Federal e-mail cyber-alert system unveiled
WASHINGTON (CNN) -- Homeland Security officials unveiled on Wednesday a new cyber-alert system to help protect the nation from attacks on computer-based networks and to prevent any attacks elsewhere from affecting cyberspace.
The National Cyber Alert System, described in a telephone briefing, will include alerts and bulletins distributed by e-mail subscription and through a government Web site.
The Web site also provides a means to report such threats discovered by computer users and other information technology experts.
"We are moving to a more proactive stance," said Amit Yoran, director of the National Cyber Security Division of the U.S. Department of Homeland Security. The system, he said, will be "providing periodic pieces of information to better secure systems and address known vulnerabilities before they fall victim to various types of cyber attack."
The government's warning system will not distribute word of a cyber-threat without also providing a means to deal with any attack. Yoran told CNN, "In many instances, that threat announcement will be done in collaboration with a product vendor or, as appropriate, we would expect to point back to that vendor for a patch or an update that's required.
"What we don't want to do is tell the bad guys this vulnerability is out there, and not have a work-around available to keep them from exploiting it." Yoran acknowledged an alert could be delayed until a repair or "patch" was found.
"We would have to weigh that, as to whether we ought to be out there talking about it, publicizing vulnerabilities which aren't being taken care of," he said.
The system had not yet sent out its first alert as of the briefing with reporters, and Yoran later Wednesday said there was no imminent threat timed with the announcement. He added that his group already has been handling "from 10 to 30" reports daily, and that "we're looking at boiling down information in the public domain and provide some context to prioritize and balance it out" in determining when a report rises to the level that would trigger a cyber warning.
Criteria for such a warning include the visibility of the threat, how actively it is being exploited, the risk to national security, and the risk it presents to other critical infrastructure.
The cyber-alert system will not include color-coded levels of threat, as is done with the general threat level posted by the Department of Homeland Security. Yoran said the possibility of attack on cyberspace is considered one of the factors that go into the overall assessment of the nation's security.
The Web site where people can sign up for the cyber alerts is www.us-cert.gov.