Congressmen Call For More Answers On Lax DHS Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Congressmen Call For More Answers On Lax DHS Security

Two congressmen are questioning the Department of Homeland Security's CIO and CISO about information security in the agency's research arm and in the office that deals with contractors.

After it was revealed last month that the Department of Homeland Security suffered 844 security breaches in a two-year span, two congressmen are prodding the agency's CIO for information on how he plans to fill some gaping holes.

Committee on Homeland Security Chairman Bennie G. Thompson, D-Miss., and Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Chairman James R. Langevin, D-R.I., both signed off on a letter to DHS CIO Scott Charbo, as well as to Robert West, the agency's chief information security officer, late last week. The letter, which was released to the media, expressed concern over security holes and questioned Charbo about possible breaches within the Office of Procurement Operations and the Directorate of Science and Technology, also known as the S&T Directorate.

The Office of Procurement Operations handles a large percentage of Homeland Security's contractors. The U.S. Government Accountability Office reported a year ago before a House committee that the office lacked the necessary internal controls to successfully oversee interagency contracting activity. And the S&T Directorate is the primary research and development arm of DHS.

In the letter, Langevin and Thompson noted that a recent GAO audit found that there are "significant vulnerabilities" in the department's systems.

"While some department components demonstrated improvement over the previous year, auditors found that most did not measurably enhance their security posture," the letter stated. "During the 2006 IT testing, auditors identified over 200 vulnerable conditions on financial management networks that were in need of mitigation. Though the department closed 44% of those risks, more than 150 new findings were discovered this year."

The congressmen reported that the vulnerabilities included access to key financial applications, misconfigured security controls for financial applications and support systems, and poor application-change control processes.

"The Committee is deeply concerned that the vulnerable conditions highlighted in recent reports by the Inspector General may facilitate espionage on the Department's computers," the letter added.

Langevin and Thompson then asked Charbo and West if there has ever been unauthorized access to any part of the network in the Office of Procurement Operations or the S&T Directorate. They also wanted to know if a hacking tool or password collector had ever been installed on a computer in either of the offices, and if an infected machine ever transmitted information out of the two offices. The congressmen then asked for specific information on seven "incidents" that appear to have occurred in 2006.

They requested that Charbo and West respond no later than Aug. 27.

In June, Charbo was raked over the coals in front of a congressional hearing focused on security breaches at the DHS. The hearing was called to follow up on what has been a series of hearings on the government's cybersecurity. A congressional hearing had been called this spring on a data breach at the U.S. Department of Agriculture, and on April 19 there was a congressional hearing focused on computer break-ins at both the Department of State and the Department of Commerce last summer.

During the June hearing, Thompson concluded his statement by saying, "In light of all of the evidence in front of us, I think the first thing that Mr. Charbo needs to do is explain to us why he should keep his job."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll