Amit Yoran, the government's cybersecurity chief, abruptly resigned last week after one year with the US Department of Homeland Security, a move that raised serious questions about the Bush administration's ability to quickly improve the nation's cybersecurity.
Yoran's resignation from his post as director of the DHS National Cyber Security Division comes only days after the former Symantec executive indicated to Computerworld that he had grown frustrated with the political hand-wringing that accompanied what he saw as a frontline position at the agency.
But in an interview on Friday from his home in Virginia, Yoran said his departure was in keeping with his original agreement with Homeland Security Secretary Tom Ridge.
"When I came to the DHS, it was literally another startup within the government, and the mandate was to build the operational capability of the USCERT," said Yoran, referring to the US Computer Emergency Response Team. "At the time, it was very clear that it was a limited term, and one year was the commitment that both of us made."
Yoran says he feels comfortable leaving the DHS in its current state, which he characterised as being in a good position to move forward with practical improvements to cybersecurity. "We've made some tangible and tactical operational achievements, including establishing the USCERT," he says. "We've mapped the government's entire IT space and made progress on control system security. So my departure wasn't quite as abrupt as some reports have indicated."
Despite speculation that he left because of frustrations with the government's lack of focus on cybersecurity and a lack of willingness by senior DHS officials to make it a higher priority, Yoran — whose wife recently gave birth to twins — says he wants to spend more time with his family.
"I'm not a long-term government kind of guy," he says. "I have my sleeves rolled up in a very entrepreneurial mindset. But I'm not leaving because of that."
Even so, a former White House official said bluntly that Yoran "got set up" by a DHS bureaucracy that is still playing tug-of-war with physical and cybersecurity. Robert Liscouski, assistant secretary for infrastructure protection at DHS and Yoran's superior, "is so paranoid about losing power and authority that he never gave Amit the power to do the job," the former official said.
Liscouski didn't return Computerworld's request for comment on Friday.
When asked about that possibility, Yoran declined to comment in detail, saying only "I would characterise my relationship with the leadership of the department as generally positive."
But Yoran told Computerworld in an email last week that he had "long since given up trying to understand the political side of this and have focused on the operations." He also hinted at a growing frustration with the multitude of political agendas involved in the public/private partnership in cybersecurity and critical-infrastructure protection.
"This is a topic where there are so many passionate opinions, billions of industry dollars on the line and many forces working some angle or other," Yoran wrote. "At least we've got some pretty cool capabilities built and are actually fixing some problems."
A source close to Yoran at DHS who requested anonymity said Yoran had only recently become "significantly frustrated" with his inability to get things done. "He's an entrepreneur who wanted to get things moving, and I think he finally got to the point where he realised he could be more effective working outside the government," the source said.
Industry officials who know Yoran said it's likely that his frontline, practical approach to cybersecurity was squashed under the weight of competing political agendas. "The comments made to Computerworld tell the whole story," says Charles "Buck" Fleming, acting executive director of the Cyber Incident Detection and Data Analysis Centre and CEO of AdminForce.
Douglas Goodall, CEO of Red Siren, calls Yoran "one of the early business leaders in cybersecurity" and says his departure threatens the meager progress that has been made to date in the US government's implementation of the National Strategy to Secure Cyber Space.
"He took an assignment that was necessary, but one in a new organisation fraught with organisational and resource challenges during a politically-charged election year," says Goodall. "As he was trying to elevate his priorities in the DHS, he had to do battle with the marketplace and the politics of the issue. I can empathise with the difficulty of trying to do that."
But the timing of Yoran's resignation is what is particularly troubling, says Goodall. "Our biggest fear has always been that the strategy would not be implemented," Goodall said. "Now we start all over again. And the government's attention span is fleeting."