Yoran helped form US-CERT, the government's cybersecurity information clearing house, but was reportedly frustrated with his post's limited authority and budgets.
The Department of Homeland Security's cybersecurity chief has confirmed to InformationWeek that he has submitted his resignation.
Amit Yoran's resignation was effective at the end of the business day Thursday. Yoran accepted the position of director at the National Cyber Security Division in September 2003, a job previously held by special cyber-security advisers to the White House Howard Schmidt and Richard Clarke.
Yoran immediately began working to implement the National Strategy to Secure Cyberspace, the Bush administration's blueprint for Internet security in the public and private sectors. Some of the accomplishments of the National Cyber Security Division during the past year include the formation of US-CERT, the federal government cybersecurity information clearing house, and its cyberalerting system.
"I've completed my year commitment and used my startup experience to successfully get good operational capacity under way at US-CERT," Yoran said in a phone interview with InformationWeek.
Yoran says he hopes his successor will continue to build on the "base capability" at the NCSD that has been established in the past year. He also said there's a "high amount of enthusiasm" among government agencies and the private sector to increasingly collaborate on cybersecurity issues. "The key is to harness that enthusiasm going forward," he says. "I'm committed to helping the division as they move forward."
Many security technology executives cited frustration that Yoran's director position doesn't report directly to the White House and that cybersecurity hadn't been given high-enough priority by the Bush administration.
Just last week it was proposed in the intelligence reform bill that responsibility for cybersecurity be moved from Homeland Security to the Office of Management and Budget. But the proposal was removed from the bill in last-minute political wrangling.
Sources close to Yoran, who asked not to be named, say he was growing increasingly frustrated with the position's lack of authority and limited budget.
"The job he was given was impossible. Implementing the national strategy demanded cross-agency cooperation, procurement leadership, and getting senior executives at major vendors to act in the national interest before acting in their own commercial interests," says Alan Paller, director of research at the SANS Institute. "It wasn't lack of skill. It simply couldn't be done from deep inside DHS. Howard Schmidt, wisely, refused it because of where it was located in the bureaucracy," Paller says.
"He took the first step to fill this role," says Douglas J. Goodall, president and CEO of managed-security-services provider RedSiren. "He was a strong leader, an expert, and an evangelist to make sure cybersecurity was recognized at DHS."
Security professionals hope DHS moves quickly to replace Yoran. "They can't restudy the issue. They need to act quickly. The original strategy to secure cyberspace was published 18 months ago," Goodall says.
Yoran says he's not sure what he's going to do next, adding that he will spend some time working with a children's charitable foundation and evaluate his career options.
His last post in the private sector was as an executive at Internet security firm Symantec Corp, which acquired the startup managed security services provider Riptech in July 2002 for $145 million. Yoran co-founded Riptech in 1998.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.