New DHS Cyber Alert System Draws Friendly Fire

Computerworld - WASHINGTON -- The leaders of the security information sharing organizations within two of the nation's critical-infrastructure sectors are criticizing the U.S. Department of Homeland Security for announcing a new cyber alert system without better framing the role of the private sector.
In interviews with Computerworld last week, senior officials from the Information Sharing and Analysis Centers (ISAC) within the IT and financial services industries said they learned of the new DHS National Cyber Alert System from media reports that appeared shortly after the announcement was made last Wednesday . The officials said they have little or no idea what, if any, new capabilities the alert system offers, what's expected of the ISACs or how the private sector is supposed to integrate and coordinate with the DHS on the alerts.
At Odds
"The government wanted to know how it could get [security information] to everybody, but it didn't ask us how we could do that," said Pete Allor, operations director for the IT sector's ISAC.
Amit Yoran, director of the DHS's National Cyber Security Division, said the new alert system "will integrate very closely with ISAC functions, [and alerts] will be provided to the ISACs and in many cases coordinated with the ISACs in advance." That integration will be made possible by the U.S. Computer Emergency Readiness Team, he said.
That was news to Suzanne Gorman, chairman of the financial services sector's ISAC, who said she and others were never briefed on what capabilities the US-CERT operation provides.
"We talk about partnerships, but it would have been really nice if they had a conversation with us ahead of making this announcement," said Gorman. "The way they did this was poor, to say the least."
In response, Yoran said that the DHS did in fact conduct discussions with the various ISACs on what the department could do to increase awareness and that the level of interaction will increase as the system matures.
However, Yoran said, the goal of the new system is to give "all users of cyberspace the information they need to protect themselves." He noted that the DHS alert system doesn't provide any sector-specific information. Instead, it offers a national-level view, which "even all of the ISACs don't cover," Yoran said.
Despite the agency's characterization of the new system as "a fundamental building block of the public/private partnership," both Allor and Gorman said it seems to be geared more toward home users and the small-business community than toward the midsize and large companies that make up the bulk of thenation's critical infrastructure.
From a critical-infrastructure protection perspective, "I'm not clear on how this is going to work," said Gorman. "There seems to be a lot of duplication of effort."