Yoran: Feds, companies should continue infrastructure discussions
Many questions about the government's capability and authority to control cyberspace remain unanswered, said the former cybersecurity czar.
In the event of a computer failure such as the one that caused massive power outages in the Northeast and upper Midwest last year, can the federal government intervene?
Many questions about the government's capability and authority to control cyberspace remain unanswered, said Amit Yoran, who resigned more than a month ago as director of the Homeland Security Department's National Cyber Security Division.
Yoran, who spoke Dec. 2 at the FCW Events' Information Assurance Conference in Washington, D.C., said that policy discussions must continue with the private sector about critical infrastructure vulnerabilities. FCW Events is part of FCW Media Group, which owns FCW.com and Federal Computer Week.
He said DHS officials made progress during the past year in building relationships with officials whose companies own power plants, oil pipelines, nuclear facilities and other computer-controlled infrastructures that are critical to the nation.
With more than 80 percent of the nation's critical infrastructure owned by private companies such as First Energy Group and others, Yoran asked what federal officials can do to prevent and, if necessary, respond to a large-scale cyberevent affecting large areas of the nation.
"Do we have the authority to kick in the door and put our fingers on the keyboard?"
During Yoran's tenure as cybersecurity director, DHS officials worked on a limited number of short-term tactical and long-term research priorities, he said. One of the most valuable short-term projects, he said, was to a create map of the federal government's Internet address space. That task, which is now complete, has improved federal officials' ability to observe and respond to cyberattacks on federal networks, Yoran said.
"As it turns out, we've got 5,700 blocks of network addresses as a federal government -- some of which are Class C, some class A -- with billions of addresses," he said.
Government officials are analyzing data from those addresses, looking for signs of malicious activity and sharing that information among federal officials, Yoran said.
In a later briefing for news reporters, Yoran delivered a barb that he didn't share with the conference audience of federal contractors and government employees. He said the federal government is a few years behind the private sector in deploying new information security technologies.
"Government integrators have a vested interest in the status quo," he said. "They are reluctant to bring innovative technologies into the federal government."
NEXT STORY: Gateway PC sells silence