Cybersecurity Warning Service Launches
WASHINGTON -- Even as an aggressive new worm and its mutations crawl across the Internet, computer users have a new way to be warned of security problems.
The U.S. Department of Homeland Security has introduced "America's first coordinated national cyber security system," providing cybersecurity bulletins and tips for registered users on the Cyber Security Division's Web site. Anyone can subscribe to this e-mail alert service.
Its implementation comes on the heels of the widespread Mydoom virus, which has attacked thousands of computers this week.
But one member of the U.S. Senate wants the government to do more. Businesses, ISPs, software vendors, and others should be required to report virus infections to the government promptly, says Senator Charles Schumer (D-New York).
"What DHS did today was essentially challenge computer hackers all over the world to put a virus into an e-mail that mimics the DHS e-mail warnings," Schumer says. "This flaw is exacerbated by the fact that without any kind of requirement mandating ISPs and other companies to report the discovery of viruses, these warnings will likely come after a virus has started spreading out of control."
The Federal Trade Commission,for its part, already gives virus protection information to business and consumers, he says. Schumer did not indicate whether he would introduce legislation to promote the expanded coverage.
"We are focused on making the threats and recommended actions easier for all computer users to understand, prioritize, and act upon," says Amit Yoran, director of the National Cyber Security Division of the Homeland Security Department. "We recognize the importance and urgency of our mission and are taking action."
The new cyber security system, the U.S. Computer Emergency Readiness Team or US-CERT, invites people to join mailing lists, report an incident, or report a vulnerability. Those who sign up get the choice of a "technical" or a "non-technical" list. The technical list, noted for its more technical language and specific details, is for people who are "experienced users and system administrators." The nontechnical list, which covers "common language and overall concepts," is intended for home and office computer users.
Once you've signed up, the System's "security suite" includes:
- Cyber Security Tips: biweekly tips for casual, nontechnical users that give information on computer security practices and how-to guides.
- Cyber Security Bulletins: biweekly summaries intended for more advanced users, covering security issues, new vulnerabilities, "potential impact," patches, and recommended actions for reducingmore risks.
- Cyber Security Alerts: real-time information about security issues, vulnerabilities, and exploits happening currently--available in both technical and less technical terms.
Signing up and receiving information from the system is free, and updates are delivered via push e-mail.
Though Homeland Security says the system is a first, it follows in the steps of others, such as Carnegie-Mellon University's CERT Coordination Center and similar private sector programs.
The 2003 Symantec Internet Security Threat Report cites a 500 percent increase in software vulnerabilities since 1999.