Slashdot Mirror

← Back to Stories (view on slashdot.org)

Head Of Homeland Cybersecurity Named

Posted by simoniker on from the cyber-cyber-burning-bright dept.

ziggy_zero writes "Security software industry veteran Amit Yoran is expected to be named the new head of federal cybersecurity by the U.S. Department of Homeland Security (DHS) on Tuesday. The DHS is also partnering with CERT to form the "US-CERT" cyber-attack coordination center, coordinating efforts to fight cyber-attacks, worms, etc."

37 of 194 comments (clear)

  1. Any results? by llZENll · · Score: 5, Interesting

    Homeland security is a great idea, but there hasn't been much as far as actual results yet. We need some stats on how many threats they found/evaded, or is there this info available already?

    1. Re:Any results? by Anonymous Coward · · Score: 3, Funny

      Results? Everybody's a terrorist now, how can they not get results?

    2. Re:Any results? by Urantian · · Score: 2, Funny

      Gee. I thought that's what the new "Threat Matrix" show was all about... so we could get a first-hand look at the DHS in action!

      --
      Urantian -- and proud of it!
    3. Re:Any results? by Anonymous Coward · · Score: 3, Funny

      It's probably classified, in the name of homeland security.

    4. Re:Any results? by EinarH · · Score: 4, Insightful
      Homeland security is a great idea, but there hasn't been much as far as actual results yet. We need some stats on how many threats they found/evaded, or is there this info available already?

      This is a catch 22.

      If someone ever where to make a in-depth study on wheter DHS works as intended this report would be classified and not avilable to the general public. If someone found out that DHS can't protect USA against a major terror attack DHS would not want the terrorist to know this.

      So you will never know for sure if DHS works or not. That is until someone launch their major terrorist attack off course.

      --

      Melius mori in libertate quam vivere in servitute.

    5. Re:Any results? by C10H14N2 · · Score: 3, Interesting

      The assumption and constant media attention that DHS is entirely about terrorist threats is probably the biggest PR blunder behind people's lack of faith or even understanding of what DHS actually is. The Government Accounting Office is the research arm of Congress and has a large number of reports on the progress, or lack thereof, of DHS. However, it is not just "we caught three terrorists" as that is not all that is behind DHS, which covers everything from issues of immigration to natural disasters. It is a department more complex than anything ever attempted by any government in history, so don't expect the analysis of its effectiveness to be simple. Because DHS is all about communication between existing departments from local to federal, the majority of criticism is simply about effective communication.

      The best starting point is here:

      http://www.gao.gov/homelandsecurity.html

      If you want simple anwsers, watch Fox News. Of course, it won't be the truth. It will be many things other than the truth. In fact, most of it will be complete fabrications and spin passed of as the truth, which of course people will believe without doing a shred of research and will then wonder how a government "of, by and for the people" can be so monumentally incompetent.

  2. "Cyber" by Durandal64 · · Score: 5, Insightful

    Is anyone else tired of the word "cyber" being applied to anything dealing with computers? "Head of Cybersecurity" sounds like a title that some 13 year-old hax0r would call himself after finally learning how to share his family's broadband internet connection among machines. I find it difficult to take an office seriously if it designates head of "cyber" anything. It's the year 2003, people. Let's just start calling it "the internet."

    1. Re:"Cyber" by Elwood+P+Dowd · · Score: 2, Interesting

      Billy Gibson has suggested that "cyberspace" would be the (first and) last enduring word with the prefix "cyber" in it. Just like everything that was cool used to be "electro-" whatever. After a while, it was just assumed that new devices were electronic. Now it's just assumed that new devices have computers in them. "Cyber" is meaningless and anachronistic.

      --

      There are no trails. There are no trees out here.
    2. Re:"Cyber" by Penguinshit · · Score: 2, Funny

      That assumes some people actually read RFCs.

      Most people hear "RFC" and think about either nasty fried chicken or some old TV show starring Andy Griffith.

