WASHINGTON – Aiming to increase Internet security, the government is now offering Americans free cyber alerts and computer advice from the Homeland Security Department (search).
Anyone who signs up with the new National Cyber Alert System (search) will receive e-mails about major virus outbreaks and other Internet attacks as they occur, along with detailed instructions to help computer users protect themselves.
The program, which begins Wednesday, represents an ambitious effort by the government to develop a trusted warning system that can help home users and technology experts.
The goal of improving the overall security of the Internet has been frustrated by increasingly complex software that can be difficult to secure and by hackers learning to launch sophisticated new attacks.
"There is a clear need for this kind of system to be developed," said Amit Yoran, the Bush administration's cyber security chief. "Receiving information from the Department of Homeland Security gives people a certain level of confidence."
The announcement comes 11 months after such an Internet warning system was described in the National Strategy to Secure Cyberspace (search), a series of proposals endorsed by the Bush administration and technology industry to improve online security.
The alerts will function independently from the Homeland Security Department's well known color-coded system, which reflects the national threat level.
The new alert system puts the government in direct competition with dozens of companies and organizations that already transmit similar cyber warnings, and could renew criticisms about earlier, disjointed government efforts that frequently sounded Internet warnings hours or even days after major computer attacks and occasionally included incorrect information.
Earlier Internet warnings were distributed by the FBI's National Infrastructure Protection Center, which moved to Homeland Security when President Bush created the new department.
Congressional investigators complained in July 2002 that those earlier warnings were mostly issued after Internet attacks were long under way. They blamed government's inability to analyze imminent Internet attacks, fears about raising false alarms and staff shortages.
Yoran acknowledged the difficult balance between providing accurate warnings almost immediately.
"I'm sure we'll take some kicks in the shins," he said.
He indicated the government will focus on distributing information as quickly as possible, correcting any wrong information as U.S. computer investigators learn new details. "In the absence of information, the operator community is going to rely on whatever information is out there," he said. "It's better to have our voice heard rather than letting people operate in the dark."
The new alert system also sets up potentially serious conflicts with leading software companies, including Microsoft Corp., which aggressively discourage any public disclosures about new security flaws in their products until engineers can study the problems and offer repairing software patches for their customers.
Yoran said the government will aggressively warn consumers about vulnerabilities, in some cases revealing threats "above and beyond what specific commercial vendors may not wish to disclose."
"If the disclosure of certain information is deemed in the public interest, we'll move forward," he said.
Researchers who discover new vulnerabilities commonly work closely with these companies by agreeing not to reveal details about their work until a software patch is available. But some researchers have increasingly complained that companies take too long to verify their discoveries or deliberately seek to minimize their efforts for marketing purposes.