, Washington Post 2004-01-28
The federal government today announced a new, centralized system for alerting
networks to consumers' home machines.
The alert system, unveiled by the cybersecurity division of the Department of
Homeland Security, will be a clearinghouse of information on hacking, viruses,
worms and other forms of cyberterrorism. It will also be a place for consumers
to learn about vulnerabilities to their systems, and what to do about them.
"We are focused on making the threats and recommended actions easier for all
computer users to understand, prioritize and act upon," said Amit Yoran, the
director of the cybersecurity division.
The move aims to make the government the trusted source of computer-security
information, which currently is disseminated by a variety of corporate,
research, government and quasi-public organizations.
Cyber-threats to national infrastructure, for example, have been the purview of
the old National Infrastructure Protection Center, which was housed under the
FBI until the Homeland Security department was formed.
Several companies and research institutions have Web sites that track virus,
worm and other threats round-the-clock, with many of them offering programming
solutions to network operators so they can fend off particular attacks. And
many firms sell consumers various wares for protecting their home systems while
providing security information.
But Yoran said it important that such information come from a neutral source.
"The vendor community is focused on sales as well as on protecting their
clients," said Yoran, who recently took over the division after working at
Symantec Corp., which sells Norton anti-virus and other security products.
"Coming from the U.S. government, the focus is solely on the public interest."
John Pescatore, a computer-security analyst for the research and consulting
firm Gartner Inc., said that it is especially important for consumers to have a
place to go that is not aimed at selling products.
Unlike the wealth of information that is available for companies, "there's not
a lot that is unfiltered for consumers," he said.
Computer users will be able to sign up at the division's Web site,
www.us-cert.gov, for regular newsletters, tips and other information.
Alan Paller, head of the SANS Institute in Bethesda, a computer-securityresearch facility, said he sees value in the government being the authority on
identifying and tracking cyber-threats and vulnerabilities.
"The model is the National Weather Service," which collects primary weather
data, said Paller. "Everyone else is an interpreter." With cyber-security
information, Paller said, "everyone is a collector. That model is wrong."
Because the government also has resources at the Defense Department and
coordinates with industry groups that share data, Paller said, "they have
access to data a little earlier. If they will tell people earlier, that will
make a difference."
Currently, several cyber-security companies race to be the first to put out
alerts and suggest technical fixes.
At a Web site called the Internet Storm Center, SANS tracks cyber-attacks and
threats, but Paller said he "wouldn't mind" if Yoran's team took on that task.
Paller and Pescatore agreed that providing the public with more information is
a first step toward diminishing the frequency and severity of cyber-attacks,
such as the MyDoom worm that currently is crippling many computer systems.
The cyber-security division is currently working with industry trade groups in
formulating other strategies, as well as working on its own next steps.
