DHS to Answer for Hundreds of Cyber Break-Ins
The Department of Homeland Security's chief information officer is expected to receive a tongue-lashing from lawmakers on Capitol Hill Wednesday, where an oversight committee will present data showing hundreds of digital break-ins and shoddy security practices at the very agency that is supposed to lead the government's cyber security efforts.
DHS CIO Scott Charbo is scheduled to appear tomorrow before a House Homeland Security subcommittee hearing entitled "Hacking the Homeland." The panel follows a hearing April in which Commerce and State department officials recounted how hackers broke into and gained control over a number of systems in a series of targeted attacks. Since that testimony, committee leaders demanded answers to dozens of questions about DHS's compliance on cyber-security standards, and whether it, too, had suffered similar break-ins.
Security Fix has learned that DHS and its constituent agencies have suffered more than 800 serious computer security incidents from 2005 through 2006, including compromised agency Web sites, unchecked computer virus and worm infections, and digital intruders that were quietly transmitting stolen data out of government networks. The panel also will examine reports of system compromises that lead to "classified data spills" within DHS.
House Homeland Security Committee Chairman Rep. Bennie Thompson (D-Miss.) said what DHS is doing on its own networks speaks so loud that its message on the importance of securing computer systems and networks is not getting across to anybody else.
"'Do as I say, not as I do,' policy is a recipe for disaster, and if we are serious about the security risks facing our networks, then we need to start acting and stop posturing," Thompson said.
The committee also is expected to quiz department leaders on spending such a small amount of its total information technology budget on security. According to data handed over to the committee, DHS's chief information security officer's budget shrank or remained stagnant over the past three years, even in the face of persistent security problems at the agency. In 2005, DHS allocated just $17.5 million for its CISO office, a figure that fell to just $15 million in FY2007.
Like several other agencies this year, DHS earned a grade of "D" on meeting federal cyber-security requirements. But many critics of that grading process say the law that the marks are based upon - the Federal Information Security Management Act (FISMA) - more accurately measures how adroitly agencies can tackle paperwork exercises, not necessarily the strength of each agency's network and computer defenses.
As such, sources say lawmakers at tomorrow's hearing plan to ask why the department hasn't focused more resources on periodic penetration tests to help identify and harden security weaknesses across the department's systems and networks.
Posted by: TJ | June 19, 2007 10:40 PM | Report abuse
Posted by: TJ | June 19, 2007 10:49 PM | Report abuse
Posted by: John | June 20, 2007 10:25 AM | Report abuse
Posted by: JSG | June 20, 2007 11:29 AM | Report abuse
Posted by: Charley | June 20, 2007 12:10 PM | Report abuse
Posted by: Q | June 20, 2007 2:02 PM | Report abuse
Posted by: Mark | June 20, 2007 3:11 PM | Report abuse
Posted by: ITS101 | June 20, 2007 3:13 PM | Report abuse
Posted by: Jordan Lund | June 20, 2007 3:20 PM | Report abuse
Posted by: Sue Dawson | June 20, 2007 3:36 PM | Report abuse
Posted by: Josh | June 20, 2007 3:56 PM | Report abuse
Posted by: Anon | June 20, 2007 4:14 PM | Report abuse
Posted by: Karen | June 20, 2007 6:05 PM | Report abuse
Posted by: Sue Dawson | June 20, 2007 7:02 PM | Report abuse
Posted by: Dan from out West | June 20, 2007 7:28 PM | Report abuse
Posted by: MJC in New Hampshire | June 21, 2007 8:13 AM | Report abuse
Posted by: AMEN BROTHER | June 24, 2007 9:49 AM | Report abuse
Posted by: Bat,Tx | June 27, 2007 6:08 AM | Report abuse
The comments to this entry are closed.