CSIA: a progress report

When the history of useless security initiatives is written, a chapter should be set aside for the CSIA

Happy birthday, the CSIA. No, I don’t mean the Cyber Security Industry Alliance, which recently got surreptitiously swallowed up by the Information Technology Association of America. Nor, for that matter, am I thinking about Mumbai’s Chattrapati Shivaji International Airport. I mean, of course, the UK government’s Central Sponsor for Information Assurance.

This particular CSIA is part of the Cabinet Office, and was founded five years ago as a sort of “last fling” by outgoing e-envoy, Andrew Pinder. IT Week gave the story front page coverage, saying: “The CSIA’s remit is to ensure that risks to the national infrastructure are appropriately managed.”

Security always gets headlines around this time of year, thanks to the timing of the Infosec conference. Many of the headlines are very obvious publicity for security consultants, hyping up some potential exploit in the hope of finding new clients with deep pockets. It’s absurd: one more attempt at a “Bluetooth hacked” scare story and it may be time to start a rogue’s gallery of insufficiently-plausible self-publicists.
But government security, and support for public security, ought to be big news any time of year. And as we are painfully aware, most of the big news recently has been about how little government actually cares about it.

Currently, it is wasting its effort by trying to control what sort of pornographic images there may be on your hard drive, whether you know they’re there or not, in an attempt to stop people storing “extreme” porn – defined by one commentator as illegal pictures of legal acts.

Meanwhile, known purveyors of stolen property are able to sell illegally sourced goods on auction sites, without the CSIA feeling there’s any call for Cabinet Office intervention.

Last I heard of the CSIA, it was proudly boasting of its peripheral involvement in the meaningless Get Safe Online campaign and the OFT’s Scams Awareness Month. Someone from the CSIA should try buying cut-price software on eBay, and then report any scam artist they come across to the OFT to see what good it does.