Forgot your password?
typodupeerror
Security Privacy Your Rights Online

Head Of Homeland Cybersecurity Named 194

Posted by simoniker
from the cyber-cyber-burning-bright dept.
ziggy_zero writes "Security software industry veteran Amit Yoran is expected to be named the new head of federal cybersecurity by the U.S. Department of Homeland Security (DHS) on Tuesday. The DHS is also partnering with CERT to form the "US-CERT" cyber-attack coordination center, coordinating efforts to fight cyber-attacks, worms, etc."
This discussion has been archived. No new comments can be posted.

Head Of Homeland Cybersecurity Named

Comments Filter:
  • Any results? (Score:5, Interesting)

    by llZENll (545605) on Monday September 15, 2003 @06:23PM (#6968736)
    Homeland security is a great idea, but there hasn't been much as far as actual results yet. We need some stats on how many threats they found/evaded, or is there this info available already?
    • by Anonymous Coward
      Results? Everybody's a terrorist now, how can they not get results?
    • Gee. I thought that's what the new "Threat Matrix" show was all about... so we could get a first-hand look at the DHS in action!
    • by Anonymous Coward
      It's probably classified, in the name of homeland security.
    • Re:Any results? (Score:5, Insightful)

      by EinarH (583836) on Monday September 15, 2003 @06:44PM (#6968959) Journal
      Homeland security is a great idea, but there hasn't been much as far as actual results yet. We need some stats on how many threats they found/evaded, or is there this info available already?

      This is a catch 22.

      If someone ever where to make a in-depth study on wheter DHS works as intended this report would be classified and not avilable to the general public. If someone found out that DHS can't protect USA against a major terror attack DHS would not want the terrorist to know this.

      So you will never know for sure if DHS works or not. That is until someone launch their major terrorist attack off course.

      • If someone found out that DHS can't protect USA against a major terror attack DHS would not want the terrorist to know this.

        No, the terrorist already has a pretty good idea. It is the citizen that the DHS would not want to know this.
      • Sorry, but not even a terrorist attack will prove that it works or does not. If they attack and fail, how do we know that security measures wouldn't have stoped them before? New security requirements that worked don't count because we might have implimented them anyway. If they attack and the deparment cannot stop them, then it doens't prove anything since every plan made by man fails in some way.

        The above doesn't even account for any terrorists who start planning something and realize before they are

    • Re:Any results? (Score:3, Interesting)

      by C10H14N2 (640033)
      The assumption and constant media attention that DHS is entirely about terrorist threats is probably the biggest PR blunder behind people's lack of faith or even understanding of what DHS actually is. The Government Accounting Office is the research arm of Congress and has a large number of reports on the progress, or lack thereof, of DHS. However, it is not just "we caught three terrorists" as that is not all that is behind DHS, which covers everything from issues of immigration to natural disasters. It is

      • It is a department more complex than anything ever attempted by any government in history

        Please. How about administration of the British Empire? And that's just within the last 400 years. If I had more time, there's others as well--you don't think that the governments of ancient China and Egypt were complex?
    • It's already worked for those in power -- they just bagged 87 billion dollars for it. Anyone care to guess how much of that goes to administration?
  • Maybe this guy will help get rid of all those nasty worms on the intarweb

    (you may need to be familiar with somethingaweful to understand the above statement)
  • "Cyber" (Score:5, Insightful)

    by Durandal64 (658649) on Monday September 15, 2003 @06:25PM (#6968763)
    Is anyone else tired of the word "cyber" being applied to anything dealing with computers? "Head of Cybersecurity" sounds like a title that some 13 year-old hax0r would call himself after finally learning how to share his family's broadband internet connection among machines. I find it difficult to take an office seriously if it designates head of "cyber" anything. It's the year 2003, people. Let's just start calling it "the internet."
    • No kidding -- that is just so 1995.
    • by Anonymous Coward
      when it comes to censoring and creating a virtual intranet to replace what we have now, it's easier to pacify moms and pops who think the 'cyber' world is something they could not possibly understand for themselves, so best leave it to the nice government to look after us...
    • Re:"Cyber" (Score:3, Interesting)

      by Elwood P Dowd (16933)
      Billy Gibson has suggested that "cyberspace" would be the (first and) last enduring word with the prefix "cyber" in it. Just like everything that was cool used to be "electro-" whatever. After a while, it was just assumed that new devices were electronic. Now it's just assumed that new devices have computers in them. "Cyber" is meaningless and anachronistic.
    • Agreed. It's time for "cyber" to go.

