White House Selects Cybersecurity Chief, Creates Emergency Response TeamWhite House Selects Cybersecurity Chief, Creates Emergency Response Team

Amit Yoran, VP of worldwide managed security services at Symantec Corp., will become the nation's next cybersecurity czar. Homeland Security Secretary Tom Ridge on Monday named Yoran as director of the National Cyber Security Division within the department's division of information analysis and infrastructure protection office. Yoran's final day at Symantec will be Sept. 30, the company says.

"There are a number of challenges, but I wouldn't point to any one in particular and say it's the most difficult to overcome," Yoran said in an interview Monday with The Associated Press. "There's definitely a lot of work ahead of us."

Yoran's appointment coincided with an announcement by Ridge that the department will partner with Carnegie Mellon University to create the U.S. Computer Emergency Response Team, known as US-CERT. US-CERT will grow to include other partnerships with private-sector security vendors and other domestic and international CERT organizations, according to a statement issued by Homeland Security. These groups will work together to coordinate national and international efforts to prevent, protect against, and respond to the effects of cyberattacks across the Internet. This is the first in a series of upcoming announcements on new partnerships and initiatives within the National Cyber Security Division.

"This new center for cybersecurity is a key element to our national strategy to combat terrorism and protect our critical infrastructure," Ridge says. "The recent cyberattacks such as the Blaster worm and the Sobig virus highlight the urgent need for an enhanced computer emergency response program that coordinates national efforts to cyber incidents and attacks."

US-CERT will begin as a partnership between the National Cyber Security Division within Homeland Security and Carnegie Mellon's CERT/Coordination Center, which is part of the Software Engineering Institute, a Department of Defense-sponsored, federally funded research and development center, and will be affiliated with Carnegie Mellon's new Cyber Security Laboratory.

Rep. Adam Putnam, R.-Fla., who chairs a key government IT subcommittee, says the creation of US-CERT is an important step by the government to protect the nation's computers from cyberattack. "It's no longer a question of whether our computer networks will be attacked, but when, how often, and to what degree," Putnam says. "Blaster and Sobig.F are stark examples of how worm and virus vulnerabilities can cost us billions of dollars in lost productivity and administrative expenses in a very short period of time. ... We all need to take the cyberthreat more seriously and move expeditiously to secure our nation's computers."

Homeland Security contends that US-CERT, in collaboration with the private sector and leading response organizations, will improve warning and response time to security incidents by fostering the development of detection tools and utilizing common commercial incident- and vulnerability-reporting protocols. Its aim is to increase the flow of critical security information throughout the Internet community. US-CERT will provide a coordination center that, for the first time, links public and private response capabilities to facilitate communication across all infrastructure sectors.

In addition, the center will collaborate with the business community to develop and implement tools and methods for detecting and responding to vulnerabilities. Homeland Security maintains that the center will reduce the response time to a security event to an average of 30 minutes by the end of 2004.

The cybersecurity chief's position drew early criticism over its placement deep inside the agency's organizational chart. The cyberchief will be at least three steps beneath Ridge. Yoran will fill the post once held by Richard Clarke, a special adviser to President Bush. "I'm not really overly concerned about my personal visibility," Yoran told AP. "I want to make sure we take the right initiatives."

The ranking Senate Democrat on government IT issues, Joseph Lieberman of Connecticut, says Yoran's background shows broad experience with computer security that will be critical to the success of the cybersecurity division, but notes that Yoran "will be playing a difficult game of catch-up." Lieberman, who's seeking President Bush's job, complains the administration has been extremely vague on its cybersecurity strategy. "It has shown inadequate attention to the development of a comprehensive and effective plan, much less a timeline for implementing the plan," he says.

In 1998, Yoran co-founded Riptech Inc., which monitored government and corporate computers around the world with an elaborate sensor network to protect them against attacks. He sold the firm 14 months ago to Symantec for $145 million and stayed on as VP for worldwide managed security services.

Yoran told AP he hasn't yet talked with government ethics lawyers, but said Symantec, a leading cybersecurity and antivirus vendor, wouldn't be shown any special treatment by the department. "I don't think it would be responsible to cut them out, but certainly we would not show them favoritism just because I spent a year working here," Yoran said, adding that he will have no equity position or investment in Symantec once he joins the administration.

Yoran's appointment is being well received by industry. Says Robert Holleyman, president of the Business Software Alliance, a Washington lobbyist group representing software vendors: "He knows firsthand the vast threats that exist today and what needs to be done to quickly identify, assess, and mitigate those threats."

Before co-founding Riptech, Yoran was the director of the vulnerability-assessment program within the computer emergency response team at the Department of Defense, as well as the department's network security manager responsible for maintaining operations of the Pentagon's network. Yoran has a bachelor's degree from the U.S. Military Academy at West Point and a master's from George Washington University.

The division Yoran will run conducts cyberspace analysis, issues alerts and warnings, improves information sharing, responds to major incidents, and aids in national recovery efforts.