September 15, 2003 4:16 PM PDT
New U.S. cybersecurity guru named
Most recently, Yoran has been the vice president for managed security services at Symantec, one of the largest Internet security companies. Previously he worked on the Computer Emergency Response Team at the Department of Defense, which defends the U.S. military's sprawling computer networks, and founded the information-security company Riptech.
Inside the vast homeland-security bureaucracy, Yoran will lead a relatively small group: the National Cyber Security Division, which had only 60 employees when Homeland Security Secretary Tom Ridge created it in June. Yoran's division falls under the organization run by former New York City deputy police commissioner Frank Libutti, who the Senate confirmed the same month as the undersecretary for Information Analysis and Infrastructure.
As head of the cybersecurity division, Yoran will perform two roles. He'll serve as a kind of overseer of the federal government's oft-sluggish computer-security efforts, and as an evangelist charged with persuading individual Americans and corporations to improve the security of their own systems.
Yoran is the closest person, so far, to being a successor to Richard Clarke, the long-serving counterterrorism official who quit his White House coordinating post in January. Since then, as the Homeland Security Act has taken effect, the U.S. government's cybersecurity organizations have been reshuffled to concentrate the responsibility inside the Homeland Security Department.
That department took over five agencies that previously divvied up responsibility for "critical infrastructure protection." Those were the FBI's National Infrastructure Protection Center, the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis center and the Federal Computer Incident Response Center.
The Business Software Alliance, whose members include Symantec, applauded Yoran's appointment. "Yoran has worked extensively in the public and private sectors to prevent and respond to information-security breaches," said Robert Holleyman, the trade association's president. "He knows firsthand the vast threats that exist today and what needs to be done to quickly identify, assess and mitigate those threats."