      I still hear people on TV and radio giving their web address as "h-t-t-p-colon-slash-slash-w-w-w-dot-blahblah-dot- com". And then they tell us to "logon", even if their site doesn't require it.

      Makes me want to SCREAM!
      • what is wrong with giving the full URL? It could be an ftp site, news site, etc.
      • Agreed. "Log on to our website" is utterly ridiculous. So that radio station's already given me an account on their server? Great! You don't log on to websites. You log on to workstations and networks. You visit websites. And "http://" is at the point where it's now implied. Just give us the "www.something.com," and that's all anyone needs.

        And can we please enact a law prohibiting people from the deep South from saying "www"? Hearing someone say, "Dubya dubya dubya" makes my fucking ears bleed.
        • by achurch (201270)

          And can we please enact a law prohibiting people from the deep South from saying "www"? Hearing someone say, "Dubya dubya dubya" makes my fucking ears bleed.

          Just get them to do what I do--pronounce it "wuh-wuh-wuh". Saves on syllables too.

          I also considered "wee-wee-wee" at one point, but it never really caught on...

          • Of course, saying "wuh-wuh-wuh" would invariably lead to everyone in the room completing it with "Wuh wuh wuh what do you want? Why do you keep touching me?" as per the Warcraft II rap.
          • by nickos (91443)
            When I was paid to be a nu-meeja-hor I always heard it shortened to "dub-dub-dub", which I think sounds better than "wuh-wuh-wuh".

            Personally, I think both the "www." and domain extensions are pointless. National domains are daft on the border-free internet, and how many Merkans use ".us" anyway?
    • Yes, yes I am tierd of the over use of 'cyber' and while we're complaining the over use of 'geek' is giving true geeks a bad name. Now it's used to describe anyone who knows how to use a computer or any other electronics.
    • Yeah... referring to something on the Internet as "Cyber" is like calling anything computerized as "Compu-". Like CompuTax, CompuFile, or even CompUSA.
    • Nah... (Score:4, Funny)

      by Esion Modnar (632431) on Monday September 15, 2003 @06:43PM (#6968938)
      It's the year 2003, people. Let's just start calling it "the internet."

      I call it the Information Superhighway. Why? Is it because:

      1) I like lots of syllables.
      2) I'm a slave to whatever phrase is the current media darling.
      3) I feel like roadkill on said highway.
      or
      4) I like screaming "ONRAMP!" every time I boot the computer.

    • Its just our governmnet trying to show how much it "gets it". Here in reality we all know it does, never has, never will. But there are so few of us here in reality. ;)
    • how about "Information superhighway traffic cop"?
      or
      "Xtreme Black Ice"
      or
      "Chief of the Orwellian Freedom of Computers Dept."?
      or
      "Al Gore"


    • Has anyone else thought about the huge conflict of interest behind having a VP of s security company being the dept of homeland sec director. That's like giving a junky leadership over a needle distribution center... Think about the kickbacks, and deals that'll be pushed towards Symantec... As for the cyber overusage... I'm used to it, and nothing that can be said will help it... the whole hacker is not a cracker bit is sooooo yesterday
    • Actually, it sounds like it comes from a B-grade science-fiction movie. Like "Dr. Who and the Cybernauts".
  • but it seems to me that bribes from Mirrosoft for "defense contracts" comprise the largest threats to national electronic security.

    Let's just switch everything over to OpenBSD and pray to cueriel that we keep good relations with Canada.
  • good (Score:4, Insightful)

    by scrotch (605605) on Monday September 15, 2003 @06:25PM (#6968768)
    This sounds much, much better than it could have been.

    I was predicting the worst...
    someone with no technical background,
    someone from Justice Dept,
    someone corporate goon from Microsoft...

    I am relieved.
    • Re:good (Score:1, Interesting)

      by Anonymous Coward
      I'm not. He's from Symantec.

      Symantec has two policies that I disagree strongly with:

      #1, They don't define spyware as the trojans they are. To put it in perspective, think 'keystroke logging.'

      #2, Symantec is known for scare-mongering.

