Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybersecurity Chief Resigns

Posted by michael on from the told-he-had-to-install-all-patches-personally dept.

Doc Ruby writes "AP is reporting that 'The government's cybersecurity chief has abruptly resigned after one year with the Department of Homeland Security, confiding to industry colleagues his frustration over what he considers a lack of attention paid to computer security issues within the agency. Amit Yoran, a former software executive from Symantec Corp., informed the White House about his plans to quit as director of the National Cyber Security Division and made his resignation effective at the end of Thursday, effectively giving a single's day notice of his intentions to leave.' Yoran is the third cybersecurity chief in a row, after Richard Clarke and Howard Schmidt, to quit the Bush administration citing organizational inability to do his job. Maybe the job can't be done." In a possibly related story, individuals take cybersecurity lightly: Ant writes "This story says that consumers have a casual approach toward cybersecurity and fail to grasp the pervasiveness of online threats, according to a study released Thursday. More than a third of the 493 PC users surveyed by the nonprofit National Cyber Security Alliance (NCSA) said they had a greater chance of winning the lottery or being struck by lightning than of being hit by malicious code."

4 of 367 comments (clear)

  1. Re:I just don't believe it! by PitaBred · · Score: 4, Informative

    If I had mod points, I would give them to you.
    On a semi-related note, we're the ones who need to convince people of this. Most people I know are amazed when I tell them what the keyloggers and such do, and show them what just Ad-Aware will come up with. One of my friends (an older lady) actually bought a book on my recommendation because she wants to know what's going on on her computer, and learn more about even basic security.
    It takes time, but it's a grassroots movement :) And unless you use the same tactics as the "War on Terror" (the h4x0r5 will get your credit card!) and show them hard evidence of it already being there, it's hard to convince people of the threat.

    --
    My blog. Good stuff (when I remember to update it). Read it.
  2. Re:I just don't believe it! by chrish · · Score: 4, Informative

    They interviewed 500 people out of 185 million Americans with Internet-enabled computers.

    Wouldn't that be called a "statistically insignificant" sample set?

    --
    - chrish
  3. Re:I AM more likely to be struck by lightning by Waffle+Iron · · Score: 5, Informative
    I probably AM more likely to be struck by lighting than hit by malicious code.

    I wouldn't be so sure about that. This report says that the US has lightning injuries+fatalities of around 500 per year. That means the average person gets hit by lightning about once every 600,000 years.

    The odds that somebody is going to develop a blockbuster zero-day exploit are much higher than that. For example, what if some person or organization discovers something like new flaws in both Cisco routers and the standard JPEG rendering .DLL or .so? And instead of posting it to security mailing lists, they write effective exploits to hijack the routers to serve up infected JPEGs?

    Most of the computers on the Internet could be compromised within minutes just by ordinary browsing. No amount of patching, firewalls or care on the part of the user would prevent the attack. That is just one scenario; it's not hard to think up countless variations. It may be unlikely that this will happen in any given year, but I doubt that it would be as rare as once every 600K years.

  4. He did try for a year... by Anonymous Coward · · Score: 5, Informative

    Amit tried to do this right - he had some very good people and had a solid vision for what needed to be done to secure primarily the government networks. He is a very sharp person and his executive experience was a plus - he was not an empty suit or political appointee.

    Two key political issues:
    1) This office was expected to shift to the new intelligence chief that reports to the president as the recommendation from the 9/11 committee- new boss + new plan = waste of his first year
    as everything would start over...

    2) No clear authority in his position. As mentioned in the articles, he was too low in HS to get anything done in DC. Cybersecurity could recommend solutions, but could not force ANY of the government departments to coordinate systems / procedures / etc. and adopt best practice solutions. At this level of government, each fiefdom will do their own thing and the whole point of having a security chief is eliminated.