DHS cybersecurity czar sees some progress in preparing for attacks
- By Wilson P. Dizard III
- Feb 20, 2004
Amit Yoran is director of the DHS National Cyber Security Division.
Henrik G. de Gyor
Three new federal organizations and the launch of new cybersecurity alert services are giving the Homeland Security Department's cybersecurity program some traction, DHS' security chief says.
In an exclusive GCN interview, Amit Yoran, director of the DHS National Cyber Security Division, said the new organizations give cybersecurity officials a method for meeting in person as well as collaborating online.
So far, 'the most obvious lesson learned is there's a great desire to collaborate, to work together to help one another,' he said.
Yoran outlined the roles of the three new units:
- The Government Forum of Incident Response Teams, or G-FIRST, is made up of frontline systems chiefs. It includes officials from the 24-hour watch center within Yoran's division, the U.S. Computer Emergency Response Team, the Pentagon and civilian agencies.
- The Chief Information Security Officers Forum will 'share information about programs that are successful and ones that are challenged and need assistance.' Its members are senior officials designated to oversee agency cybersecurity and make sure agencies meet the mandates of the Federal Information Security Management Act.
- The third unit, the Cyber Interagency Incident Management Group, includes officials from agencies 'that have significant capabilities in cybersecurity,' Yoran said. Mainly made up of officials from law enforcement, national security and Defense Department agencies, the group provides a forum for planning responses to major cybersecurity incidents.
The goal of the third group is to assure governmentwide coordination when attacks occur, Yoran said.
Yoran has been in his job since September 2003. He came to DHS from Symantec Corp. of Cupertino, Calif. He co-founded Riptech Inc., an IT security company in Alexandria, Va., that Symantec acquired.
His security post is within DHS' Information Assurance and Infrastructure Protection Directorate'less visible than the White House appointments held by fromer cybersecurity advisers Richard Clarke and Howard Schmidt, but Yoran said he has ample access to senior leaders.
But Yoran cautioned, 'Zero cybersecurity incidents or outages is not a reasonable goal''minimizing the duration and impact of incidents is.
In late January, DHS took the wraps off a National Cyber Alert System that it will use to inform the public and computer technicians about systems security threats, such as the MyDoom virus.
Yoran said the department's U.S. Computer Emergency Readiness Team will issue e-mail alerts to users who sign up at www.us-cert.gov
Besides warnings of new viruses, worms and other malicious software developments on the Web, the system will 'also provide periodic information ... so users proactively can better secure their systems before they fall victim,' Yoran said.
The cybersecurity division will continue to work with the CERT Coordination Center at Carnegie Mellon University, which it has hired to advise on systems security. DHS officials consulted with Carnegie Mellon cybersecurity specialists as well as executives of systems security companies such as Symantec and Network Associates Inc. of Santa Clara, Calif., as they developed the alert system, Yoran said.
The new alert system 'will not negate or supersede' the activities of the information sharing and analysis centers formed by and for various industries to respond to infrastructure threats, Yoran said.