Infosec momentum must not be lost

Security experts who registered dismay at Amit Yoran's recent resignation as the nation's infosec leader say it is essential the federal government continues to make IT security goals a priority.

Given rising internet attack types, system vulnerabilities and most organizations' dependence on IT for business initiatives, infosec must remain a top concern for both government and private industry, they said.

"It is imperative that the Cyber Security Division – no matter who its leader is, persists in promoting information sharing and the development of industry standards," said Chris Carlson, director of technical services for Micromuse' Federal Division.

"The most important thing in light of Yoran's departure is to stay with the current plan," he said, noting that the division and its efforts are so important to the government and private industry that it might need to garner a higher vantage point in the White House.

This is a consideration which several members of Congress encouraged earlier this year, but one that is likely only to take place after the presidential election early this month.

During his approximate one-year stint as the director of the Cyber Security Division at the Department of Homeland Security (DHS), Yoran set in motion various fundamental initiatives.

In addition to setting up the U.S. CERT, a vulnerability sharing service for businesses and home users alike, he also helped to focus the government's efforts on partnering with private industry to thwart cybercriminals.

It is because of these many strides that experts believe that his successor's number one goal will be to simply re-validate the existing program. Failing this, cybersecurity issues could well become a back-burner issue.

Meantime, the department has already designated Yoran's former deputy Andy Purdy as the division's interim director. Although DHS officials did attempt to return calls, comment on who would be appointed as full-time director, and when, could not be gathered by the time.

The Information Technology Association of America (ITAA) said in a recent statement that Yoran's departure is "a disappointing setback" and is calling for DHS to appoint a successor fast.

"Amit Yoran is an outstanding technology executive, and he developed real traction in his outreach to industry," said ITAA president Harris Miller in the statement.

"A mark of Amit's progress was his earning the respect and enthusiasm of many in the private sector, who were seeing the prospect for substantial progress in a number of cybersecurity areas."

Yoran said during a recent interview that indeed the Department likely will move quickly to find the ideal candidate to fill the now empty post.

"The next steps for the DHS are to rapidly conduct a search for the best-qualified candidate to move the division from its current state of core capabilities to the ultimate objective – the [President's National Strategy to Secure Cyberspace]," he said.

While many in the industry were surprised by his resignation, Yoran stated that a one-year stint was part of his initial agreement to take on the job.

"When I originally spoke with the Secretary of the Department of Homeland Security [Tom Ridge] about taking the job as director of the National Cyber Security Division... it was really focused on my skills in creating start-ups and [my] cybersecurity background," he recalled.

"The discussion even at that time was [centered around] a year as sort of the commitment between myself and the department and all the efforts which would be required," he continued.

Initial news reports indicated that Yoran had voiced his frustrations with industry peers about the slow progress being made on cybersecurity issues in the Department, implying that such dissatisfaction was a major reason for his resignation this week. However, Yoran insisted that these reports were erroneous.

When asked if it was a failing on the part of the Department not to have a successor in mind prior to Yoran's leaving, given that they had prior knowledge of his one-year commitment, he replied: "Fortunately or unfortunately the departments are not always able to control the way news breaks in the media. You can criticize every decision that's made.

"Personally, I think that it's not a poor decision not to move right away. The responsible thing is to evaluate where we are, evaluate the requirements and the ultimate direction, and then – now that there's nobody in the seat, so to speak – there might be an influx of new candidates.

"What's more, by the way, there is no vacuum – there are strong leaders within the division to continue moving the operations forward."

And while the division has much to get done, Yoran believes that the work completed so far has been a good start.

"In the past year, we have looked at the goals which we set out – to create the National Cyber Security Division, recruit some of the fantastic expertise from the public and private sectors, and build the U.S. CERT and some of the operational capabilities that we've put in place there," he explained.

"And we've said: 'Not everything is perfect, not everything is complete, this is only a base platform to build from, but the objectives of what we agreed upon had been met [and] the term of the commitment, so to speak, had been satisfied'."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.