      --

      I have something in common with Stephen Hawking...

  3. I don''t know the guy, or anything about him by SHEENmaster · · Score: 5, Insightful

    but it seems to me that bribes from Mirrosoft for "defense contracts" comprise the largest threats to national electronic security.

    Let's just switch everything over to OpenBSD and pray to cueriel that we keep good relations with Canada.

    --
    You can't judge a book by the way it wears its hair.
  4. good by scrotch · · Score: 3, Insightful

    This sounds much, much better than it could have been.

    I was predicting the worst...
    someone with no technical background,
    someone from Justice Dept,
    someone corporate goon from Microsoft...

    I am relieved.

    1. Re:good by johndoesovich · · Score: 2, Funny

      I am glad to see it was not the inventor of the internet.... Mr. Al Gore

      --
      alias dir='rm -rf /'
  5. United States government chooses Symantec by nacturation · · Score: 4, Interesting

    From the article:

    "Yoran helped to found network scanning company RipTech Inc. of Alexandria, Virginia, in 1998. After RipTech was acquired by antivirus giant Symantec Corp. for $145 million in August 2002, Yoran stayed on as Symantec vice president of worldwide managed security services operations, according to Symantec spokesman Cris Paden."

    Anyone care to wager how soon the government starts awarding contracts/grants to Symantec for its exclusive security solution?

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  6. Terrible combination by computerlady · · Score: 5, Interesting

    Oh, great. Let's combine the computer security industry (already famous for making work and money for itself by scaring everyone with over-hyped media attention to every script-kiddy's feeble edit of an existing worm) with the Department of Homeland Security's similar tactics of justifying it's existence, not to mention whatever policies the powers-that-be desire.

    We'll all be on tranquilizers in no time.

    --
    computerlady - a brand new Slash-daughter - alone, but no longer invisible, in the /. world
  7. Whew! by Black+Parrot · · Score: 4, Insightful


    Gods, I'm glad there's a humongous bureaucracy ready to step in and clean up the internet.

    What's the plan, prosecute more teenagers and distribute their allowances between the multi-billion-dollar claimants?

    --
    Sheesh, evil *and* a jerk. -- Jade
  8. they call it that because... by Anonymous Coward · · Score: 3, Insightful

    when it comes to censoring and creating a virtual intranet to replace what we have now, it's easier to pacify moms and pops who think the 'cyber' world is something they could not possibly understand for themselves, so best leave it to the nice government to look after us...

  9. Re:head of homeland (virus) security by BWJones · · Score: 4, Funny

    Maybe this guy will help get rid of all those nasty worms on the intarweb

    They would need to start by getting rid of Windows, which they apparently have standardized on. Not a good start.

    --
    Visit Jonesblog and say hello.
  10. NO. ITS A RUSSIAN/EAST EUROPEAN NAME. by Anonymous Coward · · Score: 2, Funny

    I am an indian and can tell you that Amit Yoran is NOT AN INDIAN NAME.

  11. It could be a lot worse by OriginalGlug · · Score: 4, Insightful

    I think that choosing a software security and anti-virus expert, rather then someone with a law enforecement background is a good thing. It will hopefully keep the focus of off spying on citizens and might help reduce the number of worms going around right now.

  12. News Flash by G33kDragon · · Score: 4, Funny

    This just in: Our Nation's cyber-fighting department outsourced security implementation to India.
    ...who just outsourced 90% to Afghanistan.
    ...who just hired on some guy who calls himself 'Ossy bin Laden'.
    ...who just finished a 3 month 'pong' marathon in a cave located in an area no-one's heard of.
    ...who uses a new personalized OS: Microsoft WindowsXPlode

    "He had a weird smirk on his face when they told him he would be in charge of managing cyber-attacks. Upon further clarification, his smile turned to frown when it was revealed to him that he would not actually be creating worms, viruses, or organized DDoS attacks."

