FRAMINGHAM (10/03/2003) - The U.S. Department of Homeland Security's cybersecurity division is spearheading an aggressive new project to create a real-time cybersituation-awareness system, a senior DHS official said this week.
The aim of the system is to provide a nationwide capability to conduct instant analysis of security incident data for signs of coordinated attacks or major virus and worm outbreaks.
Sallie McDonald, the senior executive responsible for outreach and awareness efforts at the agency, said the National Cyber Security Division (NCSD) of the DHS is working with SRI International Inc., Symantec Corp. and Computer Associates International Inc. to develop a nonproprietary data collection system that will run on an automated security extranet and feed incident reports to the various Information Sharing and Analysis Centers (ISAC) operating in the private sector. The ISACs would then feed the data to the national situation-awareness system.
"We will be deploying this in the federal sector, starting at the U.S. CERT first so we can see in real time what is happening across the nation," said McDonald. The DHS announced on Sept. 15 the formation of a computer emergency response team, U.S.-CERT, which is the result of a combined effort of the Federal Computer Incident Response Center and the CERT Coordination Center at Carnegie Mellon University.
The new incident reporting and analysis system will be launched in December at the first DHS-sponsored Cyber Security Summit to be held in Silicon Valley at an undetermined location, said McDonald.
In addition to the reporting system, the DHS plans to announce a security awareness effort targeted at 50 million home users and small businesses, and will draft a national cybersecurity road map that includes specific milestones and metrics for measuring progress in bolstering security.
According to testimony provided to Congress last month by Robert Liscouski, assistant secretary of homeland security for infrastructure protection at the DHS, the new situation-awareness capability will leverage the data that's now collected by more than 200 private, public and university CERTs within the U.S. and feed that data to the newly created U.S.-CERT. The goal within the next year is to reduce response times to any attack to an average of 30 minutes, according to Liscouski.
All of these efforts will be launched as Amit Yoran, former vice president for managed security services at Cupertino, Calif.-based Symantec, joins the DHS as head of the NCSD. McDonald and others praised the appointment of Yoran, who also served as the former director of vulnerability assessment for the Pentagon's CERT.
However, some prominent experts said quietly that, despite Yoran's experience, he faces an uphill battle when it comes to reinvigorating the public/private partnership, which they added has lost much of its momentum as a result of organizational and staff changes.
According to one DHS official, who requested anonymity, Yoran will probably have access to top department leaders, but he may not easily adapt to the government's rigidity and slow pace. Yoran couldn't be reached for comment.
Scott Blake, vice president of information security at BindView Corp. in Houston, said the questions about leadership and reporting structure have overshadowed the real issue of the failure of the government's policy toward the private sector.
"I'm increasingly convinced that the carrot method of encouraging the private sector to practice good security isn't working and isn't going to work," said Blake. "While putting a face to the effort (behind the national strategy) may help a little, I don't see the IT world adopting better security without a stick being applied. Many companies are waiting for case law to demonstrate what they really have to do."