The director of US-CERT, a division of the Department of Homeland Security has resigned amidst a surge in the number of cyber-attacks on government agencies and private contractors.
The director of the United States Computer Emergency
Response Team resigned last week without any official explanation.
Randy Vickers resigned July 22, effective immediately,
according to an email to employees sent by Roberta Stempfley, acting assistant
secretary at Department of Homeland Security's Office of Cyber-security and
Communications. Lee Rock, the deputy director, would step in as the interim
director until a new director was found, Stempfley said in the message.
"We are confident that our organization will continue
its strong performance under his [Rock's] leadership," Stempfley wrote.
She wished Vickers success in future endeavors.
It's not known at this time what Vickers will be doing next.
His LinkedIn profile has been updated to reflect that he's no longer at
US-CERT, but no other information was available.
While the email did not provide a reason for his departure,
Vickers was in charge of an organization tasked with mitigating cyber-threats
to federal networks and to the .gov domain. The last few months have seen a
dramatic uptick in the number of high-profile attacks against government
agencies and private firms that work with them. Some attacks were activist in
nature, such as the ones from hacker collective Anonymous and the smaller
LulzSec gang looking to expose government and military secrets. Others have
been attributed to nation-states and the sources for a handful remain unknown.
LulzSec alone claimed responsibility for attacking Websites belonging
to the Central Intelligence Agency, the U.S. Senate, the Arizona Department of
Public Safety, two public-private partnerships with the Federal Bureau of
Investigation and others during its 50-day spree that ended in June.
The
Department of Defense believes that a foreign
intelligence service swiped 24,000 files from a U.S. defense contractor in March,
Deputy Defense Secretary William Lynn said earlier this month. Unknown
attackers have also breached Department of Energy's
Oak Ridge National
Laboratory and defense contractor Lockheed Martin this spring.
Cyber-attacks against federal government networks spiked 40
percent last year, from about 30,000 in 2009 to nearly 42,000 in 2010,
according to an
Office of Management and Budget report from this spring.
Part of the National Cyber Security Division at DHS, US-CERT
also coordinates information sharing efforts between the government and private
sector. The group released a new set of security guidelines for agencies to
implement in hopes of preventing or mitigating future cyber-intrusions.
The
Technical Security
Alert recommended agencies deploy host intrusion detection systems to block
and identify common attacks, using an application proxy in front of Web servers
to filter out malicious requests, disabling the "allow_URL_fopen"
setting on the Web server to limit PHP vulnerabilities, using SQL queries with
parameters or stored procedures instead of dynamic SQL code to limit SQL
injection attacks. US-CERT also has strategies relating to DDoS attacks,
password security and restricting the use of personal devices on the network.
DHS is responsible for critical infrastructure such as power
plants, electric grids, and transportation networks. The Obama administration's
cyber-security proposal recommended that DHS take the lead role in working with
the private sector to develop a framework to fight off cyber-attacks. Stempfley
is also scheduled to testify before the House Energy and Commerce oversight
subcommittee hearing on July 26.
Vickers is also the second high-profile DHS official to
resign in recent months. Philip Reitinger, deputy undersecretary for the
National Protection and Programs Directorate at DHS, resigned in May shortly
after the White House released its cyber-security plan. There have been six
different directors in the last seven years. A former director, Mischel Kwon,
supposedly resigned in 2009 because of "obstacles and a lack of authority
to fulfill [the] mission," according to the Washington Post.
Email
Print
