Industry fears security setbacks

With Amit Yoran's sudden departure from the nation's top cybersecurity job, industry officials said they fear another setback in efforts to make government and corporate networks secure from attacks that hurt business and national security.

Yoran, who resigned Sept. 30 as director of the Homeland Security Department's National Cyber Security Division, is the third federal cybersecurity chief to leave government service in less than two years, conjuring worries that the job is too tough for even the most talented recruits.

"Whether Amit intended it or not, his departure is a pretty strong wake-up call," said Harris Miller, president of the Information Technology Association of America. "First Dick Clarke, then Howard Schmidt, now Amit — that's not good," Miller said.

DHS officials reacted quickly to Yoran's departure two weeks ago by naming Andy Purdy, Yoran's deputy, to serve as acting director until they find a permanent replacement. Purdy has worked in the cybersecurity division since it was created as part of DHS.

Some industry observers said confusing lines of authority in the federal government make the job of cybersecurity chief tougher than it needs to be. But one of Yoran's accomplishments, they said, was to help establish a chain of command during a cybersecurity attack.

Under Yoran, the division formed

three new operational groups to work on cybersecurity.

"They had pretty much demarcated what authority various groups had to respond to something," said Chris Risley, president and chief executive officer of Nominum Inc., which makes Internet software. "They needed to have all that laid out so they knew who to call."

Many industry observers are hoping that new legislation will resolve questions about authority, including the question of whether Yoran's former position should be elevated to the rank of an assistant secretary in DHS. Legislation to raise the authority and visibility bounced around Capitol Hill last week, leaving some industry observers hopeful but uncertain whether the change would become law.

"It's a little hard to figure out what is or is not going to survive — or even whether there's going to be an intelligence bill before Congress goes home," Miller said.

The House's intelligence bill has a provision for raising the cybersecurity chief's position from director to assistant secretary. The Senate bill does not, Miller said, but added that Sen. Charles Schumer (D-N.Y.) favors upgrading the position so that cybersecurity can garner more attention.

Although Yoran's bosses at DHS have been reticent about his departure, industry officials generally have praised his job performance and expressed regret about his departure. A former security industry executive, Yoran, 33, was widely trusted in industry circles. "He was very suited for the job in terms of technical understanding and technical curiosity," Risley said.

Other industry officials said Yoran was trying to foster — with some success — a level of cooperation among companies in the fiercely competitive IT security industry.

Perhaps the most visible accomplishment of Yoran's short tenure was the National Cyber Alert System, which uses e-mail messages to alert citizens and technical users of viruses, worms and other Internet-borne attacks. But other cybersecurity projects, not so visible or well publicized, could have an equal or greater impact on cybersecurity, some industry officials said.

One such program was an initiative to gather vendors' virus signature files, through the department's U.S. Computer Emergency Readiness Team (US-CERT) Web site, for federal civilian agencies as soon as the vendors released them. Yoran was leading efforts to standardize virus nomenclature and coordinate virus responses, said Tom Simmons, director of federal markets for Trend Micro Inc., an antivirus software company.

Industry officials would like to see Yoran's replacement be a person with industry experience. But others are less certain about who should fill the position. DHS officials probably should re-examine what skills and experience the leader of cybersecurity needs rather than fill the position immediately, said Howard Schmidt, a former cybersecurity adviser in the Bush administration who will return as a consultant to DHS' US-CERT.

Diane Frank contributed to this article.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group