Industry fears security setbacks

With Amit Yoran's sudden departure from the nation's top cybersecurity job, industry officials said they fear another setback in efforts to make government and corporate networks secure from attacks that hurt business and national security.

Yoran, who resigned Sept. 30 as director of the Homeland Security Department's National Cyber Security Division, is the third federal cybersecurity chief to leave government service in less than two years, conjuring worries that the job is too tough for even the most talented recruits.

"Whether Amit intended it or not, his departure is a pretty strong wake-up call," said Harris Miller, president of the Information Technology Association of America. "First Dick Clarke, then Howard Schmidt, now Amit — that's not good," Miller said.

DHS officials reacted quickly to Yoran's departure two weeks ago by naming Andy Purdy, Yoran's deputy, to serve as acting director until they find a permanent replacement. Purdy has worked in the cybersecurity division since it was created as part of DHS.

Some industry observers said confusing lines of authority in the federal government make the job of cybersecurity chief tougher than it needs to be. But one of Yoran's accomplishments, they said, was to help establish a chain of command during a cybersecurity attack.

Under Yoran, the division formed

three new operational groups to work on cybersecurity.

"They had pretty much demarcated what authority various groups had to respond to something," said Chris Risley, president and chief executive officer of Nominum Inc., which makes Internet software. "They needed to have all that laid out so they knew who to call."

Many industry observers are hoping that new legislation will resolve questions about authority, including the question of whether Yoran's former position should be elevated to the rank of an assistant secretary in DHS. Legislation to raise the authority and visibility bounced around Capitol Hill last week, leaving some industry observers hopeful but uncertain whether the change would become law.

"It's a little hard to figure out what is or is not going to survive — or even whether there's going to be an intelligence bill before Congress goes home," Miller said.

The House's intelligence bill has a provision for raising the cybersecurity chief's position from director to assistant secretary. The Senate bill does not, Miller said, but added that Sen. Charles Schumer (D-N.Y.) favors upgrading the position so that cybersecurity can garner more attention.

Although Yoran's bosses at DHS have been reticent about his departure, industry officials generally have praised his job performance and expressed regret about his departure. A former security industry executive, Yoran, 33, was widely trusted in industry circles. "He was very suited for the job in terms of technical understanding and technical curiosity," Risley said.

Other industry officials said Yoran was trying to foster — with some success — a level of cooperation among companies in the fiercely competitive IT security industry.

Perhaps the most visible accomplishment of Yoran's short tenure was the National Cyber Alert System, which uses e-mail messages to alert citizens and technical users of viruses, worms and other Internet-borne attacks. But other cybersecurity projects, not so visible or well publicized, could have an equal or greater impact on cybersecurity, some industry officials said.

One such program was an initiative to gather vendors' virus signature files, through the department's U.S. Computer Emergency Readiness Team (US-CERT) Web site, for federal civilian agencies as soon as the vendors released them. Yoran was leading efforts to standardize virus nomenclature and coordinate virus responses, said Tom Simmons, director of federal markets for Trend Micro Inc., an antivirus software company.

Industry officials would like to see Yoran's replacement be a person with industry experience. But others are less certain about who should fill the position. DHS officials probably should re-examine what skills and experience the leader of cybersecurity needs rather than fill the position immediately, said Howard Schmidt, a former cybersecurity adviser in the Bush administration who will return as a consultant to DHS' US-CERT.

Diane Frank contributed to this article.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.