The Cyber Security Industry Alliance (CSIA), a consultative body of computer security professionals, yesterday published a 12-point list for securing America's IT infrastructure.

The list includes ratifying the Council of Europe's Convention on Cybercrime, strengthening security certifications and leading by example in government procurement.

A special 'Emergency Co-ordination Network' should also be set up to act as a backup if national systems fail.

"The Bush administration has made significant improvements to cyber-security but there is still more that must be done to harden our economy and critical infrastructure against cyber-attacks," said Paul Kurt, executive director at the CSIA.

"The CSIA believes that the time for action is now. We have moved beyond the discussion and planning phase, and have identified concrete actions that can be taken by the administration to immediately improve the security of our nation's cyber-systems."

In an interview with vnunet.com earlier this year CSIA chairman John Thompson, also chief executive of Symantec, warned that there was still a significant job to do in securing the online world, and that, since 85 per cent of US networks are in private hands, any changes must be part of a public/private partnership.

As the CSIA was presenting its plan, IT security expert and author Bruce Schneier was warning that computer security was little help in some regards, and we should instead be concentrating on putting more human intervention into security systems.

Schneier highlighted airlines training staff to spot likely targets by behavioural profiling rather than using massive databases, calling the latter "a mess".

"The problem with computerised passenger profiling is that it simply doesn't work," he said. "Behavioural assessment profiling is different. It cuts through all those superficial profiling characteristics and centres on the person."

Schneier pointed to a programme at Logan airport in Boston which had caught 20 fugitives in the early days of its trials of behavioural modelling. He suggested that, while it is not a silver bullet, it is better than any computerised alternatives.

Cyber Security Industry Alliance points in full: