Network News

X My Profile
View More Activity

DHS to Answer for Hundreds of Cyber Break-Ins

The Department of Homeland Security's chief information officer is expected to receive a tongue-lashing from lawmakers on Capitol Hill Wednesday, where an oversight committee will present data showing hundreds of digital break-ins and shoddy security practices at the very agency that is supposed to lead the government's cyber security efforts.

DHS CIO Scott Charbo is scheduled to appear tomorrow before a House Homeland Security subcommittee hearing entitled "Hacking the Homeland." The panel follows a hearing April in which Commerce and State department officials recounted how hackers broke into and gained control over a number of systems in a series of targeted attacks. Since that testimony, committee leaders demanded answers to dozens of questions about DHS's compliance on cyber-security standards, and whether it, too, had suffered similar break-ins.

Security Fix has learned that DHS and its constituent agencies have suffered more than 800 serious computer security incidents from 2005 through 2006, including compromised agency Web sites, unchecked computer virus and worm infections, and digital intruders that were quietly transmitting stolen data out of government networks. The panel also will examine reports of system compromises that lead to "classified data spills" within DHS.

House Homeland Security Committee Chairman Rep. Bennie Thompson (D-Miss.) said what DHS is doing on its own networks speaks so loud that its message on the importance of securing computer systems and networks is not getting across to anybody else.

"'Do as I say, not as I do,' policy is a recipe for disaster, and if we are serious about the security risks facing our networks, then we need to start acting and stop posturing," Thompson said.

The committee also is expected to quiz department leaders on spending such a small amount of its total information technology budget on security. According to data handed over to the committee, DHS's chief information security officer's budget shrank or remained stagnant over the past three years, even in the face of persistent security problems at the agency. In 2005, DHS allocated just $17.5 million for its CISO office, a figure that fell to just $15 million in FY2007.

Like several other agencies this year, DHS earned a grade of "D" on meeting federal cyber-security requirements. But many critics of that grading process say the law that the marks are based upon - the Federal Information Security Management Act (FISMA) - more accurately measures how adroitly agencies can tackle paperwork exercises, not necessarily the strength of each agency's network and computer defenses.

As such, sources say lawmakers at tomorrow's hearing plan to ask why the department hasn't focused more resources on periodic penetration tests to help identify and harden security weaknesses across the department's systems and networks.

By Brian Krebs  |  June 19, 2007; 5:15 PM ET
Categories:  U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Glubble: The Web in a Kid-Friendly Bubble
Next: LexisNexis Warns of Consumer Database Breaches

Comments

Not surprised. I've witnessed similar problems on the local and state levels. Time and again our government institutions prove their incompetence. It's no wonder we have little faith in them. Our founding fathers would be ashamed.

DHS = Department of Homer Simpson. D'oh!

Posted by: TJ | June 19, 2007 10:40 PM | Report abuse

Forgot to address this:

"'Do as I say, not as I do,' policy is a recipe for disaster."

No kidding. The fact this is even said speaks volumes! Seriously though, that IS the motto of government or more specifically politicians.

Ever get the impression that each and everyday there are fewer and fewer of us that really try to do our jobs to the best of our ability????

Posted by: TJ | June 19, 2007 10:49 PM | Report abuse

So we here about the failures of his department and potentially of himself. Any information on what he HAS accomplished and if it is as much as can be expected from him and his department to this point?

Personally, I doubt he has accomplished much based on the simple problems that seem to have been exploited, but both sides should be presented.

Posted by: John | June 20, 2007 10:25 AM | Report abuse

I haven't checked recently...but Does the government keep up with salary schedules available in private industry? It didn't used too...so why is anyone suprised that the best and brightest work elsewhere? And when was the last time someone was fired for not getting the job done a) in government, b) in private industry. Think there might be a relationship?

