RSA Security Submits Expert Commentary on National Strategy To Secure Cyberspace

Input Into U.S. Government Plan Centers Around Securing Virtual Private Networks, the Use of Multiple Authentication Technologies and Funding For Public/Private Cybersecurity Initiatives

BEDFORD, Mass., Nov. 18 /PRNewswire-FirstCall/ — RSA Security Inc. (Nasdaq: RSAS), the most trusted name in e-security(R), today submitted commentary and recommendations to the White House regarding the administration’s recently issued National Strategy to Secure Cyberspace. The company provided overall high marks for the draft strategy while offering specific suggestions relating to securing virtual private networks (VPNs), allowing for multiple authentication technologies and calling for funding of public/private cybersecurity initiatives.

The National Strategy to Secure Cyberspace is a plan that was developed by Richard Clarke, the President of the United States’ special advisor of cyberspace security and the President’s Critical Infrastructure Protection Board to provide steps that both public and private sectors must take to secure electronic communications, transactions and infrastructure against fraud, identity theft and terrorism. The first draft of the strategy was issued on September 18, 2002 with public comments due back to the Administration on November 18, 2002.

“RSA Security applauds the Bush Administration and Richard Clarke’s office for having the foresight to spearhead such an important initiative,” said RSA Security’s vice president of worldwide marketing, John Worrall. “While information infrastructure is one of our country’s most valuable assets, it can also be vulnerable to identity theft, fraud and terrorism if not properly protected. We’re pleased the administration opened up a dialogue with the private sector, and gave us the opportunity to share our input and expertise.”

RSA Security provided a range of suggestions and supporting comments to the strategy document, including three primary recommendations centered around securing VPNs, provisions for multiple authentication technologies and funding for public/private cybersecurity initiatives and standards development.

Securing VPNs: RSA Security recommended the strategy include specific direction on appropriate security measures for VPNs, many of which today only use static passwords for access. “VPNs offer a significant convenience for today’s mobile workers, but single-factor password security simply isn’t enough,” said Worrall. “In fact, we believe that ‘password guessing’ remains the most common form of network vulnerability.” RSA Security advised the Administration to include language recommending strong authentication for VPNs and internetworking devices as a requirement rather than an optional security enhancement.

Multiple Authentication Methods: The draft strategy includes language recommending that federal departments work to deploy common physical and logical access control tools and authentication mechanisms for simplicity and interoperability. “We agree 100 percent with the motive — better interoperability and consistency — but RSA Security believes the federal government, as well as industry, needs to accommodate multiple methods of authentication technology designed to fit the security requirements of specific applications,” Worrall said. “A flexible authentication framework should be the common goal-with interoperability integral to the authentication infrastructure and ability to use a variety of authentication mechanisms — including smart cards, smart badging, digital certificates, tokens and, when appropriate, passwords,” Worrall added.

Allocation of Funding: RSA Security’s final recommendation centered around the need for funding that will allow organizations to put into place the security measures necessary for successful implementation of the strategy. To raise the bar for security in the long term, the company’s recommendation specifically called out the need for partnerships that will ensure high-caliber private-sector security experts are engaged in standards development. In the near term, the company encouraged federal grants for cybersecurity lab research, education, and training at universities, and urged the government and commercial sectors to look for opportunities within current budgets to fund cybersecurity initiatives. “Good security is often about what you don’t see — what’s prevented by good security measures,” said Worrall. “Ongoing vision and leadership reflected in these recommendations is essential to ensure that appropriate funding is provided.”

Richard Clarke’s office will be reviewing public sector comments and incorporating them as appropriate before submitting a final version to the president.

About RSA Security Inc.
With more than 8,000 customers around the globe, RSA Security Inc. is recognized as the strategic e-security partner to the largest and most successful companies leveraging the Internet to grow their businesses and improve their bottom line. Our comprehensive portfolio of e-security solutions — including authentication, Web access management and developer toolkits — enables organizations to fully realize the revenue opportunities and operational improvements of e-business while protecting critical information from unauthorized access and other forms of malicious intent. RSA Security’s strong reputation is built on its history of innovation and leadership, award-winning solutions, and long-standing relationships with more than 1,000 technology partners. For more information on RSA Security, please visit http://www.rsasecurity.com.

NOTE: RSA, RSA Security and The Most Trusted Name in e-Security are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies.