National Cyber Alert System launched

The new internet-driven system, designed to deliver to Americans "timely and actionable information by "push" email to better secure their computer systems," confronted a three-alarm cyberblaze when security experts detected a major computer virus called MyDoom.B spreading over the internet. The new worm quickly had the honor of being the first public target of the government's cyber-alert system.

Thankfully, MyDoom.B was not a terror attack. It was a continuation of its predecessor MyDoom.A, a designed effort to clog e-mail servers using Windows OS and the site of Unix vendor The SCO Group. Nevertheless, it provided officials with a first-hand, real-world test in dealing with a potentially massive cyberattack.

01/28/04 Dismantling Libya's nuclear program: so far, so good 01/27/04 Report: Humanitarian reasons didn't justify Iraq war 01/26/04 Blair, Cheney face no-show-WMD fallout

Sign up to be notified daily: Find out more.

As announced, the cybersecurity division of the Department of Homeland Security, will be a clearinghouse of information on hacking, viruses, worms and cyberterrorism. It will also be a place for consumers to learn about their systems' vulnerabilities and how to fight computer crime.

"We are focused on making the threats and recommended actions easier for all computer users to understand, prioritize and act upon," said Amit Yoran, the director of the cyber-security division. It is America's first coordinated national cyber security system for identifying, analyzing, and prioritizing emerging vulnerabilities and threats. It provides the first infrastructure for relaying graded computer security updates and warning information to all users, he announced.

As important, the government also wants it to be a place for consumers to learn about their systems' vulnerabilities and how to fight computer crime, reports washingtonpost.com. The new federal alert system is intended to make the government the trusted source of computer-security information, which currently is disseminated by various corporate, research, government and quasi-public organizations.

Cyber-threats to national infrastructure, for example, were the responsibility of the old National Infrastructure Protection Center, which was under the FBI until the Homeland Security Department was formed. Several companies and research institutions have websites with information on virus, worm and other threats. Many of them sell programming solutions to network operators to fend off particular attacks and offer consumers products to protect their home systems while providing security information.

But some security experts questioned whether cybersecurity alerts are the best first use of the newly formed division. "Is the lack of information sharing the biggest problem?" asked Mark D. Rasch, vice president Solutionary Inc., a cybersecurity firm. The answer to his own question: a decisive "No." eWeek reports that last month he told a gathering of security analysts in Silicon valley that "a lot of what needs to be done has been known for 15 years. What we need is better technology and better cooperation and some form of real information sharing. It's a good thing when you get people thinking, but they'll talk about the problems and the solutions and then everyone will go back to their jobs. We're all busy doing other things." Rasch said he would like to see:

The private sector playing a bigger part in creating a truly operational and efficient information sharing program. Most CIOs are loath to share even non-identifiable data about attacks on or vulnerabilities in their networks, for fear that the information will be used either by competitors or other crackers to do further damage to the company. Until this changes, neither the government nor industry will be able to do much to improve the view they have of what's happening on the Internet.

Mr. Yoran disagrees. He says it is important that such information come from a neutral source. "The vendor community is focused on sales as well as on protecting their clients," said Yoran. He is a computer-security veteran with experience in the public and private sectors, to oversee the government's cybersecurity efforts. Most recently, he was the vice president for managed security services at Symantec, one of the largest Internet security companies.

John Pescatore, a computer-security analyst for the research and consulting firm Gartner Inc., says it is especially important for consumers to have a place to go whose intent is not to sell products. He seconds Yorin's position that: "Coming from the US government, the focus is solely on the public interest."

Yoran said the Cyber Alert System won't be color-coded and won't compete or conflict with the overall color-coded homeland security threat level or other private-sector systems, such as those being used by the various Information Sharing and Analysis Centers. "This is not intended to be a national cyber alert system in its final format," said Yoran. "Our national cyber alert system will continue to evolve, and we expect to enhance it over time."

Alan Paller, head of the SANS Institute in Bethesda, a computer-security research facility, endorses the government being the authority on identifying and tracking cyber-threats. He calls for a model similar to the National Weather Service, which collects primary weather data. "Everyone else is an interpreter." With cybersecurity information, Paller said, "everyone is a collector. That model is wrong." Because the government also has resources at the Defense Department and coordinates with industry groups that share data, Paller said, "they have access to data a little earlier. If they will tell people earlier, that will make a difference."

There are already a number of similar products offered by the private sector (e.g., Symantec's Norton anti-virus). The new DHS system, which will be based out of the US Computer Emergency Readiness Team ( US-CERT), will be "complementary" to those systems and will focus on "information that is appropriate for a national-level alert system." According to Yoran, such information would cover "impact on infrastructures, impact on homeland and national security, how widespread a particular computer operating system vulnerability is, and how actively it is being exploited." In addition, the alerts and bulletins that the DHS system will provide will be designed to provide "some sort of perspective for the nation," he said.

All information products from the government are available on a free subscription basis and are delivered via push e-mail. They are available at www.us-cert.gov. Home users can also access cybersecurity tips and alerts from US-CERT affiliates, including StaySafe Online.

Also...
• The FBI's top 10 online security threats ( ZDNet)
• Universities win funding to model cyberterrorism ( ZDNet)
• US Department of Homeland Security unveils National Cyber Alert System ( US Deptarmtne of Homeland Security)
• Bush unveils final cybersecurity plan ( C/Net)
• US says Federal agencies still failing security test ( LinuxInsider)

• Feedback appreciated. E-mail Jim Bencivenga .