Yoran: Feds, companies should continue infrastructure discussions

In the event of a computer failure such as the one that caused massive power outages in the Northeast and upper Midwest last year, can the federal government intervene?

Many questions about the government's capability and authority to control cyberspace remain unanswered, said Amit Yoran, who resigned more than a month ago as director of the Homeland Security Department's National Cyber Security Division.

Yoran, who spoke Dec. 2 at the FCW Events' Information Assurance Conference in Washington, D.C., said that policy discussions must continue with the private sector about critical infrastructure vulnerabilities. FCW Events is part of FCW Media Group, which owns FCW.com and Federal Computer Week.

He said DHS officials made progress during the past year in building relationships with officials whose companies own power plants, oil pipelines, nuclear facilities and other computer-controlled infrastructures that are critical to the nation.

With more than 80 percent of the nation's critical infrastructure owned by private companies such as First Energy Group and others, Yoran asked what federal officials can do to prevent and, if necessary, respond to a large-scale cyberevent affecting large areas of the nation.

"Do we have the authority to kick in the door and put our fingers on the keyboard?"

During Yoran's tenure as cybersecurity director, DHS officials worked on a limited number of short-term tactical and long-term research priorities, he said. One of the most valuable short-term projects, he said, was to a create map of the federal government's Internet address space. That task, which is now complete, has improved federal officials' ability to observe and respond to cyberattacks on federal networks, Yoran said.

"As it turns out, we've got 5,700 blocks of network addresses as a federal government -- some of which are Class C, some class A -- with billions of addresses," he said.

Government officials are analyzing data from those addresses, looking for signs of malicious activity and sharing that information among federal officials, Yoran said.

In a later briefing for news reporters, Yoran delivered a barb that he didn't share with the conference audience of federal contractors and government employees. He said the federal government is a few years behind the private sector in deploying new information security technologies.

"Government integrators have a vested interest in the status quo," he said. "They are reluctant to bring innovative technologies into the federal government."

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.