The nation's top cyber-security official resigned unexpectedly on Thursday, raising new questions about the progress of efforts to protect the nation's vast computer networks from terror attacks, electronic viruses and other threats, government and industry officials said yesterday.
Amit Yoran, a security industry entrepreneur, stepped down one year after he was hired by homeland security officials with a broad mandate to reinvigorate Bush administration efforts to improve the way government and industry address computer security.
Yoran is the third cyber-security chief to leave in less than two years. He declined yesterday to say why he left his post after giving just one day's notice. But industry officials said he had been disappointed that he was not given as much authority as he was promised to attack the problem.
"Cyber-security has fallen down on that totem pole," said Paul Kurtz, executive director of the Cyber Security Industry Alliance, who previously worked on security issues in the White House. Kurtz said Yoran's resignation underscores a concern in the private sector that government is not taking the issue seriously enough: "It's kind of symptomatic of the frustration all around."
"I think it's a significant loss," said Douglas J. Goodall, chief executive of RedSiren, a Pittsburgh network security company. "The fear that I would have is that momentum he was building would go away."
Yoran made a name for himself as co-founder and chief executive of Riptech Inc., an Alexandria network security firm acquired by Symantec Corp. in July 2002 for $145 million.
He was appointed director of the National Cyber Security Division in September 2003, at a time when industry officials were complaining about the government's failure to give the issue more prominence.
Yoran succeeded Howard A. Schmidt, the White House adviser on cyber-security who resigned in April 2003, and the first director, Richard A. Clarke, who stepped down three months earlier. Upon their departures, both of Yoran's predecessors warned about the importance of stepping up efforts to combat computer and network attacks.
When the office was folded into the Department of Homeland Security, industry officials pushed for the director to be an assistant-secretary-level position with direct access to Secretary Tom Ridge. Instead it was placed several steps down, in a job that answers to Robert P. Liscouski, assistant secretary for infrastructure protection. The division has a staff of 60 and a $69 million budget this year.
Legislation was offered in the House last month to create an assistant secretary position, but it has made no headway.
One of Yoran's main tasks was to implement recommendations in President Bush's "National Strategy to Secure Cyberspace," initiatives that relied heavily on the private sector. He was also responsible for beginning the U.S. Computer Emergency Readiness Team to coordinate national and global initiatives to thwart computer network attacks.
In an interview, Yoran praised the president's plan. He said Ridge understands the importance of cyber-security. But he stopped short when asked to explain his abrupt departure. "I resigned because I filled my obligation and accomplished the core requirement," he said.
Kevin Poulsen, a cyber-security specialist, said Yoran has been in a difficult position for some time. There has been progress in cyber-security, he said, but it has come much more slowly than most specialists had hoped because the government efforts have not gained traction.
"There was a sense it was essentially a powerless position," said Poulsen, news editor at SecurityFocus.com. "In an age of physical terrorism and real-world threat, they're not giving cyber-security much attention."