Communications of the ACM
Amit Yoran Talks Cybersecurity
"Can you put any confidence in a security program that requires any end user awareness or education? No," says former DHS cybersecurity director Amit Yoran.
Credit: Amit Yoran
Amit Yoran, former cybersecurity director for the U.S. Department of Homeland Security, agrees with the findings of a review commissioned by President Barack Obama that the United States is ill-prepared to withstand a large-scale, coordinated cyberattack. "Overall, I don't think we're better protected, that we're better off or less exposed today than we were years ago," he warns. Yoran says the modern criminal element is highly organized, capable, and focused, while cybercrime's profitability has risen substantially over the years.
The problem is exacerbated by the fact that more than 100 foreign governments have incorporated structured offensive cyberwarfare organizations into their network security and intelligence infrastructure, by the FBI's count. "The challenge faced by the government departments and agencies is 98 or 99 percent similar to the challenge faced by enterprise IT environments, which is very blatantly the IT security industry is not equipped to deal with the advanced threats," Yoran says. He lists custom exploits and custom malware that take advantage of social engineering as the most sophisticated cyberthreats the United States currently faces.
Yoran characterizes user education as an ineffective cyberdefense tactic. "I've been doing IT security for the past 18 years or so and some of the spear phishing and other methods are so slick, so well engineered, and so sophisticated that I could easily see myself falling victim to them," he notes. "Having an alert user, that's valuable. Can you put any confidence in a security program that requires any end user awareness or education? No."
From CNet
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA 
No entries found