      However, I should reserve my judgement until he actually does something.
    • Re:good (Score:2, Funny)

      by johndoesovich (691840)
      I am glad to see it was not the inventor of the internet.... Mr. Al Gore
    • Dont be relieved (Score:5, Interesting)

      by goombah99 (560566) on Monday September 15, 2003 @07:05PM (#6969135)
      The Bussiness software Alliance is applauding the choice. This means we need to keep a close eye on this.

      I'm slightly concerned that its someone whos main source of income has been writing anti-virus software for Windows machines. I would doubt that he wakes up each day he hears about a new windows virus and says, that does it, i'm swithcing to linux for better security. He probably also would not really like to see for example, an open source virus program.

      And to the extent that he can cast off his "I profit from poor windows security" past, then he would probably see the "paladium" or whatever its called now as the ideal solultion to the widows is a seive problem. And in the HS dept he'll have the clout to make it a national requirement.

      the only good thing is it looks like he was a technical person who is well aware of many of the problems in computer security.

      • Re:Dont be relieved (Score:3, Interesting)

        by scrotch (605605)
        Another poster posted a link to a Frontline Interview. Near the bottom is this question and answer:

        Q: To make more secure infrastructures, if there's one thing that you would stand up and shout about, what would it be?

        A: I think that the emphasis for better security really comes from creating a culture. It's not a technical solution. I believe creating a culture where security is a requirement to do business would probably do more for us than any one piece of technology innovation. If we create the cultur
  • by nacturation (646836) <nacturationNO@SPAMgmail.com> on Monday September 15, 2003 @06:26PM (#6968781) Journal
    From the article:

    "Yoran helped to found network scanning company RipTech Inc. of Alexandria, Virginia, in 1998. After RipTech was acquired by antivirus giant Symantec Corp. for $145 million in August 2002, Yoran stayed on as Symantec vice president of worldwide managed security services operations, according to Symantec spokesman Cris Paden."

    Anyone care to wager how soon the government starts awarding contracts/grants to Symantec for its exclusive security solution?
    • Anyone care to wager how soon the government starts awarding contracts/grants to Symantec for its exclusive security solution?

      The US government already has contracts with Symantec for network and client security products. They're not exclusive, though. (Yet). For instance, Department of Defense has three different antivirus product vendors from which you can download and install any of several of their products. (Assuming you have admin privs on the machine in question, an unlikely assumption given the str

  • Terrible combination (Score:5, Interesting)

    by computerlady (707043) on Monday September 15, 2003 @06:27PM (#6968785) Journal

    Oh, great. Let's combine the computer security industry (already famous for making work and money for itself by scaring everyone with over-hyped media attention to every script-kiddy's feeble edit of an existing worm) with the Department of Homeland Security's similar tactics of justifying it's existence, not to mention whatever policies the powers-that-be desire.

    We'll all be on tranquilizers in no time.

    • by Anonymous Coward
      no at this rate we'll all be soylent green
    • We'll all be on tranquilizers in no time.

      You mean we aren't already?

      Its funny how we use our own psychologists against us. 9 out of 10 psychologists agree, watching a lot of TV and shopping is the best way to spend a holiday season.
  • Whew! (Score:5, Insightful)

    by Black Parrot (19622) on Monday September 15, 2003 @06:28PM (#6968788)


    Gods, I'm glad there's a humongous bureaucracy ready to step in and clean up the internet.

    What's the plan, prosecute more teenagers and distribute their allowances between the multi-billion-dollar claimants?

  • Now every blackhat hacker, script kiddy, or other 'cyber'threat is not only his problem but they're all after him and ony computers/websites/etc. that he has or runs. Talk about being setup for failure.
    • The guy in charge of security at any institution might as well change his name to Snowden.

      If you don't recognize this name, Snowden was a character in the Joseph Heller book "Catch 22" He's a gunner in a B-25 who gets shot. The protagonist, Yossarian, goes back to help him, and tells him he'll be fine. Then he opens the kid's jacket and his guts spill out all over the floor. The kid can't see them, so Yossarian keeps trying to comfort him.

