U.S. cybersecurity chief resigns

Amit Yoran leaves the Department of Homeland Security a little more than a year after joining.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
The top cybersecurity official in the United States has resigned, a little more than a year after joining the Department of Homeland Security, the agency said Friday.

Amit Yoran, director of the National Cyber Security Division of the Department of Homeland Security, was responsible for carrying out the lion's share of the initiatives outlined in the Bush Administration's National Strategy to Secure Cyberspace.

Yoran resigned Thursday because he had completed what he set out to do and felt it was time to move on, he said.

"When I spoke with the leadership of the department before I accepted the job, we were clear what the expectations and goals were," Yoran said. "The core objectives of building the cybersecurity division and US-CERT were complete."

Yoran ascended to the post in September 2003, after leaving security software firm Symantec to join the government. The homeland security position was Yoran's second tour of government duty; he once headed vulnerability assessment at the Department of Defense's Computer Emergency Response Team and managed the Pentagon's network security. In the interregnum, he founded network protection firm Riptech and then sold the company to Symantec.

While Yoran was given a weighty task in securing the nation's computers and providing cybersecurity guidance, he did not have full access to the Secretary of Homeland Security, critics say. Some members of Congress had introduced bills that would raise the top cybersecurity position to one that directly reported to Secretary Tom Ridge.

While many have charged the Department of Homeland Security with frustrating its cybersecurity staff by not giving their leaders enough clout, Yoran said that was not why he left.

"I never applied for an assistant secretary position," he said. "I never advocated for one."

Still, the technology industry pointed to Yoran's resignation as proof that the top cybersecurity position needed more authority within the Department of Homeland Security.

"It is even clearer today that cybersecurity must be properly elevated within the DHS in order to provide the necessary resources and the ability to implement policy that will better protect our information infrastructure," Robert Holleyman, president of the Business Software Alliance, said in a statement regarding Yoran's resignation.

Before Yoran, the United States' top cybersecurity position was held by Howard Schmidt, now the chief security officer at eBay, and before that by Richard Clarke. Clarke is the antiterrorism expert whose book "Against All Enemies" criticized the Bush Administration's tactics against terrorism. Clarke resigned the position in February 2003, Schmidt in April 2003.

When Clarke held the office, the top cybersecurity position was not part of the Department of Homeland Security, which was created in March 2003, but part of the Bush Administration. Both Schmidt and Clarke criticized the relatively low priority that cybersecurity was given in the organization of the Department of Homeland Security when it was created.

"It was an incredibly difficult situation to try and carry on an important mission," said Doug Goodall, CEO of RedSiren, a network monitoring company that competed with Riptech, the business that Yoran founded. "That's the reason that you have seen three directors step down in 24 months."

The Department of Homeland Security plans to announce a replacement for Yoran soon, a representative for the agency said.

Yoran wouldn't comment on the problems that the Bush Administration has had with keeping its cybersecurity czars, but he did say that the birth of his twins three months ago convinced him he should spend more time with family.

"You think cybersecurity is a full-time job, that's the easy part of the day," he said.

CNET News.com's Declan McCullagh contributed to this report.