[ISN] Security chief urges partnering

From: InfoSec News (isn@private)
Date: Thu Feb 12 2004 - 04:49:57 PST

  • Next message: InfoSec News: "[ISN] MyDoom dies today"

    Forwarded from: William Knowles <wk@private>
    By Florence Olsen 
    Feb. 11, 2004 
    A Homeland Security Department official said this morning that the 
    government's record of fostering public/private partnerships for 
    securing cyberspace has been unacceptable.
    While claiming progress on cybersecurity, Amit Yoran, director of the 
    National Cyber Security Division at DHS, vowed that the government 
    would work harder on developing its relationships with the private 
    sector in the coming year and would also pursue a long-term agenda 
    that may not see results for many years to come.
    Yoran said that while DHS is focused "on changing the fundamental 
    ground rules of cybersecurity," it also has more immediate tasks on 
    its agenda, such as building what he described as a survivable network 
    for sharing critical information if the Internet and other 
    communications systems are brought down by an attack. 
    Speaking at a breakfast meeting of the Information Technology 
    Association of America, a group that represents IT companies, Yoran 
    said he is often asked to describe a catastrophic cyberattack, or 
    "digital Pearl Harbor." He declines to paint such scenarios, but he 
    said that the government has begun modeling such attacks and is in the 
    process of building a survivable infrastructure, called the Cyber 
    Warning and Information Network. Progress on creating the network "is 
    notable," he said, "but is not complete."
    Yoran said that DHS will be thinking of cybersecurity in broad terms 
    and trying to avoid a too-narrow focus on cyberterrorism. For that 
    reason, he said, many of the government's long-term cybersecurity 
    efforts will be to improve practices used within the software industry 
    to develop and evaluate software code, in part by using more automated 
    techniques for writing secure software.
    Given the trends toward having larger and larger teams of coders 
    working on software and sending coding jobs offshore, Yoran said that 
    government and industry must also develop better methods for detecting 
    the presence of backdoors and other insecurities in software. 
    Citing the DHS' National Cyber Alert System as an accomplishment, 
    Yoran said it attracted 250,000 subscribers in less than a week of its 
    launch on Jan. 28, "a genuinely not-too-shabby reach for our first 
    week in operation."
    He also noted that the department has formed three new operational 
    groups that are contributing to the national cybersecurity effort. One 
    is the Chief Information Security Officers Forum, an organization of 
    senior officials responsible for cybersecurity in their federal 
    A second is the Government Forum of Incident Response Teams, whose 
    members are systems operators from DHS and from other federal civilian 
    and military agencies who meet to work out interoperability problems.
    A third is the Cyber Interagency Incident Management Group, which is 
    made up of law enforcement, national security and Defense Department 
    officials that work on coordinating plans for responding to incidents.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Feb 12 2004 - 08:02:14 PST