Yoran helped form US-CERT, the government's cybersecurity information clearing house, but was reportedly frustrated with his post's limited authority and budgets.
The Department of Homeland Security's cybersecurity chief has confirmed to InformationWeek that he has submitted his resignation.
Amit Yoran's resignation was effective at the end of the business day Thursday. Yoran accepted the position of director at the National Cyber Security Division in September 2003, a job previously held by special cyber-security advisers to the White House Howard Schmidt and Richard Clarke.
Yoran immediately began working to implement the National Strategy to Secure Cyberspace, the Bush administration's blueprint for Internet security in the public and private sectors. Some of the accomplishments of the National Cyber Security Division during the past year include the formation of US-CERT, the federal government cybersecurity information clearing house, and its cyberalerting system.
"I've completed my year commitment and used my startup experience to successfully get good operational capacity under way at US-CERT," Yoran said in a phone interview with InformationWeek.
Yoran says he hopes his successor will continue to build on the "base capability" at the NCSD that has been established in the past year. He also said there's a "high amount of enthusiasm" among government agencies and the private sector to increasingly collaborate on cybersecurity issues. "The key is to harness that enthusiasm going forward," he says. "I'm committed to helping the division as they move forward."
Many security technology executives cited frustration that Yoran's director position doesn't report directly to the White House and that cybersecurity hadn't been given high-enough priority by the Bush administration.
Just last week it was proposed in the intelligence reform bill that responsibility for cybersecurity be moved from Homeland Security to the Office of Management and Budget. But the proposal was removed from the bill in last-minute political wrangling.
Sources close to Yoran, who asked not to be named, say he was growing increasingly frustrated with the position's lack of authority and limited budget.
"The job he was given was impossible. Implementing the national strategy demanded cross-agency cooperation, procurement leadership, and getting senior executives at major vendors to act in the national interest before acting in their own commercial interests," says Alan Paller, director of research at the SANS Institute. "It wasn't lack of skill. It simply couldn't be done from deep inside DHS. Howard Schmidt, wisely, refused it because of where it was located in the bureaucracy," Paller says.
"He took the first step to fill this role," says Douglas J. Goodall, president and CEO of managed-security-services provider RedSiren. "He was a strong leader, an expert, and an evangelist to make sure cybersecurity was recognized at DHS."
Security professionals hope DHS moves quickly to replace Yoran. "They can't restudy the issue. They need to act quickly. The original strategy to secure cyberspace was published 18 months ago," Goodall says.
Yoran says he's not sure what he's going to do next, adding that he will spend some time working with a children's charitable foundation and evaluate his career options.
His last post in the private sector was as an executive at Internet security firm Symantec Corp, which acquired the startup managed security services provider Riptech in July 2002 for $145 million. Yoran co-founded Riptech in 1998.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.