Sign In

Communications of the ACM

ACM TechNews

Amit Yoran Talks Cybersecurity


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
former cybersecurity director for the U.S. DHS Amit Yoran

"Can you put any confidence in a security program that requires any end user awareness or education? No," says former DHS cybersecurity director Amit Yoran.

Credit: Amit Yoran

Amit Yoran, former cybersecurity director for the U.S. Department of Homeland Security, agrees with the findings of a review commissioned by President Barack Obama that the United States is ill-prepared to withstand a large-scale, coordinated cyberattack. "Overall, I don't think we're better protected, that we're better off or less exposed today than we were years ago," he warns. Yoran says the modern criminal element is highly organized, capable, and focused, while cybercrime's profitability has risen substantially over the years.

The problem is exacerbated by the fact that more than 100 foreign governments have incorporated structured offensive cyberwarfare organizations into their network security and intelligence infrastructure, by the FBI's count. "The challenge faced by the government departments and agencies is 98 or 99 percent similar to the challenge faced by enterprise IT environments, which is very blatantly the IT security industry is not equipped to deal with the advanced threats," Yoran says. He lists custom exploits and custom malware that take advantage of social engineering as the most sophisticated cyberthreats the United States currently faces.

Yoran characterizes user education as an ineffective cyberdefense tactic. "I've been doing IT security for the past 18 years or so and some of the spear phishing and other methods are so slick, so well engineered, and so sophisticated that I could easily see myself falling victim to them," he notes. "Having an alert user, that's valuable. Can you put any confidence in a security program that requires any end user awareness or education? No."

From CNet
View Full Article

 

Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
ACM Resources