Posted by: JSG | June 20, 2007 11:29 AM | Report abuse

There's nobody in charge of Information Security in DHS. There's no plan for securing America's computer infrastructure. There's no plan on what to do if a catastrophie strikes. So power distribution, communications, transportation and finaces, along with other critical systems, for the entire nation are at risk and nobody's minding the shop. All I want to know is, who's going to get a Medal of Freedom for this one?

Posted by: Charley | June 20, 2007 12:10 PM | Report abuse

The guy knows nothing about IT; it's no wonder he's failing...

Posted by: Q | June 20, 2007 2:02 PM | Report abuse

DHS and our government wacked Clark, the only one whom came clean, whom warned about our non analog networks being exploited. Now our belove country, our peoples are not heard, but we're to believe we're in good hands? _Mg

Posted by: Mark | June 20, 2007 3:11 PM | Report abuse

umm... go hire an ITS with a budget to secure all your data

Posted by: ITS101 | June 20, 2007 3:13 PM | Report abuse

I was hired by my current employer at the end of December and they were being attacked by botnets running automated scripts on a daily basis.

It didn't take long to analyze the logs and block the attacks and our network has been free of these attempts for some time now.

If I can do it on my network is it too much to ask that the government does the same thing on theirs?

Posted by: Jordan Lund | June 20, 2007 3:20 PM | Report abuse

"Classified data spills"--sounds like governmentese, all right. Is that similar to "colateral damage?" And to think that I have a son in the US Coast Guard! He was in the Washington, DC, area--now New Orleans. He has been to Iraq, too. At least our e.mails made it back and forth ok, but it's been more than a year ago.

Posted by: Sue Dawson | June 20, 2007 3:36 PM | Report abuse

Anyone seen "Breach"?

"That's right, why don't we hire a maintainence man making $50,000 a year to install a data line with information that every country in the world would pay $10 million for? That makes sense, clerk, right?"

Posted by: Josh | June 20, 2007 3:56 PM | Report abuse

What is really disturbing in all this is the belief held by so many in the general population that our government is able to protect us or provide critical services when the you know what hits the fan. The ONLY thing the government does well is the military, except when they tie their hands with politics.

National healthcare? Be careful what you wish for!

Posted by: Anon | June 20, 2007 4:14 PM | Report abuse

Solution

Change the capitalist economy, because we the people of a democratic republic need a real sustainable salary that supports both our environment and our way of living.

If anyone doubts the above, ask yourself, how everything is developing based upon the economy.

When the economy is based on the bottom line for making profits, AKA corporation shareholders who pick the executive officers that operate their business, under their rules, and yet remains completely unaccountable for their corporation actions, your going to experience corruption, greed and the many social break downs everyone is experiencing in the society.

The officials should be working to serve us, and not serving themselves. Capitalism has created the wealthy, individuals like Bill Gates who have profit some 50 billion dollars in 2006 alone.

How many Americans are homeless? How many Americans cannot go to school, because they cannot afford the high cost of attending? Then consider the lack of education given.

How many Americans are fighting in Iraq not to liberate the people, but to insure the U.S. dependency upon oil which Exxon corporation has in this year of 2007 made record profits in the billions of dollars of all it's history! While all the time Americans paid more for their fuel cost.

The rich are getting richer folks...

What about equality, and fairness and most of all, the spirit of what being an American was to stand for?

Make corporations accountable, no more special laws allowing them to make up fake individuals, but instead hold the owners who control the corporation accountable, so they are responsible.

Posted by: Karen | June 20, 2007 6:05 PM | Report abuse

To Karen and her solution:

The devil is always in the details. I taught in high school for more than fifteen years and worked in public libraries for over twenty years. If I knew how to make our educational and political systems better, I, too, would have a solution. Unfortunately, I don't have a viable answer. I love my country and think that there is no better place than the good ol' US of A to live. Since there are so many people trying to get in not only legally but also illegally, we Americans must be doing some things right. Admittedly, the rich are getting richer, and the poor are getting children.
Education is a key factor, but all Americans need to take responsibility for their actions.

