October 1, 2004 2:52 PM PDT

U.S. cybersecurity chief resigns

The top cybersecurity official in the United States has resigned, a little more than a year after joining the Department of Homeland Security, the agency said Friday.

Amit Yoran, director of the National Cyber Security Division of the Department of Homeland Security, was responsible for carrying out the lion's share of the initiatives outlined in the Bush Administration's National Strategy to Secure Cyberspace.

Yoran resigned Thursday because he had completed what he set out to do and felt it was time to move on, he said.

"When I spoke with the leadership of the department before I accepted the job, we were clear what the expectations and goals were," Yoran said. "The core objectives of building the cybersecurity division and US-CERT were complete."

Yoran ascended to the post in September 2003, after leaving security software firm Symantec to join the government. The homeland security position was Yoran's second tour of government duty; he once headed vulnerability assessment at the Department of Defense's Computer Emergency Response Team and managed the Pentagon's network security. In the interregnum, he founded network protection firm Riptech and then sold the company to Symantec.

While Yoran was given a weighty task in securing the nation's computers and providing cybersecurity guidance, he did not have full access to the Secretary of Homeland Security, critics say. Some members of Congress had introduced bills that would raise the top cybersecurity position to one that directly reported to Secretary Tom Ridge.

While many have charged the Department of Homeland Security with frustrating its cybersecurity staff by not giving their leaders enough clout, Yoran said that was not why he left.

"I never applied for an assistant secretary position," he said. "I never advocated for one."

Still, the technology industry pointed to Yoran's resignation as proof that the top cybersecurity position needed more authority within the Department of Homeland Security.

"It is even clearer today that cybersecurity must be properly elevated within the DHS in order to provide the necessary resources and the ability to implement policy that will better protect our information infrastructure," Robert Holleyman, president of the Business Software Alliance, said in a statement regarding Yoran's resignation.

Before Yoran, the United States' top cybersecurity position was held by Howard Schmidt, now the chief security officer at eBay, and before that by Richard Clarke. Clarke is the antiterrorism expert whose book "Against All Enemies" criticized the Bush Administration's tactics against terrorism. Clarke resigned the position in February 2003, Schmidt in April 2003.

When Clarke held the office, the top cybersecurity position was not part of the Department of Homeland Security, which was created in March 2003, but part of the Bush Administration. Both Schmidt and Clarke criticized the relatively low priority that cybersecurity was given in the organization of the Department of Homeland Security when it was created.

"It was an incredibly difficult situation to try and carry on an important mission," said Doug Goodall, CEO of RedSiren, a network monitoring company that competed with Riptech, the business that Yoran founded. "That's the reason that you have seen three directors step down in 24 months."

The Department of Homeland Security plans to announce a replacement for Yoran soon, a representative for the agency said.

Yoran wouldn't comment on the problems that the Bush Administration has had with keeping its cybersecurity czars, but he did say that the birth of his twins three months ago convinced him he should spend more time with family.

"You think cybersecurity is a full-time job, that's the easy part of the day," he said.

CNET News.com's Declan McCullagh contributed to this report.

1 comment

Join the conversation!
Add your comment
the value of data
from TECHNICAL and ORGANIZATIONAL stand point, data is even more valuable than a human life. it sounds sick, but consider this:
from a technical stand point, if a human life is lost (say a CIA officer), a new officer can be hired and trained for the position. but if data is lost, or worse stolen, it is irreplacable. data that is stolen by terrorists, or lost in a terrorist attack, is gone for good. once classified data is in the hands of a terrorist, it is no longer valuable to the agency. good data saves human lives, incidentally, in battles etc. not giving proper clout to those in charge of the data, could really kill the country economically, if not killing actual people in the future. this job position should be reporting directly to Ridge bi-weekly.
Posted by (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.