[ISN] New DHS cyber alert system under fire

From: William Knowles (wk@private)
Date: Fri Jan 30 2004 - 05:50:08 PST

  • Next message: William Knowles: "[ISN] Net crime gangs hit gambling sites"

    http://www.computerworld.com/securitytopics/security/story/0,10801,89550,00.html
    
    Story by Dan Verton 
    JANUARY 29, 2004
    COMPUTERWORLD
    
    WASHINGTON -- The leaders of the security-information-sharing 
    organizations within some of the nation's critical-infrastructure 
    sectors are criticizing the Department of Homeland Security for 
    announcing a new cyber alert system without better framing the role of 
    the private sector. 
    
    In interviews with Computerworld, senior officials from the 
    Information Sharing and Analysis Centers (ISAC) within the IT and 
    financial services industries said they learned of the new DHS 
    National Cyber Alert System from media reports that appeared shortly 
    after the announcement was made yesterday (see story). More important, 
    the officials said they still have little or no idea what, if any, new 
    capabilities the alert system offers, what is expected of the ISACs or 
    how the private sector is supposed to integrate and coordinate with 
    the DHS on the alerts. 
    
    "The government wanted to know how it could get [security information] 
    to everybody, but it didn't ask us how we could do that," said Pete 
    Allor, operations director for the IT sector's ISAC. "At least you got 
    a conference call," he said, referring to the media briefing hosted by 
    the DHS. 
    
    During that briefing, Amit Yoran, director of the DHS's National Cyber 
    Security Division, told reporters that the new alert system "will 
    integrate very closely with ISAC functions, [and alerts] will be 
    provided to the ISACS and in many cases coordinated with the ISACS in 
    advance." That integration will be made possible by the U.S. Computer 
    Emergency Readiness Team (US-CERT), he said. 
    
    That was news to Suzanne Gorman, chair of the financial services 
    sector's ISAC, who said she and others were never briefed on what 
    capabilities the US-CERT operation provides. 
    
    "We talk about partnerships, but it would have been really nice if 
    they had a conversation with us ahead of making this announcement," 
    said Gorman. "The way they did this was poor, to say the least." 
    
    Yoran, in response to those concerns, said the DHS did in fact conduct 
    discussions with the various ISACs on what the department could do to 
    increase awareness -- and he said that level of interaction will 
    increase as the system matures. 
    
    However, Yoran said, the goal of the new system is to give "all users 
    of cyberspace the information they need to protect themselves." He 
    noted that the DHS alert system doesn't provide any sector-specific 
    information. Instead, it offers a national-level view, which "even all 
    of the ISACS don't cover," he said. 
    
    Despite the agency''s characterization of the new system as "a 
    fundamental building block of the public/private partnership," both 
    Allor and Gorman said the initiative seems to be geared more toward 
    home users and the small business community than toward the 
    medium-size and large companies that make up the bulk of the nation's 
    critical infrastructure. 
    
    >From a critical-infrastructure-protection perspective, "I'm not clear 
    on how this is going to work," said Gorman. "There seems to be a lot 
    of duplication of effort. 
    
    Allor also questioned the effectiveness of using e-mail alerts to 
    notify home and small business users of security issues -- a key issue 
    that the DHS should have discussed with the private sector, he said. 
    
    "Who are we trying to alert, for what, and what's the best method to 
    get to them?" said Allor. It's not clear that e-mail alerts will be as 
    timely for these users as they are for large enterprise users, he 
    said. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 30 2004 - 09:10:18 PST