|
Print this page |
| |
|
Close this window |
Homeland Security Department computers and cyber systems have been infected with viruses and malicious scripts that could compromise passwords and information on U.S. citizens, intelligence operations and the nation's critical infrastructure, a House subcommittee has learned.
House Homeland Security Emerging Threats and Cybersecurity Subcommittee Chairman Jim Langevin, D-R.I., plans to hold a hearing today to examine the problems, which were discovered by government investigators.
"I want to know what the hell is going on over there at the Department of Homeland Security," Langevin told CongressDaily. "Who's running the show over there and why aren't they taking these security penetrations and security vulnerabilities more seriously?"
"I want to hear [if] they really get how serious these penetrations are and I want an answer to the question of why aren't we acting fast enough to secure our networks," he added.
Scott Charbo, the department's chief information officer, is scheduled to testify at the hearing.
A draft report from the Homeland Security Department's inspector general found that two computer systems at the department's headquarters were infected with scripts that could compromise passwords and allow unauthorized access by outsiders, Langevin and his aides said. They would not reveal which systems were infected.
The aides said the problems could have exposed personal data on U.S. citizens, sensitive intelligence communications and information on U.S. critical infrastructure to unauthorized outsiders.
GAO has also found major weaknesses in the department's computer security controls. Gregory Wilshusen, GAO's director of information security issues, and Keith Rhodes, GAO's chief technologist, are also scheduled to testify at today's hearing.
In written testimony submitted in advance of the hearing, the GAO officials say that significant weaknesses in controls threaten the confidentiality and integrity of key information systems.
As a result, increased risk exists that unauthorized individuals could read, delete or change sensitive and personally identifiable information, or disrupt service on Homeland Security systems, the officials add.
Langevin said the IG also found "numerous" examples where sensitive and classified data was not handled properly.
"It really does beg the question: how can the Department of Homeland Security lead the country in cybersecurity when it can't even secure its own networks?" Langevin asked.
Charbo will list actions the department has taken to correct the problems, according to written testimony submitted to Langevin's subcommittee.
He will testify that the department is now operating under a new management directive governing information technology operations; consolidating its major networks; and developing a remediation plan for improving the security of our core financial systems.
Charbo acknowledges in his written testimony that the department still has work to do, but says it has made measurable improvements in its management of information security.
Overall, the IG found 844 cybersecurity incidents on Homeland Security Department systems between 2005 and 2006.
Langevin said he is under the impression that security vulnerabilities still exist.
"The preliminary IG investigation would indicate that it is still going on and we don't know when or if [the security vulnerabilities are] going to be closed," he said. "These 844 incidents have not all been fixed, as we understand it."
The department might have to spend more money on its cybersecurity, Langevin added.
He said it is not uncommon for a large private company to devote 20 percent of its chief information officer's budget to cybersecurity, compared to Charbo's office, which only spends 6.8 percent of its budget to safeguard department networks and data.
Article link: http://nationaljournal.com/pubs/congressdaily/am070620.htm#2