Posted by: Sue Dawson | June 20, 2007 7:02 PM | Report abuse

Karen and Sue Dawson,

Our country has fallen. It is our fault. It is ethnocentric though Sue to think that we have the best place in the world to live in America THIS DAY AND AGE. That is not true that we are the best place in the world to live any longer. Sorry. I have lived in 3 other countries and travelled to another 25 on four continents. More and more western countries are offering a good way of life for their people while ours is heading south everyday. It is true.
America's quality of life and standard of living are in trouble for the future and even now though. Again, it is our fault for allowing those truly corrupt to run our lives and future for us when they don't give a damn about us...and our democracy too.
It is the lobbyists who corrupt our corporate politicians in the House of Corporate Executives and the useless Senate. America has a corporate government establishment that is illegal constitutionally and is wiping their feet on us everyday while waving our American flag in our faces as they deceive us smartly. I am tired of it.... Time to move out of America again for a few more years I guess. I am disgusted and fed up with the sorry state of our nation in the early 21st Century. I am deeply ashamed at what we have become as Americans. And, we have been responsible for thousands of childern and elderly dying unnecessarily in Iraq as well. We are to blame for their deaths.It is sickening.
It is the lobbyists who corrupt our corporate politicians in the House of Corporate Executives and the useless Senate. America has a corporate government establishment that is illegal constitutionally and is wiping their feet on everyday while waving our American flag in our faces as they deceive us smartly.
I am tired of it.... Time to move out of America again for a few more years I guess. I am disgusted and fed up with the sorry state of our nation in the early 21st Century. I am deeply ashamed at what we have become as Americans. And, we have been responsible for thousands of childern and elderly dying unnecessarily in Iraq as well. We are to blame for their deaths.
It is sickening.
Oh YEAH:
The illegals? They are here for themselves only, not because they love America. The poor from Central America only come here to obtain illegal dollars and wire them back to their corrupt countries. They don't want to necessarily be American nor do they really respect us as Americans. I would deport them all if I could. That is what they deserve. They are criminals with no respect for us as Americans nor our rule of law and national sovereignty. I can't stand them, really.
Dan

Posted by: Dan from out West | June 20, 2007 7:28 PM | Report abuse

I wonder if the DHS network is homogeneous on the client side of the network? Is it too much to ask the DHS IT folks to consider that those within DHS who must have sensitive data on their machines do their work on Mac or Linux desktops/laptops? Regardless of the reason--safety through obscurity, platform architecture, whatever-- Mac and Linux desktops are more difficult targets for malware. But then again, maybe I am wrong and the DHS machines that get compromised are Mac and Linux boxes. Hmmm. I didn't think of that. (:-)

Posted by: MJC in New Hampshire | June 21, 2007 8:13 AM | Report abuse

YOU GOT THIS RIGHT!
WELL SAID!

"The illegals? They are here for themselves only, not because they love America. The poor from Central America only come here to obtain illegal dollars and wire them back to their corrupt countries. They don't want to necessarily be American nor do they really respect us as Americans. I would deport them all if I could. That is what they deserve. They are criminals with no respect for us as Americans nor our rule of law and national sovereign."

Posted by: AMEN BROTHER | June 24, 2007 9:49 AM | Report abuse

Do you think that maybe some of the computers problems are or may be due to the 911 incident. Someone being in the wrong spot at the wrong time.....Just a
a question. How do or can they retrack what was happening on the day of the nations most horrible time in the trade center bombings? I personlly have had problems ever since then with my server service. Tell you what New times and technolgy might be good but oh the headsaches it causes. Also why do we out source so much for other countries when we have people in our country that can answers phones as well as someone in India or Mexico?Or maybe asking some of these college students that make up all these different blogs like MY space and FaceBook. Maybe some anwsers could come from Trinity college or the maker of My space who goes by Tom. Seems to me that maybe it isn't a hacker problem as opposed to maybe an open server some where?

Posted by: Bat,Tx | June 27, 2007 6:08 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company