Cybersecurity chief: Total security not realistic
- By Brad Grimes
- Feb 09, 2004
It is impossible to eliminate attacks such as the recent MyDoom worm and others, but the government has taken significant steps to keep federal systems safe, said the head of cybersecurity at the Homeland Security Department.
In an interview with Washington Technology and Government Computer News, Amit Yoran, director of the National Cyber Security Division in Homeland Security, described the measures his department has taken in the nearly five months he's been on board.
"Zero cybersecurity incidents or outages is not a reasonable goal," Yoran said. "We're focused on improved preparedness. We're focused on minimal impact and minimal duration."
As part of that effort, Yoran said he would announce this week the Government Forum of Incident Response and Support Teams, an interagency initiative to collaborate on cybersecurity. The forum, which has already started work, is composed of operations experts from the computer emergency response teams at various government agencies.
Yoran said the roughly 100 forum members have meetings and use technology tools to share situational understanding about attacks, attackers and defensive techniques.
"These are the guys doing the work. We want them to collaborate and share and exchange," Yoran said.
The NCSD also has created a forum of chief information security officers to share best practices and technologies regarding cybersecurity, as well as a Cyber Interagency Incident Management Group, composed of members of law enforcement, defense and homeland security. The latter group was formed to coordinate action in the event of a cyberattack, Yoran said.
During Livewire, a cybersecurity war game conducted last October across 50 departments and agencies at the federal, state and local level, it became clear that the different bodies needed better coordination, especially with the private sector, Yoran said.
"[Livewire] looked at how cyberattacks could be used as part of a much larger chess game," Yoran said. "How can you use cyber as an attack vector into other critical infrastructures?"
With more of the nation's infrastructure migrating toward Internet protocol-based networks, Yoran said security experts have their work cut out for them. Technologies such as voice over IP mean cyberattackers have more targets.
"To some extent, we are increasing our vulnerability and risk because we are deploying more cyberconnected systems," Yoran said. "[But] we can't just back up and say we don't want voice over IP. What we need to do is be more aggressive in addressing security requirements. I'd say that even though we're becoming more connected, we are improving our security posture."
Yoran said government agencies' ability to respond to malicious code, such as the MyDoom worm, has improved significantly. Although MyDoom affected agencies, the impact was far less than that of previous worms, such as Love Letter and Melissa, which brought down systems for periods of time.
Regarding whether his department will put pressure on technology vendors and systems integrators to deploy more secure solutions, Yoran said he wanted to work in a spirit of cooperation.
"You have to not only say, 'Thou shalt produce more secure code or else,' we have to arm them with the tools, the processes, the technologies that can facilitate the production of better code," Yoran said, adding that there needs to be more research and development into software and assurance tools to help vendors and agencies build more secure systems.
The government has come far in securing its infrastructure, but Yoran said, "Certainly, a lot of work needs to be done across the board for us to be where we want to be."