[ISN] Yoran Grilled at Senate Hearing

From: InfoSec News (isn@private)
Date: Wed Mar 10 2004 - 05:19:06 PST

  • Next message: InfoSec News: "[ISN] Windows & .NET Magazine Security UPDATE--Fending Off Viruses and Spam--March 10, 2004"

    http://www.computerworld.com/securitytopics/security/story/0,10801,90865,00.html
    
    By Dan Verton 
    MARCH 08, 2004 
    COMPUTERWORLD
    
    WASHINGTON -- It was an inauspicious moment for Amit Yoran, the
    federal cybersecurity czar.
    
    "Have you focused on a threat assessment?" asked Sen. John Kyl
    (R-Ariz.), chairman of the Senate Subcommittee on Terrorism,
    Technology and Homeland Security, during a Feb. 24 hearing on
    cyberterrorism. The nation is "awash in a sea of vulnerability
    studies," said Kyl. But what is missing, he said, is "an accurate
    threat assessment" about what the country should worry about most:  
    individual hackers, nations or terrorist organizations.
    
    For several tense moments, Yoran sat in silence and then shielded his
    microphone as he whispered to a colleague from the FBI.
    
    "Our protection strategy is threat-independent," Yoran finally
    replied. Rather than focusing on specific attack profiles, "we are
    developing programs and initiatives that apply to the gamut of attack
    approaches," he added.
    
    "I still haven't heard you say you have done a threat assessment,"  
    responded Kyl.
    
    Frustrated by the line of questioning, Yoran turned around and faced
    an underling from the DHS and pointed angrily to a sheet of paper on
    which was written "NIE."
    
    "We'll have to wait and see what the NIE says," Yoran said, referring
    to a classified National Intelligence Estimate that was scheduled to
    be released within days of the hearing.
    
    Sen. Dianne Feinstein (D-Calif.), the ranking member of the
    subcommittee, also posed tough questions to Yoran, particularly about
    his position within the DHS bureaucracy.
    
    "My concern is that we don't really take cyberterrorism as seriously
    as we should," said Feinstein, adding that she was troubled by the
    decision to move the position once held by former cybersecurity czar
    Richard Clarke from the White House to where it now sits, several
    layers down in the DHS bureaucracy. "Given your lack of seniority, how
    are you able to direct assistant secretaries in other directorates?"
    
    "There are advisers within the White House who maintain a very close
    awareness of cyberactivity and cyberprotection," said Yoran.
    
    However, Clarke and his immediate successor, Howard Schmidt, both
    acknowledged that the Office of Management and Budget, which has
    statutory authority for cybersecurity programs, has only three people
    working on the issue full time. "If they were serious about it, they
    would have 20 to 30 people working it," said Clarke.
    
    When the hearing ended, Kyl was visibly frustrated with the inability
    to get direct answers from Yoran and said he didn't want to have "to
    grill anybody."
    
    But it didn't appear to be Kyl's fault. A prominent IT industry
    executive who attended the hearing but did not want to be identified
    by name characterized Yoran's performance as "terrible."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Mar 10 2004 - 08:21:25 PST