Q&A With Amit Yoran

A public-private partnership is crucial to improving IT security in the government and in enterprises, says Amit Yoran, head of the National Cyber Security Division in the Department of Homeland Security, in an exclusive interview with InformationWeek editors.
InformationWeek: In order to build awareness, has collecting funds from vendors in the technology industry and combining those with federal funds been considered to pay for such a campaign?

Yoran: Absolutely. We've already contributed $650,000 in matching funds to the National Cyber Security Alliance and part of those efforts are focused around advertising campaigns and raising the profile of security issues and public awareness.

InformationWeek: We want to get a sense from you on your of your level of optimism for the coming year. We are just about ready to go into the field with our Global Information Security Survey. It's interesting to see the trending year over year, and while security has come down a little bit on the priority list--in the sense that people have been more proactive about it for the past couple of years, not because there is a lack of interest in security--I just wonder with the latest nasty things going around, and everything that is going on in your agency, what is your level of optimism?

Yoran: It may be the entrepreneur in me, but I'm extremely optimistic. I'm realistic, I don't assume zero downtime. I also believe that we will see continued creativity in the people who produce malware and we will see continued creativity in the viruses and worms that attack our systems. We may even see an increase in the viciousness and the maliciousness of the viruses and worms and attacks once they occur. But I also believe genuinely that, as an infrastructure, our cybersecurity preparedness has dramatically increased over the past three years. You look at relatively simple threats like Melissa and Loveletter that just a few years ago caused days if not weeks of downtime for major corporations. Today, the threats have evolved and they've gotten significantly more sophisticated. Yet the amount of downtime in the reports of catastrophic impact are much more contained. I'm an optimist that we are headed in the right direction and through some better practices and better cooperation between public and private sector, the improvement will only continue to accelerate.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing