In its first public criticism of the White House and lawmakers' efforts to follow up on President Bush's 2003 much-ballyhooed National Strategy to Secure Cyberspace, the Cyber Security Industry Alliance (CSIA) said Washington has taken only "limited steps" to improving the security of the nation's infrastructure.
The steps are so limited, the CSIA contends, that it gave both the White House and Congress a D for their efforts in 2005.
"Currently, there is little strategic direction or leadership from the executive branch in the area of information security," said Paul Kurtz, CEO of the CSIA. "Ensuring the resiliency and integrity of our information infrastructure and protecting the privacy of our citizens should be higher on the priority list for our government."
Kurtz said this year's massive data breaches, a barrage of security vulnerabilities and the disruption of communications during Hurricane Katrina highlight the urgent need for improved information security preparedness and response.
Instead, Congress has so far failed to pass either data-breach disclosure or spyware legislation. Lawmakers did approve creating the new position of Assistant Secretary of Cyber Security with the Department of Homeland Defense, but the White House has yet to fill the slot.
"Six months downstream, it's time to put a person in that place," Kurtz said. "Part of leadership is delegation."
Kurtz called the 2004 Homeland Security Presidential Directive calling for the United States to reduce identity fraud and protect personal privacy a "toothless tiger with no money attached to it."