Congressmen Call For Investigation On Government Cyberattacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management

Congressmen Call For Investigation On Government Cyberattacks

Unisys, a major government IT contractor, reportedly is being investigated for allegedly failing to detect cyberattacks, and then covering up its failings.

Two congressmen have called for an investigation into cyberattacks aimed at the Department of Homeland Security, along with a contractor charged with securing those networks.

Committee on Homeland Security Chairman Bennie G. Thompson, D-Miss., and Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Chairman James R. Langevin, D-R.I., sent a letter last Friday to Richard L. Skinner, inspector general of the Department of Homeland Security. In the letter they say the House Committee on Homeland Security's investigations led them to believe the department is under attack by foreign powers, and could be at risk because of "incompetent and possibly illegal activity" by a U.S. contractor.

The congressmen didn't name the contractor in the letter. However, the Washington Post on Monday reported that the FBI is investigating Unisys, a major information technology firm with a $1.7 billion Department of Homeland Security contract, for allegedly failing to detect cyber break-ins traced to a Chinese-language Web site and then trying to cover up its deficiencies. The Post also reported that in 2002, Unisys won a $1 billion deal to build, secure, and manage the information technology networks for the Transportation Security Administration and DHS headquarters. In 2005, the company was awarded a $750 million follow-on contract.

"The infiltration of federal government networks by unauthorized users is one of the most critical issues confronting our nation, but it's hardly a new threat," wrote Thompson and Langevin in their letter. "For years, these attacks have resulted in the loss of massive amounts of critical information... Cyberespionage is an issue of national security, and we must improve our defensive posture to prevent the theft of data or the compromise of the integrity of our data."

This past April, an official with the Department of Commerce testified before a Congressional hearing that hackers operating through Chinese servers used a rootkit to penetrate computers at the Commerce Department. The department's IT staffers reportedly never discovered when the break-in occurred or the amount of information that was stolen.

And in another congressional hearing this summer, Langevin himself testified that Homeland Security, the government agency tasked with being the leader of the nation's cybersecurity, suffered 844 "cybersecurity incidents" within two years. He also said the Chinese have been "coordinating attacks against the Department of Defense for years."

The letter also noted that earlier this month, the committee on Homeland Security received information that a hacking tool, a password dumping utility, and malicious code was found on more than 12 computers in the department's headquarters. Langevin and Thompson added that the machines may still be compromised due to the contractor's "insufficient mitigation efforts."

The letter also said the hackers moved information out of the compromised computers and to a Web hosting service that connects to Chinese Web sites.

Langevin and Thompson went on to allege that the Department of Homeland Security contracted for network intrusion-detection systems to be put in place, but they were not fully deployed when the latest incident occurred.

"If network security engineers were running these systems, the initial intrusions may have been detected and prevented," the letter said. "Contractors provided inaccurate and misleading information to Department of Homeland Security officials about the source of these attacks and attempted to hide security gaps in their capabilities."

The congressmen also are calling for a review of the government officials charged with overseeing the contractor.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll