Hoping to synchronize better with IT security’s private sector, the U.S. Department of Homeland Security has enlisted Symantec vice president for managed services Amit Yoran as director of its cyber security division and has forged a partnership with the CERT Coordination Center to speed warning and response time.
Security industry leaders praised both moves and said they have been waiting for more guidance from the government while at the same time pushing forward on their own in defending computer networks from intruders and other Internet ills, such as last month’s worms.
“We were already moving forward on the private part — we were waiting for DHS to catch up,” said Pete Allor, director of the IT Information Sharing and Analysis Center (ISAC).
Allor, who is also X-Force manager of threat intelligence at security firm ISS, told TechNewsWorld that Yoran’s much-needed appointment fills a gap in the government’s connection to security’s private sector. “We’re excited that finally the government’s there,” he said. “We’re glad there is someone from IT and someone we can talk to on the national level.”
IT Guy Inside
Allor praised Homeland Security’s selection of Yoran, 32, who is known for his work in Symantec’s managed security services and as a founder of network security specialist Riptech, which was purchased by Symantec last year.
Allor said Yoran’s experience in managed services, technical expertise and background in public-private interaction — he was director of the Department of Defense’s vulnerability assessment program and manager of the Pentagon’s network — make him ideal for the position.
“From all these perspectives and as one of the first members of IT ISAC, I think he knows quite a bit about cyber security,” Allor said.
Buried in Bureaucracy
After taking criticism for a lack of focus on Internet security as federal efforts were folded into Homeland Security, the administration decided to move Yoran’s job — formerly known as cyber security czar — lower into the department.
While some security officials viewed the lower-profile position as an advantage that would allow Yoran to focus on security work, CyberGuard federal division vice president Matt Mosher told TechNewsWorld that it appears the government is putting less priority on cyber security.
“It doesn’t seem to be quite as high profile or as high priority of a position as it once was,” Mosher said. “On the surface, it looks like he’s not sitting as high in the organization, and you would think, in effect, that he would have less ability to effect change.”
Partnering with CERT
The Homeland Security Department also announced it is partnering with Carnegie Mellon University’s CERT Coordination Center, which is intended to grow to include other private partnerships to coordinate efforts to prevent, protect and respond to Internet threats.
Allor viewed the move as a positive step but called on the government to enlist more private-sector expertise and experience, saying, “we can provide a lot of work to know what’s going on and what to do about it.”
Mosher also saw the partnership with CERT, a Department of Defense-sponsored research and development center of the Software Engineering Institute, as a step in the right direction, but warned it will take time to tackle Internet security.
“It’s a big issue, and it’s going to take a while before we can say definitive action has been taken and we’re in a better position to protect ourselves,” Mosher said.
Mosher said the public-private partnership on security is still in its infancy. He downplayed the effectiveness of DHS warnings when security needs to be ongoing.
Allor, who said IT security companies are sharing more information, stressed the need to change the approach to security in light of last month’s worm outbreaks and quickening threats.
“We’re seeing that time is shortening, so it requires us to think about this in an entirely different way,” he said.