DHS rolls out cyberalerts

Homeland Security Department officials today unveiled a National Cyber Alert System designed to protect computer users from viruses, worms and other Internet-borne attacks.

The federal alert system could reach many more citizens than are now receiving cybersecurity warnings through a variety of private, subscription-based services.

In its initial phase, DHS' system will deliver alerts via e-mail to anyone who signs up to receive them, department officials said. The free alerts will be electronically signed to give users confidence that they are legitimate and not "spoofed" like many messages distributed via the Internet.

Users can get their names on the e-mail distribution list beginning today.

The DHS announcement left some companies in the cyber security business wondering how their own cyber warning activities will mesh with what the department is offering.

Peter Allor, director of Internet Security Systems' X-Force Threat Intelligence Service, said he that is waiting for DHS to provide his company with more information about its plans. Allor said he was not concerned that a national system would compete with his company's own threat-analysis service, but he wants to know how the private-sector Information Sharing and Analysis Centers will coordinate their efforts with DHS. "That's still an open question," said Allor, who serves as director for the ISAC that focuses on information technology threats.

While many network and systems administrators already share information about cyber attacks often before they happen, "it's just as important for home users to be able to plug their vulnerabilities," said Greg Garcia, vice president for information security with the Information Technology Association of America, a group representing information technology companies.

Acknowledging that other venues for alerts exist, DHS officials said Symantec Corp., Network Associates Technology Inc.'s McAfee and other companies that now publish information about computer threats are working with the department on the alert system. By consolidating many sources of information into one high-level system, agency officials can provide a national perspective on cybersecurity, they said.

The national alert system is a good first step, Garcia said, because it means "we€re beginning to get traction on cyber security."

But Sen. Charles Schumer (D-N.Y.) criticized the DHS system as inadequate for the problem it is trying to solve, because it does not impose a mandatory threat-reporting requirement on software and security companies. Schumer also blasted the idea of using e-mail alerts.

"An e-mailed based system is a bad idea because hackers can easily duplicate or mimic a DHS mail warning," said Schumer, who called for the creation of a center comparable to the Centers for Disease Control, a command center and research facility for the nation€s cyber health.

Computer security will not improve until awareness is raised through a system that is easy for all computer users to understand, Amit Yoran, director of DHS' National Cyber Security Division, said this morning. The national system will provide alerts to two communities: technical users responsible for protecting critical infrastructure and end users.

In addition to technical bulletins that security administrators can sign up to receive, tips on preventing computer security problems will be sent to end users who go to DHS' Web site and click on the sign-up button. "The intent is for this information to be made available to the widest and most appropriate distribution," Yoran said.

The CERT Coordination Center at Carnegie Mellon University, one of the organizations working with DHS on the new alert system, will continue its advisory mail list, CERT officials said.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.