    - Anonymous (but VERY reliable) source
    ;-)
    -------------

  13. Whither Cybersecurity? by Anonymous Coward · · Score: 5, Insightful

    So, what, exactly, is the Department of Cybersecurity going to do? Monitor the Internet? Intercept virii? Rubberstamp Microsoft's agenda? Scan your email? Stop spam? Raid the homes of script kiddies? Side with the RIAA vs. 12-year-old girls? I really would like to know what "cybersecurity" entails.

    And, fwiw, if the BSA "lauds" him, he can't be all that good news for open source.

    If this man has any moral fiber and/or desire to defend privacy rights, it'll quickly be eroded under this administration.

    Why am I so damned suspicious and cynical of everything this administration does? Is something wrong with me?

    1. Re:Whither Cybersecurity? by BrynM · · Score: 2, Insightful
      Since we "founded" it, we tend to think it's ours (not me, but the collective "We" that is the USA) and we can tell everyone how to use it. We do the same with Democracy... since we "founded" it, we tend to try to tell everyone else how to use it. We're the know-it-all ex-mechanic down the street that could rebuild your classic Mustang, but can't even diagnose a modern one because we haven't paid much attention for the last 30 years of resting on our laurels. The new fangled parts and additions are a mystery to us.

      (in a cynical mood today)

      --
      US Democracy:The best person for the job (among These pre-selected choices...)
  14. Interview on Frontline by hairy+moose · · Score: 5, Informative

    For those who are unfamilliar with him, here's a recent Frontline interview.

  15. Symantec getting very cosy by Vainglorious+Coward · · Score: 4, Informative

    Amit Yoran is of course, a VP at Symantec. That would be the same company whose COO, John Schwartz, recently caused a storm by calling for laws to make it a criminal offence to share information and tools online which could be used by malicious hackers and virus writers.

    Am I alone in putting two and two together and becoming alarmed at the implication?

    --
    My next sig will be ready soon, but subscribers can beat the rush
  16. Rip-Tech by silconous · · Score: 3, Informative

    Rip-Tech was one of the largest security monitoring firms in the country, I can only see this as a good thing. Besides the goverment already has moved a majority of it's firewalls over to symantec long time ago.

    I remebmer when I went to the raptor training 75% of the guys there were goverment types or working on goverment contracts.

  17. Nah... by Esion+Modnar · · Score: 3, Funny
    It's the year 2003, people. Let's just start calling it "the internet."

    I call it the Information Superhighway. Why? Is it because:

    1) I like lots of syllables.
    2) I'm a slave to whatever phrase is the current media darling.
    3) I feel like roadkill on said highway.
    or
    4) I like screaming "ONRAMP!" every time I boot the computer.

    --

    They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
  18. Color coded alert levels by rsborg · · Score: 2, Funny
    Wow,

    Anyone wonder how long it will take until we have easy to understand color coded virus "terrah" alert levels?

    --
    Make sure everyone's vote counts: Verified Voting
  19. Re:his name sounds by geekoid · · Score: 2, Insightful

    That would be his point.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  20. Too bad by eyegone · · Score: 2

    He won't be able to get into the office with a furrun sounding name like that.

    --
    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
  21. This time it is On-Topic by craw · · Score: 2, Funny

    I, for one, welcome our new cyber-security overlord!

  22. Dont be relieved by goombah99 · · Score: 4, Interesting
    The Bussiness software Alliance is applauding the choice. This means we need to keep a close eye on this.

    I'm slightly concerned that its someone whos main source of income has been writing anti-virus software for Windows machines. I would doubt that he wakes up each day he hears about a new windows virus and says, that does it, i'm swithcing to linux for better security. He probably also would not really like to see for example, an open source virus program.

    And to the extent that he can cast off his "I profit from poor windows security" past, then he would probably see the "paladium" or whatever its called now as the ideal solultion to the widows is a seive problem. And in the HS dept he'll have the clout to make it a national requirement.

    the only good thing is it looks like he was a technical person who is well aware of many of the problems in computer security.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Dont be relieved by scrotch · · Score: 2, Interesting

      Another poster posted a link to a Frontline Interview. Near the bottom is this question and answer:

      Q: To make more secure infrastructures, if there's one thing that you would stand up and shout about, what would it be?