      That's your security administrator. He's already dead, it's j
  • by OriginalGlug (704938) on Monday September 15, 2003 @06:33PM (#6968842)
    I think that choosing a software security and anti-virus expert, rather then someone with a law enforecement background is a good thing. It will hopefully keep the focus of off spying on citizens and might help reduce the number of worms going around right now.
  • News Flash (Score:4, Funny)

    by G33kDragon (699950) on Monday September 15, 2003 @06:36PM (#6968879) Homepage
    This just in: Our Nation's cyber-fighting department outsourced security implementation to India.
    ...who just outsourced 90% to Afghanistan.
    ...who just hired on some guy who calls himself 'Ossy bin Laden'.
    ...who just finished a 3 month 'pong' marathon in a cave located in an area no-one's heard of.
    ...who uses a new personalized OS: Microsoft WindowsXPlode

    "He had a weird smirk on his face when they told him he would be in charge of managing cyber-attacks. Upon further clarification, his smile turned to frown when it was revealed to him that he would not actually be creating worms, viruses, or organized DDoS attacks."

    - Anonymous (but VERY reliable) source
    ;-)
    -------------
  • by Anonymous Coward on Monday September 15, 2003 @06:37PM (#6968885)
    So, what, exactly, is the Department of Cybersecurity going to do? Monitor the Internet? Intercept virii? Rubberstamp Microsoft's agenda? Scan your email? Stop spam? Raid the homes of script kiddies? Side with the RIAA vs. 12-year-old girls? I really would like to know what "cybersecurity" entails.

    And, fwiw, if the BSA "lauds" him, he can't be all that good news for open source.

    If this man has any moral fiber and/or desire to defend privacy rights, it'll quickly be eroded under this administration.

    Why am I so damned suspicious and cynical of everything this administration does? Is something wrong with me?
    • Is something wrong with me?

      No. The Government is a distinct entity from the People, and, even though it consists of people, we can't forget that people are not infallible in light of money and power. So, it is perfectly natural to be suspicious of an organization made up of people whose power reaches to every corner of the USA. For example, no other organization in the USA can take your wages from you and put you in prison if you refuse. This is why checks and balances are so important, to keep them f
  • by hairy moose (256972) on Monday September 15, 2003 @06:37PM (#6968886) Homepage
    For those who are unfamilliar with him, here's a recent Frontline interview [pbs.org].
  • by Vainglorious Coward (267452) on Monday September 15, 2003 @06:37PM (#6968891) Journal

    Amit Yoran is of course, a VP at Symantec. That would be the same company whose COO, John Schwartz, recently caused a storm [smh.com.au] by calling for laws to make it a criminal offence to share information and tools online which could be used by malicious hackers and virus writers.

    Am I alone in putting two and two together and becoming alarmed at the implication?

    • Am I alone in putting two and two together and becoming alarmed at the implication?
      No. There's some guy named Ashcroft, some guy named Cheney and some guy named Bush who are right there with you. Of course they are alarmed that nobody thought of it sooner and that anyone would resist. Oh, and they have minions... You probably don't.
      • > Oh, and they have minions... You probably don't

        Aha, how little you know! I have about 7 minions. Unfortunately, they do little more than harass me while I'm drinking my tea, because they think it's "cool" to hang out at the coffee shop & annoy people slightly older than them. Evidently, I can't order them to get the hell away from me, but maybe I can get them to overthrow the government. They might be just dumb enough to try, and ignorant enough to succeed. or not.
    • Amit Yoran is of course, a VP at Symantec. That would be the same company whose COO, John Schwartz, recently caused a storm by calling for laws to make it a criminal offence to share information and tools online which could be used by malicious hackers and virus writers. Am I alone in putting two and two together and becoming alarmed at the implication?

      The more worrying thing (IMHO) was that "The BSA Lauded his Selection." -- so it will it be a criminal offence to "share information and tools onlin

    • Amit Yoran is of course, a VP at Symantec. That would be the same company whose COO, John Schwartz, recently caused a storm [smh.com.au] by calling for laws to make it a criminal offence to share information and tools online which could be used by malicious hackers and virus writers.

      Am I alone in putting two and two together and becoming alarmed at the implication?

      Is it too cynical of me to think that nobody financially connected with an online security company would actually want to limit technology th

  • Rip-Tech (Score:3, Informative)

    by silconous (636675) on Monday September 15, 2003 @06:39PM (#6968901) Journal
    Rip-Tech was one of the largest security monitoring firms in the country, I can only see this as a good thing. Besides the goverment already has moved a majority of it's firewalls over to symantec long time ago.

    I remebmer when I went to the raptor training 75% of the guys there were goverment types or working on goverment contracts.
  • I want to know if he really is an expert, or just another pointy-haired manager type who knows some buzzwords and how to run a PowerPoint presentation.
  • by rsborg (111459) on Monday September 15, 2003 @06:50PM (#6969004) Homepage
    Wow,

    Anyone wonder how long it will take until we have easy to understand color coded virus "terrah" alert levels [wackyneighbor.com]?

