The federal government's National Cyber Security Division (NCSD) on Wednesday launched a new unit to serve as a clearinghouse of data on malicious hacking and virus threats against computer systems.
The new National Cyber Alert System plans to issue free e-mail alerts about potential security risks to businesses, government departments and home users. More importantly, the unit will focus on non-technical consumers who have proven to be the most vulnerable to security flaws -- and the most tardy about applying fixes.
While security-related e-mail alerts are readily available from a multitude of public and private sources, including the government-funded CERT Coordination Center (CERT/CC), the Department of Homeland Security (DHS) believes the National Cyber Alert System will reach the elusive home user.
Twice a month, the unit plans to issue tips and best practices for computer security to non-techie users. "These e-mail products will provide timely information on computer security vulnerabilities, potential impact, and action required to mitigate threats, as well as PC security 'best practices' and 'how to' guidance," the DHS said in a statement.
Amit Yoran, director of the DHS Cyber Security Division, said the alerting system is intended to "elevate awareness" and improve the IT security posture in the United States, much like the color-coded warnings issued for terrorism threats nationally. "We are focused on making the threats and recommended actions easier for all computer users to understand, prioritize, and act upon. We recognize the importance and urgency of our mission and are taking action."
He said the Alert System would be managed by the U.S. Computer Emergency Readiness Team in partnership with the NCSD and the private sector. The NCSD typically handles the government's incident response and early-warning duties and incorporates the FBI and several other federal infrastructure security units.
It will build upon the framework models of the CERT/CC advisories to provide what is being described as "actionable information" to empower PC users (from computer security professionals to home computer users with basic skills) to better secure their portion of cyberspace, the DHS said.
The e-mail alerts will be separated to reach specific target areas. For instance, users can subscribe separately for the Cyber Security Tips newsletter or the Cyber Security Bulletins which is intended primarily for a technical audience. The alerts will include summaries of security issues, new vulnerabilities, potential impact, patches and work-arounds, as well as actions required to mitigate risk.
Another product will be available in two forms -- regular for non-technical users and advanced for technical users -- to provide real-time information about security issues, vulnerabilities, and exploits currently occurring. These will be high-priority and will encourage all users to take rapid action.