Menu
Menu
Homeland Security to Detail IT Attacks

Homeland Security to Detail IT Attacks

Among the incidents that Congress has specifically asked for more information about are the most severe threats encountered by the agency between 2004 and 2007

Officials from the US Department of Homeland Security will hold a hearing on Capitol Hill to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions.

In a hearing labelled "Hacking the Homeland: Investigating Cyber-security Vulnerabilities at the Department of Homeland Security", officials including DHS chief information officer Scott Charbo and Gregory Wilshusen, director of information security issues at the Government Accountability Office (GAO) are scheduled to detail their findings in response to requests from Congress to test the agency's IT security defences.

If the DHS is found to have failed to protect its own systems adequately, some observers believe that the agency will be put under significant pressure to completely retrench its IT operations in the name of improving security

In a letter sent to Charbo on April 30, 2007, members of Congress asked the DHS to conduct a review of its information system security in the wake of news that the departments of commerce and state were successfully hacked during 2006.

Details of those systems intrusions were first revealed at a hearing coordinated by the House Subcommittee on Emerging Threats, Cyber-security, Science, and Technology on April 19.

"These incidents jeopardize the integrity of our government's information. We are concerned that similar incidents may be occurring within the networks of the Department of Homeland Security," read the letter, which was also signed by ranking members of the House Subcommittee on Management, Investigations, and Oversight.

Among the issues expected to be addressed at the hearing will be a review of cybersecurity incidents reported to the DHS Security Operations Centre (SOC), such as instances of rootkits, classified leaks, compromised Web sites, bot infections, unauthorized use of networks by contractors, and virus attacks.

According to a Congressional press release distributed ahead of the hearing, the GAO witnesses will also describe an investigation they conducted on a specific DHS network that is "riddled with significant information security control weaknesses that place sensitive and personally identifiable information at increased risk of unauthorized disclosure".

The subcommittee also plans to air some of its concerns with the DHS OneNet project, which is aimed at consolidating all of the agency's information networks under one roof, and to question a perceived lack of IT security funding by Charbo.

The Congressional committee has said it will call for further investigation of security issues existing within DHS at the hearing.

Among the specific questions posed to DHS leaders are what responsibility Charbo has over management of the agency's networks, and his relationship with the department's chief information security officers (CISOs) and chief information officers.

Charbo was also asked to provide details of the agency's information security policies and incident response plans, along with data on how many and what types of security events it has reported to the US Computer Emergency Readiness Team (US-CERT), which was established in 2003 and operates as a partnership between DHS and the public and private sectors.

Among the incidents that Congress has specifically asked for more information about are the most severe threats encountered by the agency between 2004 and 2007.

The committee has also asked DHS officials to reveal whether or not they have taken an inventory of each access point on the agency's network, and how it has approached the practice of penetration testing for its internal and external systems.

In addition to questioning the department's security testing policies, the committee has asked DHS to turn over details of any secure software coding initiatives it has launched in the name of eliminating vulnerabilities in its applications, as well as statistics on how much of its coding is being performed by outside contractors.

The committee has also asked for information on whether or not DHS is requiring two-factor IT systems authentication for all privileged personnel and systems administrators.

A good deal of discussion at the hearing is likely to be given over to the process that DHS has employed to meet the terms of the Federal Information Security Management Act (FISMA), which was enacted by Congress in 2002 and is aimed at improving IT security in the federal space via a system of mandated annual audits.

The hearing may be seen as a bellwether moment in the continued development of government IT security policies and enforcement, as the DHS has been charged with helping to oversee the performance of other agencies, including via its work with US-CERT.

If the DHS is found to have failed to protect its own systems adequately, some observers believe that the agency will be put under significant pressure to completely retrench its IT operations in the name of improving security, a process that may then be pushed out to other federal agencies.

Some experts believe that adopting such an approach will soon become a fact of life for all government agencies, as many legacy computer systems and policies are not suited to respond to today's fierce security climate.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Error: Please check your email address.

More about ACTCERT AustraliaHISNASAVIA

Show Comments

Market Place

Computerworld
ARN
Techworld
CMO