<<< Date Index >>>     <<< Thread Index >>>

Re: Hysterical first technical alert from US-CERT



I'm a little surprised by some of the critical reactions to the US-Cert's issuance of the MyDoom alerts.

Being in the federal sector, I can tell you that the predecessor to US-CERT (FedCIRC) received ongoing criticism from the government computer security circles for untimely advisories. FedCIRC was overly cautious about validating information before disseminating it. The result was that advisories were released so long after the event that they proved to be of little benefit to those of us on the front lines trying to mitigate problems. The joke used to be that we'd read about a problem on Bugtra or NANOG, then a week later see the same information from FedCIRC.

When DHS formed US-CERT, they held meetings around the country with a variety of groups, not just federal security types, and the most resounding request they got was to release alerts and advisories as soon as possible. Many suggested that late breaking advisories be labeled as preliminary, but released just the same. To US-CERT's credit, they listened to those requests and what we saw with MyDoom was advisories being released within hours of the onset of an incident.

Behind the scenes, US-CERT has established a number of secure channels to facilitate information sharing among federal agencies. They've established working groups which include private sector membership. They're ramping up some new initiatives that will bring much needed resources to the government such as labs to analyze malware. In my mind, this group is trying to focus on cybersecurity needs with the same intensity that NASA did to get to the moon.

I'm not trying to make any sales pitch here, and want to state that I do not work with for DHS or US-CERT (which is part of DHS).

Andrew Fried
Senior Special Agent
Treasury Inspector General for Tax Administration