DHS rolls out cyberalerts

Homeland Security Department officials today unveiled a National Cyber Alert System designed to protect computer users from viruses, worms and other Internet-borne attacks.

The federal alert system could reach many more citizens than are now receiving cybersecurity warnings through a variety of private, subscription-based services.

In its initial phase, DHS' system will deliver alerts via e-mail to anyone who signs up to receive them, department officials said. The free alerts will be electronically signed to give users confidence that they are legitimate and not "spoofed" like many messages distributed via the Internet.

Users can get their names on the e-mail distribution list beginning today.

The DHS announcement left some companies in the cyber security business wondering how their own cyber warning activities will mesh with what the department is offering.

Peter Allor, director of Internet Security Systems' X-Force Threat Intelligence Service, said he that is waiting for DHS to provide his company with more information about its plans. Allor said he was not concerned that a national system would compete with his company's own threat-analysis service, but he wants to know how the private-sector Information Sharing and Analysis Centers will coordinate their efforts with DHS. "That's still an open question," said Allor, who serves as director for the ISAC that focuses on information technology threats.

While many network and systems administrators already share information about cyber attacks often before they happen, "it's just as important for home users to be able to plug their vulnerabilities," said Greg Garcia, vice president for information security with the Information Technology Association of America, a group representing information technology companies.

Acknowledging that other venues for alerts exist, DHS officials said Symantec Corp., Network Associates Technology Inc.'s McAfee and other companies that now publish information about computer threats are working with the department on the alert system. By consolidating many sources of information into one high-level system, agency officials can provide a national perspective on cybersecurity, they said.

The national alert system is a good first step, Garcia said, because it means "we€re beginning to get traction on cyber security."

But Sen. Charles Schumer (D-N.Y.) criticized the DHS system as inadequate for the problem it is trying to solve, because it does not impose a mandatory threat-reporting requirement on software and security companies. Schumer also blasted the idea of using e-mail alerts.

"An e-mailed based system is a bad idea because hackers can easily duplicate or mimic a DHS mail warning," said Schumer, who called for the creation of a center comparable to the Centers for Disease Control, a command center and research facility for the nation€s cyber health.

Computer security will not improve until awareness is raised through a system that is easy for all computer users to understand, Amit Yoran, director of DHS' National Cyber Security Division, said this morning. The national system will provide alerts to two communities: technical users responsible for protecting critical infrastructure and end users.

In addition to technical bulletins that security administrators can sign up to receive, tips on preventing computer security problems will be sent to end users who go to DHS' Web site and click on the sign-up button. "The intent is for this information to be made available to the widest and most appropriate distribution," Yoran said.

The CERT Coordination Center at Carnegie Mellon University, one of the organizations working with DHS on the new alert system, will continue its advisory mail list, CERT officials said.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.