Another Computer Security Official Quits

[David Farber <dave () farber net>]

------ Forwarded Message
From: <AMBOLLC () aol com>
Date: Tue, 08 Feb 2005 08:58:42 -0500 (EST)
To: <dave () farber net>
Subject: Another Computer Security Official Quits

  
   
  
<http://ad.doubleclick.net/click;h=v3|3219|0|0|%2a|k;13721107;1-0;0;10869290
;933-120|600;8813000|8830896|1;;~fdr=13721859;0-0;1;7498037;255-0|0;8818665|
8836561|1;;~sscs=%3fhttp://www.bgca.org>
<http://ad.doubleclick.net/jump/wpni.technologyarticle/techpolicy/securitydc
opt=ist;dir=securitynode;dir=technology;dir=techpolicy;dir=security;page=art
icle;kw=;pos=ad21;;tile=20;abr=!ie;ord=1107871075063?>   washingtonpost.com
<http://www.washingtonpost.com/>
Another Computer Security Official Quits
Critics Say Division Lacks Aggressiveness

By Brian Krebs and Jonathan Krim
Washington Post Staff Writers
Wednesday, January 12, 2005; Page E01

The Homeland Security Department official in charge of protecting the
nation's physical and computer infrastructure is stepping down at the end of
the month in the latest in a string of departures at the department's
struggling cyber-security division.

The announcement by Robert P. Liscouski, the department's assistant
secretary for infrastructure protection, comes as technology executives and
experts increasingly say that the Bush administration is giving short shrift
to computer security.

Attacks continue to proliferate and have become more sophisticated, whether
they be viruses and phony solicitations aimed at home computer users or
assaults on the networks of companies and other organizations.

This week, for example, George Mason University said hackers gained access
to a database of names and Social Security numbers of the school's 32,000
students and employees.

Liscouski has been criticized inside and outside the department for impeding
cyber-division initiatives that might give it a higher profile. Liscouski,
who said he is resigning to become chief executive of Content Analyst Co.
LLC, a Reston company that gleans intelligence from analyzing text, defended
his record.

"I believe DHS has made tremendous first steps," he said.

Amit Yoran, who headed the agency's cyber-security division, resigned in
October. Yoran did not criticize Liscouski publicly, but sources close to
him said he was frustrated at his inability to make the agency more
aggressive against cyber-security threats. The sources spoke on the
condition of anonymity because they do not want to jeopardize relations with
the department.

Yoran was the third person to quit the post in 18 months. Also leaving the
department this month is Lawrence C. Hale, the cyber-security division's
deputy director.

In July, the Homeland Security Department's inspector general found that the
division's efforts suffered from a lack of coordination, poor communication
and a failure to set priorities.

The division "must address these issues to reduce the risk that the critical
infrastructure may fail due to cyber attacks," the report said. "The
resulting widespread disruption of essential services after a cyber attack
could delay the notification of emergency services, damage our economy and
put public safety at risk."

Arthur W. Coviello Jr., chief executive of RSA Security Inc., said yesterday
that Liscouski "did not focus enough on cyber-security during his tenure,
and his resignation provides a window for the administration and the new
secretary to get it right." President Bush yesterday nominated former
Justice Department prosecutor Michael Chertoff to replace Homeland Security
Secretary Tom Ridge, who announced his resignation last month.

F. William Conner, chief executive of Entrust Inc., another
technology-security company, said that the nation lost valuable time during
Liscouski's watch.

"The outside world is moving very fast, and we have not been able to keep
ahead of the threats," Conner said.

Liscouski responded by referring to a number of cyber-security programs
developed under his tenure.

"The private sector has a responsibility for doing most of the things we
laid out in the strategy, but what we've seen is a lot of people from
industry who are saying the government has to do more but are unwilling to
define what they themselves need to do," Liscouski said.

In a written statement, Ridge praised Liscouski for providing "a solid
foundation for protecting our nation's critical infrastructure, and this
department will benefit from his efforts for years to come."

William F. Pelgrin, director of cyber-security for the state of New York,
credits Liscouski for working with state law enforcement to create a
49-state network to share information on physical and cyber-security
threats. 

Technology executives supported legislation that would have elevated the
cyber-security division head to the level of assistant secretary.

Congress appeared ready to do that as part of the intelligence bill last
month, but the provision was removed from the bill after lobbying by
Liscouski and other administration officials.

Many experts and executives also supported giving the cyber-division
authority over the national telecommunications infrastructure, which carries
Internet traffic. 

Before the Sept. 11, 2001, terrorist attacks, a cyber-security office was
part of the White House. The decision to move it to the Homeland Security
Department was regarded by many in the technology industry as downgrading
cyber-security's importance by the Bush administration.

James A. Lewis, director of the technology and public policy program at the
Center for Strategic and International Studies in Washington, said many
people in the administration thought that before the creation of the
department there was an over-emphasis on computer security issues and not
enough focus on protecting other parts of the nation's infrastructure.

"That's a legitimate policy debate to have, but unfortunately it was clouded
by internal bureaucratic politics and turf fights," Lewis said.

Brian Krebs is a staff writer for washingtonpost.com
<http://washingtonpost.com/> .

© 2005 The Washington Post Company
 


------ End of Forwarded Message

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/