DHS launches cyber alert system

The Homeland Security Department this morning took the wraps off a National Cyber Alert System to advise the general public and computer technicians about systems security threats.

Amit Yoran, director of the Information Assurance and Infrastructure Protection Directorate's National Cybersecurity Division, told reporters during a telephone conference that the department's U.S-Computer Emergency Readiness Team will issue the alerts to users who sign up for the e-mail services at www.us-cert.gov.

In addition to providing warnings of new viruses, worms and other malicious software events on the Web, the new alert system will "also be providing periodic information?so users proactively can better secure their systems before they fall victim" to malware, Yoran said.

Visitors to the US-CERT Web page will be able to sign up for general alerts tailored to the needs of end users, or for more specialized alerts and information for the technical community, Yoran said. The NCAS will distribute technical bulletins to computer specialists containing information about vulnerabilities, patches and workarounds, he said.

"Our intent is for this information to receive the widest distribution," Yoran said. US-CERT will not issue color-coded warnings of cybersecurity threats, he said.

The cybersecurity division will continue to work with the CERT Coordination Center at Carnegie Mellon University, which it has hired to provide advice about systems security. DHS officials consulted with Carnegie Mellon cybersecurity specialists as well as executives of systems security companies such as Symantec Corp. of Cupertino, Calif., and the McAfee unit of Network Associates Inc. of Santa Clara, Calif., as they developed the alert system, Yoran said.

The new alert system "will not negate or supersede" the activities of Information Sharing and Analysis Centers formed by and for various industries to respond to infrastructure threats, Yoran said.

He added that DHS officials would provide electronic signatures for the push e-mails to prevent spoof messages.

The NCAS' biweekly Cyber Security Tips message will be targeted at non-technical home and corporate computer users, DHS said. IAIP will provide biweekly Cyber Security Bulletins to the technical community. Cyber Security Alerts, to be provided separately for technical and non-technical audiences, will provide rapid-response information.

Wilson P. Dizard III writes for Government Computer News magazine.