Slashdot Mirror

← Back to Stories (view on slashdot.org)

Head Of Homeland Cybersecurity Named

Posted by simoniker on from the cyber-cyber-burning-bright dept.

ziggy_zero writes "Security software industry veteran Amit Yoran is expected to be named the new head of federal cybersecurity by the U.S. Department of Homeland Security (DHS) on Tuesday. The DHS is also partnering with CERT to form the "US-CERT" cyber-attack coordination center, coordinating efforts to fight cyber-attacks, worms, etc."

13 of 194 comments (clear)

  1. Any results? by llZENll · · Score: 5, Interesting

    Homeland security is a great idea, but there hasn't been much as far as actual results yet. We need some stats on how many threats they found/evaded, or is there this info available already?

    1. Re:Any results? by C10H14N2 · · Score: 3, Interesting

      The assumption and constant media attention that DHS is entirely about terrorist threats is probably the biggest PR blunder behind people's lack of faith or even understanding of what DHS actually is. The Government Accounting Office is the research arm of Congress and has a large number of reports on the progress, or lack thereof, of DHS. However, it is not just "we caught three terrorists" as that is not all that is behind DHS, which covers everything from issues of immigration to natural disasters. It is a department more complex than anything ever attempted by any government in history, so don't expect the analysis of its effectiveness to be simple. Because DHS is all about communication between existing departments from local to federal, the majority of criticism is simply about effective communication.

      The best starting point is here:

      http://www.gao.gov/homelandsecurity.html

      If you want simple anwsers, watch Fox News. Of course, it won't be the truth. It will be many things other than the truth. In fact, most of it will be complete fabrications and spin passed of as the truth, which of course people will believe without doing a shred of research and will then wonder how a government "of, by and for the people" can be so monumentally incompetent.

  2. head of homeland (virus) security by joeldg · · Score: 1, Interesting

    Maybe this guy will help get rid of all those nasty worms on the intarweb

    (you may need to be familiar with somethingaweful to understand the above statement)

    --
    anime+manga together at last.. in real time.
  3. United States government chooses Symantec by nacturation · · Score: 4, Interesting

    From the article:

    "Yoran helped to found network scanning company RipTech Inc. of Alexandria, Virginia, in 1998. After RipTech was acquired by antivirus giant Symantec Corp. for $145 million in August 2002, Yoran stayed on as Symantec vice president of worldwide managed security services operations, according to Symantec spokesman Cris Paden."

    Anyone care to wager how soon the government starts awarding contracts/grants to Symantec for its exclusive security solution?

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  4. Terrible combination by computerlady · · Score: 5, Interesting

    Oh, great. Let's combine the computer security industry (already famous for making work and money for itself by scaring everyone with over-hyped media attention to every script-kiddy's feeble edit of an existing worm) with the Department of Homeland Security's similar tactics of justifying it's existence, not to mention whatever policies the powers-that-be desire.

    We'll all be on tranquilizers in no time.

    --
    computerlady - a brand new Slash-daughter - alone, but no longer invisible, in the /. world
    1. Re:Terrible combination by Anonymous Coward · · Score: 1, Interesting

      no at this rate we'll all be soylent green

  5. Re:good by Anonymous Coward · · Score: 1, Interesting

    I'm not. He's from Symantec.

    Symantec has two policies that I disagree strongly with:

    #1, They don't define spyware as the trojans they are. To put it in perspective, think 'keystroke logging.'

    #2, Symantec is known for scare-mongering.

    However, I should reserve my judgement until he actually does something.

  6. Re:"Cyber" by Elwood+P+Dowd · · Score: 2, Interesting

    Billy Gibson has suggested that "cyberspace" would be the (first and) last enduring word with the prefix "cyber" in it. Just like everything that was cool used to be "electro-" whatever. After a while, it was just assumed that new devices were electronic. Now it's just assumed that new devices have computers in them. "Cyber" is meaningless and anachronistic.

    --

    There are no trails. There are no trees out here.
  7. Dont be relieved by goombah99 · · Score: 4, Interesting
    The Bussiness software Alliance is applauding the choice. This means we need to keep a close eye on this.

    I'm slightly concerned that its someone whos main source of income has been writing anti-virus software for Windows machines. I would doubt that he wakes up each day he hears about a new windows virus and says, that does it, i'm swithcing to linux for better security. He probably also would not really like to see for example, an open source virus program.

    And to the extent that he can cast off his "I profit from poor windows security" past, then he would probably see the "paladium" or whatever its called now as the ideal solultion to the widows is a seive problem. And in the HS dept he'll have the clout to make it a national requirement.

    the only good thing is it looks like he was a technical person who is well aware of many of the problems in computer security.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Dont be relieved by scrotch · · Score: 2, Interesting

      Another poster posted a link to a Frontline Interview. Near the bottom is this question and answer:

      Q: To make more secure infrastructures, if there's one thing that you would stand up and shout about, what would it be?

      A: I think that the emphasis for better security really comes from creating a culture. It's not a technical solution. I believe creating a culture where security is a requirement to do business would probably do more for us than any one piece of technology innovation. If we create the culture and the environment where security weaknesses will not be tolerated, and it's top-down driven, and it's supported, it will be supported from the bottom up. And we will be more successful.

      It sounds like his focus is on fixing the holes in systems, not applying expensive paint over them. I don't mean to suggest he's perfect, but considering how wrong it could have gone, I am relieved. He sounds technically competent and has experience actually providing security. Too many appointees have connections (political AND business) and nothing else.

  8. oh fsck by Anonymous Coward · · Score: 5, Interesting

    I got to witness ISS getting the "dept" involved firsthand with a recent Apache bug...... they decided that Free Operating Systems were not "real vendors" and kept us all out of the loop, so then we all got to find out about the bug with the rest of the public. The few "trusted" parties would have been looking at some treason if they had notified their friends in other affected projects.

    Thanks ISS... again. This will be a huge unimprovement. I fear Germany will become the new world center for computer security if these boneheads have their way.

  9. Why Richard Clarke got punted by Anonymous Coward · · Score: 2, Interesting

    I listened to Richard Clarke at MIT once. While he was a very fervent advocate of cleaning up security, he lied blatantly and publicly at that presentation. "Carnivore was a bad name and a bad idea, it no longer exists" was flatly known to be false by at least 3 people in the room who had had occasion to be directly aware of *which* little rooms at the local mid-level ISP had the secret equipment, still in use as of the previous week.

    He also refused to acknowledge the federal role in crippling security through the encryption export controls, which while looser now are still aimed dead square against anything the NSA cannot easily break into, and FCC standards that prevent breaking FBI or other agency undetectable man-in-the-middle monitoring.

    We'll see if this new guy can do a better job, but if he has Ashcroft's hand shoved up is ass making his lips wiggle, I don't hold out much hope for actual improvements in our overall security. The very tools that improve security make life harder for law enforcement to monitor without detection: Ashcroft is not giving up those features, period.

  10. Maybe I am paranoid... by greppling · · Score: 2, Interesting
    ...but this partnership between DHS and CERT makes me feel uneasy. Would you, if you had discovered a security hole in, say, a widely used FS/OSS application, still notify CERT about it? If you have to assume that the first organization they will share the information with is the DHS?

    Yes I know, the DHS hasn't done anything so far to earn this level of distrust from me, in fact they seem to be trying to build up trust, but...I'd definitely feel better just contacting security@mylinuxdistribution.com.