  • by fshalor (133678)
    You mean, like, the're not giving it to someone at microsoft this time? What's going on here. :)
  • by eyegone (644831) on Monday September 15, 2003 @06:58PM (#6969085)
    He won't be able to get into the office with a furrun sounding name like that.
  • I, for one, welcome our new cyber-security overlord!
  • by kaan (88626) on Monday September 15, 2003 @07:05PM (#6969142)
    I've never heard of this guy, so I just google'd him [google.com], and found all kinds of things, including this
    interview with him [pbs.org] from March 13, 2003, and this brief biography [216.239.57.104]. He is currently vice president of Managed Security Services Operations for Symantec, and previously worked for the U.S. Department of Defense Computer Emergency Response Team (DoD/CERT).

    kinda nice to see that the future "Head of Homeland Cybersecurity" at least has a formal c.s. education, and some obvious real-world experience.
  • oh fsck (Score:5, Interesting)

    by Anonymous Coward on Monday September 15, 2003 @07:11PM (#6969197)
    I got to witness ISS getting the "dept" involved firsthand with a recent Apache bug...... they decided that Free Operating Systems were not "real vendors" and kept us all out of the loop, so then we all got to find out about the bug with the rest of the public. The few "trusted" parties would have been looking at some treason if they had notified their friends in other affected projects.

    Thanks ISS... again. This will be a huge unimprovement. I fear Germany will become the new world center for computer security if these boneheads have their way.
  • I'm sitting here listening to TechTV's Screensavers, as Leo LaPorte isinterviewing some ex-miliary type hype a book he's written called "Black Ice". Apparently we're about to be overrun by cyberterrorists any second now.

    It's sad that my hero LaPorte is taking this crud seriously. The author is strongly Bushifying the notion that the August blackout was caused by Evil Terrorists. Leo is listening with respect.

    WHY? What the hell is "cyber" terrorism? Who the hell would waste their time bringing down network
  • Amit Yoran, WP 1993 (Score:4, Informative)

    by adamy (78406) on Monday September 15, 2003 @08:16PM (#6969850) Homepage Journal
    I know this guy. He was a classmate of mine back at the Academy. The guy is sharp. He went from West Point, the Army's academyh, into the Air Force (A handful of people do this each year). I note went out to our class list about his companies sale, which made us all quite jealous.

    The thing about West Point is that it drives home a commitment to the Country (Duty, Honor, Country is the School Moto). At least we have someone who stood up, raised his right hand, and swore to support and defend the Constitution. Yes, I am sure he is a savvy business man, but he's as honest as we are going to get.

    BTW Amit, is an Israeli name.
  • by Anonymous Coward
    I listened to Richard Clarke at MIT once. While he was a very fervent advocate of cleaning up security, he lied blatantly and publicly at that presentation. "Carnivore was a bad name and a bad idea, it no longer exists" was flatly known to be false by at least 3 people in the room who had had occasion to be directly aware of *which* little rooms at the local mid-level ISP had the secret equipment, still in use as of the previous week.

    He also refused to acknowledge the federal role in crippling security thr
  • Maybe his first order of business should be to go after Verisign, as they're the biggest "Cyber Threat" out there right now.

    Who knows, maybe his Air Force experience will come in handy when it comes time to call in the air strike.

    For that matter, while he's at it, he could pay a little visit to SCO as well. ;)

  • by greppling (601175) on Tuesday September 16, 2003 @05:42AM (#6973347)
    ...but this partnership between DHS and CERT makes me feel uneasy. Would you, if you had discovered a security hole in, say, a widely used FS/OSS application, still notify CERT about it? If you have to assume that the first organization they will share the information with is the DHS?

    Yes I know, the DHS hasn't done anything so far to earn this level of distrust from me, in fact they seem to be trying to build up trust, but...I'd definitely feel better just contacting security@mylinuxdistribution.com.

  • The FBI put out cyber-crime recruiting press releases in our city last month. It sounded like reasonable psoitions and pay. However, you have to be under 35 years old and be able to pass a fitness test (run 1.5 miles in under 12 minutes). The newspaper thought the latter would be hard on geeks.

The economy depends about as much on economists as the weather does on weather forecasters. -- Jean-Paul Kauffmann

Working...