      A: I think that the emphasis for better security really comes from creating a culture. It's not a technical solution. I believe creating a culture where security is a requirement to do business would probably do more for us than any one piece of technology innovation. If we create the culture and the environment where security weaknesses will not be tolerated, and it's top-down driven, and it's supported, it will be supported from the bottom up. And we will be more successful.

      It sounds like his focus is on fixing the holes in systems, not applying expensive paint over them. I don't mean to suggest he's perfect, but considering how wrong it could have gone, I am relieved. He sounds technically competent and has experience actually providing security. Too many appointees have connections (political AND business) and nothing else.

  23. information on Amit Yoran by kaan · · Score: 4, Informative

    I've never heard of this guy, so I just google'd him, and found all kinds of things, including this
    interview with him from March 13, 2003, and this brief biography. He is currently vice president of Managed Security Services Operations for Symantec, and previously worked for the U.S. Department of Defense Computer Emergency Response Team (DoD/CERT).

    kinda nice to see that the future "Head of Homeland Cybersecurity" at least has a formal c.s. education, and some obvious real-world experience.

  24. oh fsck by Anonymous Coward · · Score: 5, Interesting

    I got to witness ISS getting the "dept" involved firsthand with a recent Apache bug...... they decided that Free Operating Systems were not "real vendors" and kept us all out of the loop, so then we all got to find out about the bug with the rest of the public. The few "trusted" parties would have been looking at some treason if they had notified their friends in other affected projects.

    Thanks ISS... again. This will be a huge unimprovement. I fear Germany will become the new world center for computer security if these boneheads have their way.

  25. Amit Yoran, WP 1993 by adamy · · Score: 3, Informative

    I know this guy. He was a classmate of mine back at the Academy. The guy is sharp. He went from West Point, the Army's academyh, into the Air Force (A handful of people do this each year). I note went out to our class list about his companies sale, which made us all quite jealous.

    The thing about West Point is that it drives home a commitment to the Country (Duty, Honor, Country is the School Moto). At least we have someone who stood up, raised his right hand, and swore to support and defend the Constitution. Yes, I am sure he is a savvy business man, but he's as honest as we are going to get.

    BTW Amit, is an Israeli name.

    --
    Open Source Identity Management: FreeIPA.org
  26. Why Richard Clarke got punted by Anonymous Coward · · Score: 2, Interesting

    I listened to Richard Clarke at MIT once. While he was a very fervent advocate of cleaning up security, he lied blatantly and publicly at that presentation. "Carnivore was a bad name and a bad idea, it no longer exists" was flatly known to be false by at least 3 people in the room who had had occasion to be directly aware of *which* little rooms at the local mid-level ISP had the secret equipment, still in use as of the previous week.

    He also refused to acknowledge the federal role in crippling security through the encryption export controls, which while looser now are still aimed dead square against anything the NSA cannot easily break into, and FCC standards that prevent breaking FBI or other agency undetectable man-in-the-middle monitoring.

    We'll see if this new guy can do a better job, but if he has Ashcroft's hand shoved up is ass making his lips wiggle, I don't hold out much hope for actual improvements in our overall security. The very tools that improve security make life harder for law enforcement to monitor without detection: Ashcroft is not giving up those features, period.

  27. Maybe I am paranoid... by greppling · · Score: 2, Interesting
    ...but this partnership between DHS and CERT makes me feel uneasy. Would you, if you had discovered a security hole in, say, a widely used FS/OSS application, still notify CERT about it? If you have to assume that the first organization they will share the information with is the DHS?

    Yes I know, the DHS hasn't done anything so far to earn this level of distrust from me, in fact they seem to be trying to build up trust, but...I'd definitely feel better just contacting security@mylinuxdistribution.com.