They claim that "To date there has not been a trusted vendor environment that allows companies to identify, assess and mitigate multi-product, global security challenges together on the customers' behalf." Icasi will not respond to every product security issue that emerges, but try and respond to and reduce the potential customer impact of global, multi-vendor cyber threats.
The organisation has been created to fill a critical gap in the global IT security landscape highlighted by CEOs and senior leaders from IT and communications firms in a 2007 report to the US president . They said that: "[existing] operational response frameworks are not sufficient to keep pace with globalisation and technological convergence…nor do they adequately include private sector participation in these processes."
Icasi is built around four guiding principles customer security; agility and effectiveness; collaboration and trust; leadership and innovation. It hopes to change how vendors work together on multi-product security fixes and to develop and share innovations for preventing and mitigating security challenges. It intends to work with other organisations with similar aims and interests.
Membership is open to others on three levels: founding, charter, and general. Founding and charter members must be nominated an existing founding or charter member and must be global vendors, manufacturers or providers of IT that "can effect changes necessary to protect the global IT security ecosystem" and that are publicly traded companies listed on a US or a foreign exchange with a global customer base.
Formation of Icasi comes only a month after the creation of Impact: the International Multilateral Partnership against Cyberterrorism, www.impact-alliance.org which held its inaugural World Cyber Security Summit (WCSS) in Kuala Lumpur, claimed to be the largest ministerial-level forum ever organised on cyber-terrorism and security.
Government ministers, industry leaders, technology luminaries and international cybersecurity experts from 27 countries were in attendance, including Australia, Canada, India, Japan, Malaysia, Mexico, Saudi Arabia, Singapore, South Korea, Thailand and the United States.
The goal of the summit was to chart the future course for Impact. The organisation has been created with $US13m in seed funding from the Malaysian Government. Malaysian prime minister Abdullah Ahmad Badawi said that the level of interest shown in the summit was proof of the need for Impact.
Its formation has also been endorsed by the ITU. Secretary general Dr Hamadoun TourÃ©, said: "impact promises to be a key partner in the implementation of our Global Cybersecurity Agenda, (GSA) forming a crucial, operational defence against all types of cyber threats." Impact has offered its secretariat as a home for the GSA including use of its training facilities, labs and Global response centre.
Impact is set to develop four key pillars in its charter: cybersecurity training and skills development; global response centre; security certification, research & development; and policy, regulatory framework & international cooperation.
It will train teachers to deliver hands-on courses in key cybersecurity skills such as forensics, intrusion detection and penetration testing so that regardless of income levels every country can provide world-class training to its cyber defenders.
The Secure Application Development program will support local academic institutions that train each nation's programmers. This will include developing faculty skills and providing essential tools to enable them to weave secure coding and secure application design into their educational programs, ensuring that every application is built securely by well-trained programmers.
SANS' Internet Storm Centre will enter into a partnership with Impact (and with other countries through Impact) to empower developing nations to participate fully in its early warning system. Lastly, the joint initiative will expand the weekly cybersecurity news to cover developments in and relating to these countries.