Cybersecurity chief calls it quits after a year

The government's cybersecurity chief resigned this week after serving a year with the Homeland Security Department.

Amit Yoran, the first director of the National Cyber Security Division, said he had made "meaningful progress" protecting the government's information networks from electronic attack, and that he was leaving to spend time with his family and pursue charitable interests.

Yoran's immediate resignation came suddenly but was not surprising to a number of security industry experts, with whom Yoran had spent much of the past year forging formal alliances. They noted that his position was placed so low in the Homeland Security bureaucracy that it could not capture the full attention of the department responsible for a vast array of missions, including inspecting shipping containers and patrolling borders.

Yoran said he always had planned to keep his tenure in government short, and that he would leave after achieving certain "core objectives" to get the security division up on its feet. In the past year, the division has established a cybersecurity alert system, which sends e-mail warnings about viruses, worms and other threats to more than 250,000 subscribers, and it formed response plans that call upon multiple departments and agencies to work together during an attack, Yoran said.

Security industry officials and experts have praised those accomplishments. But recent events suggest that policymakers believe the division has failed to compel industry and the government's own agencies to improve their information security. Last week, lawmakers floated a proposal that would create a new cybersecurity position in the Office of Management and Budget, which many took as a signal that Congress felt Yoran's division didn't have sufficient clout or leverage. Before the creation of the Homeland Security unit, cybersecurity was handled by a White House official.

News of Yoran's departure disappointed many in the security industry, who generally praised him as a charismatic leader who was able to get some traction on the security front despite bureaucratic obstacles.

"We're obviously very disappointed about it," said Greg Garcia, a vice president with the Information Technology Association of America, a trade group. "We've spent more than a year working with Amit…. It's going to set us back a ways."

"The job [Yoran] was given was impossible," said Alan Paller, director of research at the SANS Institute, a security group. It "demanded agency cooperation, procurement leadership and getting senior executives at major vendors to act in the national interest before acting in their own commercial interests. It wasn't lack of skill and it wasn't bad management. It simply couldn't be done from deep inside [Homeland Security]."

Legislation pending in the House would elevate the cybersecurity director to the level of assistant secretary. The language that would have created a new security post at OMB was quashed last week.

It was unclear who would replace Yoran. "Cybersecurity will continue to be a priority for the [department] and we will move quickly to fill his position," said Homeland Security spokeswoman Katy Mynster. She added, "Mr. Yoran has been a valuable contributor on cybersecurity issues over the past year."

When Yoran came to the department a year ago, hopes were high that he could raise awareness of the danger that computer hackers posed to national security. He was a successful security industry executive and had served in government as the head of vulnerability assessment for the Defense Department's Computer Emergency Response Team. He also managed network security for the Pentagon.

In September 2003, Harris Miller, head of the Information Technology Association of America, said, "I've criticized the lack of attention that the government has paid to cybersecurity . . . but naming Amit can get them back on track."

Shortly after taking the job, Yoran said in an interview, "I have been very encouraged during my first 30 days here…. [H]ave we achieved the desired level of security? The answer is no. But are we making progress down that road? My belief is that we are."

Asked to assess the state of security a year later, Yoran said Friday, "I think we're better off a year ago and certainly better off than a few years ago." But he declined to say whether his former position should be restructured so that the government could improve cybersecurity.

"I think we were successful in achieving our objectives of achieving startup and operational capability," he said. "I'm not going to tell the department how it should be structured."

When the position was set up at the department, effectively diminishing its profile, security officials raised hackles. But Yoran said he was pleased to be moving to the trenches of cybersecurity. "Strategy and policy take place in the White House," he said in an interview with Government Executive earlier this year. "Operations and execution take place in the agencies."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download
  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download

When you download a report, your information may be shared with the underwriters of that document.