- The Washington Times - Monday, September 15, 2003

The Department of Homeland Security yesterday rolled out a new initiative aimed at shortening the response time to cyber-attacks like worms and viruses, and named a computer-industry executive to oversee it.

The U.S. Computer Emergency Response Team (CERT) is a partnership between the department and a federally funded computer-security center at Carnegie Mellon University in Pittsburgh.

The announcement comes after computer users worldwide were struck by two self-replicating programs called “worms” that exploited a security hole in the Windows operating system. The Sobig.F and Blaster worms caused several billion dollars worth of damage in repairs and lost productivity, according to evidence at a congressional hearing last week.

At a breakfast for software executives, Homeland Security infrastructure chief Robert Liscouski named Amit Yoran, a vice president of Symantec, which makes the widely used Norton Antivirus software, to head the department’s new National Cyber Security Division and oversee the partnership with Carnegie Mellon.



Mr. Yoran, who had worked as the Pentagon’s network-security manager, has a solid reputation in the industry. “He is very highly regarded,” said Will Rodger, director of public policy for the Computer and Communications Industry Association.

The new emergency team, known as U.S. CERT, will monitor the Internet 24 hours a day, looking for the signs of cyber-attacks like the Sobig.F worm. U.S. CERT has a target to respond to such threats within 30 minutes, by issuing alerts, Homeland Security spokeswoman Rachael Sunbarger said.

She said the department would be looking to recruit more partners from the private sector to expand the capability, adding that the goal was to work with the industry to speed and strengthen the response.

But some critics suggested that the new initiative was missing the point slightly.

“Warning people about threats and vulnerabilities is great,” said Mr. Rodger, “but the larger question is: How should we be dealing with these vulnerabilities in the first place?”

Some experts say that the primacy of a single operating system — Windows is used by 95 percent of computers connected to the Internet — is inherently a security risk, since any vulnerabilities in it can be exploited on a huge scale.

“We’ve not yet heard from the [Department of Homeland Security] about how we’re going to deal with this problem of monoculture in the network. … We need to get diversity,” Mr. Rodger said.

Mr. Rodger’s organization includes several of Microsoft’s competitors, as well as several of its partners.

“Crucially, the government must challenge the marketplace to build more secure products, and should set a gold standard for security,” Mr. Rodger said.

There’s no such thing as complete security, but there are ways to improve it, and [the government] should insist that these higher standards be used, when appropriate.”

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2020 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

 

Click to Read More and View Comments

Click to Hide