Six months after its creation, the Department of Homeland Security gained a dedicated cyber-security leader last week and unveiled its first network security initiatives, including a national computer emergency response team and a National Cyber Security Summit planned for late fall.
Leery of promulgating measures that smack of explicit government standards-setting, department officials nonetheless want to spur development of common criteria for detecting and reporting threats and establish a more concerted effort between the public and private sectors.
The new national computer emergency response team—the U.S. CERT—will be the central point of data flow into and out of the government for all information security data, especially during large-scale events such as the Blaster worm outbreak. The veteran CERT Coordination Center at Carnegie Mellon University will be DHS main partner, but officials said they want to bring in other partners, including the Information Sharing and Analysis Centers, as managed security services providers.
“Were hoping this will bring some formal communications to information sharing for the security community,” said Jeffrey Carpenter, technical manager of the CERT Coordination Center, in Pittsburgh. “Were building a mechanism to share things more efficiently rather than people randomly calling or sending e-mails to each other.”
The U.S. CERT will help create new attack-detection tools and foster the use of common commercial reporting protocols. By the end of next year, the department wants to improve response time to 30 minutes, according to Robert Liscouski, assistant secretary for infrastructure protection at DHS.
The summit planned for late fall would bring together government officials and industry leaders to develop a standards-based system for communicating threats and a common vulnerability-reporting tool.
Other goals include developing a “vulnerability-reduction initiative” based on improved evaluation standards, software measures, patch-deployment tools and best practices. Participants will develop a National Cyber Security Road Map, which will outline a time frame for improving online safety and developing ways to measure the improvement, Liscouski told lawmakers last week.
Also last week, the administration named a former Symantec Corp. vice president, Amit Yoran, to head the National Cyber Security Division at DHS, which will oversee the U.S. CERT.