A public-private partnership is crucial to improving IT security in the government and in enterprises, says Amit Yoran, head of the National Cyber Security Division in the Department of Homeland Security, in an exclusive interview with InformationWeek editors.
Amit Yoran is the director of the National Cyber Security division of the Information Analysis and Infrastructure Protection office at the U.S. Department of Homeland Security. Before his appointment last September, he was VP for managed security services at Internet security vendor Symantec Corp. Yoran also was founder and president and CEO of the managed security services firm Riptech Inc., which was acquired by Symantec in 2002. Yoran also was the director of the vulnerability-assessment program within the Computer Emergency Response Team at the Department of Defense and the network security manager, responsible for maintaining operations of the Pentagon's network. He has a bachelor's degree from the United States Military Academy at West Point and a master's from George Washington University.
Yoran recently spoke with InformationWeek editor Stephanie Stahl and InformationWeek security reporter George V. Hulme about initiatives under way at the National Cyber Security Division, cyberterrorism, software quality, and his views on the state of information security for the year ahead.
When something like the recent ASN.1 Microsoft vulnerability is announced, how does the National Cyber Security Division at the Department of Homeland Security go about handling the information and the alert?
Yoran: We are running through the process with that vulnerability as we speak and will likely issue an alert on the topic. When we look at those topics and those issues, NCSD is focused on a number of key metrics and one of them is the pervasiveness of the technology that is vulnerable. Another metric would be the extent to which an exploit [code that attackers use to break into applications and systems] may or may not be occurring around any given vulnerability. And we look at whether or not there is any action that can be taken when it comes to defense and countermeasures. Candidly, we also look at the visibility around a vulnerability.
InformationWeek: Is the NCSD announcing some forums to help with the process of exchanging security-related information among various organizations?
Yoran: Yes, there are a couple of things we are doing around partnership programs. Some of which we have already launched and are under way and others we will be launching in the very near future. The ones that are in operation are really focused on the public sector side of things. The Government Forum of Incident Response and Security Teams includes those entities that have a 24/7 cybersecurity function responsible for protecting departments and agencies within the federal government, This forum was created to provide a cooperative environment where they can exchange situational awareness, technical information, tools and techniques, and countermeasures on a 24/7 basis among each other. This forum functions at the technical operator level.
Another group is the Chief Information Security Officers Forum, which we put together. That is a collaborative forum where CISOs within the federal government can get together and exchange their success stories, experiences, as well as those programs, technologies, and initiatives that have been successful for them and those that have been challenged. It's a forum where they can leverage one another's experiences and capabilities so we are not reinventing the wheel each time we implement security measures in the federal government.
The third forum we recently put together is the Cyber Interagency Incident Management Group. This is a forum where all of the major departments and agencies that have significant capabilities and authority to operate in the cyber realm can engage with one another to increase preparedness and coordination during a time of crisis. These include agencies with law-enforcement authorities, various components of the intelligence community and their cybersecurity operators, as well as the Department of Defense and a number of other federal and civilian organizations. So during a time of crises, the federal government itself is coordinated on the cyber front about which activities are occurring where and to make sure our resources are best focused.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.