CSO - Amit Yoran left DHS in September 2004, convinced the department had no clue on how to handle cybersecurity. Now he is feeling more hopeful.
He was the Department of Homeland Security's first director of the National Cyber Security Division of the Information Analysis and Infrastructure Protection office, but by September 2004 he was frustrated by what he saw as a lack of concern and commitment to Internet security. Four years later, he's feeling better about the state of affairs.
"I think we've gone through a very important shift from an industry and government perspective," he says. "On the government side, in the last two years we've seen a concerted effort from the White House to make this a priority. A lot of action in support of the Cybersecurity Initiative is taking place within the departments and agencies. So I'm very encouraged by this start."
Still, he continues to see room for improvement. The initiative has not gone through the open dialogue and debate that should be happening, he says. There's also the question of what the next president's Internet security policies will look like when he takes office Jan. 20, 2009.
"The economy is obviously a key issue right now, so I'm not surprised that it has overshadowed cybersecurity, and rightfully so," Yoran says. "During the campaign, both sides had good people in the field advising them."
Yoran is hopeful that the government's cybersecurity focus will continue to sharpen.
"This is an issue with pretty broad bipartisan support," he says. "I think we have some momentum from the Bush Administration, and both [Republican and Democratic Presidential] campaigns appear to have taken an interest in the topic."
The economic crisis will almost certainly lead to more regulation, but it's far too early to say how IT security will be affected, he says.
However, he continues to see companies taking the misguided approach of viewing security through the prism of compliance. Compliance and security are not the same thing, and it's a misunderstanding people should be aware of as more regulations come down the pike.
"Too many companies are training to the test, so to speak, developing security programs specifically to pass the compliance test. You still see that a lot and it's scary" he says.
As the former chief security officer for the Department of Homeland Security, Dwight Williams directed and managed security matters related to the department and its 200,000 employees and contractors for close to three years. Williams, a 30-year security veteran whose resume also includes over a decade with the Washington D.C. Metropolitan Police Department, now serves as a vice president overseeing security at DynCorp International, a private defense contractor, which he joined in June 2007. CSO caught up with Williams for his thoughts on the future of homeland security and its increasing partnership with private contract firms.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
