Rarely does the information security industry find itself in agreement on an issue. But in the case of the recently...
announced National Cyber Alert System, administrators and luminaries have nearly reached a consensus -- there's little added value here.
Cybersecurity czar Amit Yoran last Wednesday announced that enterprise IT administrators can register for technical e-mail alerts at the US-CERT.gov Web site. Bi-weekly security bulletins and periodic tips are also available on a subscription basis. Yoran said the alerts identify, analyze and prioritize security incidents like critical vulnerabilities and malicious code outbreaks.
But in the end, the alerts amount to nothing more than another e-mail administrators and managers have to wade through during an incident, according to those contacted by SearchSecurity.com.
"It's kind of neat that the government is doing this, but there's no added value here," said Bruce Schneier, CTO at managed security monitoring provider, Counterpane Internet Security Inc. "I can't believe an IT manager would [subscribe]. They would get faster information from the vendors they work with."
The alert system heralds its cooperation with the private sector in compiling information on incidents like last week's Mydoom outbreak. Some, however, question the timeliness in which the government could deliver an alert compared to a vendor and how much additional data it would provide.
"I think most [enterprises] are usually notified by their vendors. We are," said Lisa L. Moris, senior systems programmer and network engineer for Hennepin County, Minnesota. "This is nice because alerts and possible fixes usually relate to the kind of hardware/software we have installed. We usually don't get what we know doesn't apply to us. Plus an alert without a suggested detection signature, countermeasure and/or fix is pretty worthless."
Moris said she receives two to four alerts in a typical day and also subscribes to CERT/CC at Carnegie Mellon University as a failsafe in case her vendors have missed something.
"I don't really see this as adding anything for our enterprise that we aren't already getting," Moris said. "If you subscribe to more places, it's usually just duplicates without any valuable differences in the alerts."
Experts believe those compelled to subscribe to something just because it's coming from the federal government are just adding to the information overload they're already suffering.
"In my opinion, this is replicating what Internet Security Systems, Symantec, iDEFENSE and most of the other vendors, ITISACs and CERTs already do," said Peter Allor, director of X-Force Intelligence for Atlanta, Ga.-based ISS. "(Some) people subscribe to every mailing list and alert service, and get barraged with security bulletins and alerts daily, or even hourly. I don't know how this shortcuts this for them. It doesn't make sense."
Allor wonders as well how much cooperation US-CERT is going to get from the private sector.
"The question is how many companies in the private sector are willing to pony up their information for the government to peruse?" Allor said. "Not many, and that's the problem that this is going to run into."