such as phishing and spyware. ICSG offers us a unique opportunity to work collectively in a safe-harbor environment to advance innovation, more comprehensively address the security problem and deliver systematic improvements."

ICSG is engaging a wide variety of entities--security vendors, industry content contributors (such as banks and Internet service providers), educational institutions and government agencies, among them--in a collaborative forum for advancing the technologies, methodologies and best practices for sharing computer security information. The group will develop, document and promote proposals for enhancing security, toward the goal of producing consensus approaches and perhaps fueling new IEEE standards.

ICSG's first working group is focused on malware (malicious software such as viruses, worms and spyware). Threats have increased from 125,000 specific pieces of malware in 2006 to 1.5 million in 2008 and 1.2 million in the first half of 2009 alone, according to McAfee. ICSG is working to establish more intelligent ways of sharing malware samples and the information associated with them in a way that makes the security industry more effective.

"In the past few years, attackers have shifted away from the mass distribution of a small number of threats to micro distribution of millions of distinct threats," said Vincent Weafer, vice president, Symantec Security Response. "This new data sharing standard initiative, established under the umbrella of the IEEE Industry Connections Security Group, provides a framework for the development of new industry standards that enable the pooling of industry experience and resources, and will have visibility and review by the wider academic and industry groups."

McAfee's Green said, "No one organization is capable of addressing the magnitude and sophistication of today's threat. The problem demands a more cohesive response. We are at a point in computer security that is analogous to when the FBI was formed to augment the work of police forces in individual states and address interstate crime. The eagerness of our initial members to participate shows that the time has arrived for ICSG to assume that overarching, flexible role."

The IEEE-SA is a developer of international standards that support many of today's products and services, particularly in telecommunications, information technology and power generation.

IEEE (Institute of Electrical and Electronics Engineers) is a technical professional society commemorating its 125th anniversary in 2009.

((Comments on this story may be sent to newsdesk@closeupmedia.com))

Related terms: academic, community, computer, crime, electrical, electronics, environment, government, information technology, internet, money, police, president, products, security, software, standards, technology, telecommunications