Just as there’s no shortage of threat actors, there’s also no shortage of trade and independent cyber security associations offering advice to the private and public sector and consumers on best practices to stop attacks.
One of them, the U.S.-based non-profit Online Trust Alliance which publishes a cyber incident response guide and rates Web sites, has decided fewer is better.
The OTA said this morning it is becoming part of the Internet Society (ISOC), which promotes technologies that keep the Internet secure, and is the home of the standards-setting Internet Engineering Task Force (IETF).
“I have for years been saying there’s too many organizations that try to re-invent the wheel or only exist for their own purposes, and we need to look at where we can combine resources,” OTA executive director Craig Spiezle said in an interview.
Over the years he’s been building coalitions with other trade and consumer protection groups. But a chance meeting with an ISOC official at a conference last fall led to the merger.
The benefit, Spiezle said, is a stronger independent voice for security and privacy issues. OTA member companies become members of the Internet Society. OTA working groups continue, as does its annual trust audit, which evaluates the Web sites of about 1,000 companies and carriers for the right to be named to an honour roll and place a badge on their Web pages.
Folding itself into the ISOC means there will be more resources for processing and technical analysis of the survey data, Spiezle said, as well as the normal things an association needs, from book keeping to managing the OTA Web site.
While the OTA has some big name members – including PayPal, Microsoft, Symantec, Twitter and groups such as the U.S. National Association of Realtors – there are a number of other associations that do some or all of what it does (including the Internet Society). A short list would include the Cloud Security Alliance, National Cyber Security Alliance, Anti-Phishing Working Group and the Cyber Threat Alliance. Many have the same big tech companies as members and as part of their work put out advice as the OTA does to organizations on enhancing trust in online advertising, email integrity, data protection and breach readiness IoT security and advice to governments.
Not all, however, have the same interests. “We think consumers need to have control over their data,” said Spiezle. “The trade associations that want to monetize that data see it differently. The ad industry that wants to modify that data sees it differently. So inherently you have trade organizations that exist for the benefit of their business members, don’t necessarily share the same concerns that we do.”
But every association needs to be able to support itself. Spiezle said the OTA has been “cash-flow positive,” but that isn’t the same as being in the black. And he acknowledged that as a small organization it’s been hard to hire staff.
“We could have been fine to continue on this path, very manageable, but we wanted to get to that next step … This gives us the resources, a stronger voice and a broader global view as well” to push organizations that trust is the foundation of their business.
The ISOC has more than 95,000 individual members and supporters, 122 chapters around the world, as well as more than 110 organizational members.
The OTA and the Internet Society may have similar views on privacy and trust, but Spiezle said they compliment each other: The OTA is close to business and end users, the ISOC to the technical community.
“The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” ISOC CEO Kathryn Brown said in a statement. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users.”
Spiezle will stay in his current post until the end of June, then becomes a strategic advisor to the ISOC board for 12 months.