Symantec VP picked as gov’t cybersecurity czar

Security software industry veteran Amit Yoran is expected to be named the new head of federal cybersecurity by the U.S. Department of Homeland Security (DHS) on Tuesday.

Yoran will be the federal government’s “cybersecurity czar,” according to Robert Liscouski, DHS’s assistant secretary of homeland security for infrastructure protection. Liscouski named Yoran as the agency’s new cybersecurity head in comments Monday at a forum hosted by the Information Technology Association of America, according to DHS spokesman.

But DHS declined to comment specifically on the appointment, pending the release of an official statement on Yoran’s appointment Tuesday.

Yoran helped to found network scanning company RipTech of Alexandria, Va., in 1998. After RipTech was acquired by antivirus giant Symantec for $145 million in August 2002, Yoran stayed on as Symantec vice president of worldwide managed security services operations, according to Symantec spokesman Cris Paden.

Yoran was well regarded at Symantec, Paden said.

“He definitely knew what he was doing. He was somebody who brought an enormous set of skills with him,” he said.

While the DHS refused to comment Monday because the “official” announcement won’t happen until Tuesday, the software industry raced to embrace one of its own after word of his impending appointment spread.

The Business Software Alliance (BSA) a leading software industry group lauded the choice of Yoran, saying his experience in the software industry will help build the public-private partnerships that are necessary to prevent attacks on the nation’s critical infrastructure. The BSA is pleased about the appointment of Yoran to “such a vital role,” said Robert Holleyman, BSA president and CEO, in a statement.

A graduate of the U.S. Military Academy at West Point, Yoran designed security architecture for the Pentagon and served as director of the Vulnerability Assessment and Assistance Program for the U.S. Department of Defense Computer Emergency Response Team before founding RipTech.

That technical background should serve him well in his new post, said Alan Paller, director of research at the SANS Institute. Having a tech-savvy chief will make it easier for companies with information on vulnerabilities or cyberthreats to approach DHS. It will also make it easier for DHS to attract desperately needed technical resources, Paller said.

“Amit gets it technically and he’s proven he can manage difficult-to-manage technical people and make a pretty good environment for them to work in,” Paller said.

Yoran’s links to the anti-virus community might also make him less hospitable to software makers that produce products with bugs, he said. That might help Yoran in what Paller sees as the cybersecurity chief’s biggest challenge: encouraging government regulators to get tough with software companies about security.

Disagreements over that issue and the relatively low position of the cybersecurity chief within DHS hierarchy are widely reported to have forced Yoran’s predecessor, Richard Clarke, from his job in January.