Government auditors told a Congressional committee last week that computer security at the Department of Homeland Security still needs improvement, even after years of work to remedy the problems.
The Government Accountability Office reported (PDF) June 20 that while DHS had taken significant steps to improve its computer security since a 2005 investigation, the department still had “significant weaknesses” raising the risk that individuals could gain unauthorized access to sensitive data or disrupt operations.
During the hearing, House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology members took DHS chief information officer Scott Charbo to task about the dismal state of computer security at the department, saying he had “underinvest[ed] in IT security” and questioning whether he should keep his job.
“[I]nformation provided by DHS suggests that the CIO is failing to engage in defensive best practices that would limit penetrations into DHS networks,” said Rep. Jim Langevin (D-R.I.), subcommittee chairman. “The department’s failure to implement the Einstein program, contracts with Sprint and MCI where the carrier has misconfigured the firewall, and other problems are quite disturbing.”
“It was a shock and a disappointment to learn that the Department of Homeland Security . . . has suffered so many significant security incidents on its networks,” the congressman said. “DHS reported to the committee that it experienced 844 cybersecurity incidents in fiscal 2005 and 2006.”
Langevin pointed out these included workstations infected with Trojans and viruses, a workstation infected with a Trojan scanning for port 137, which demonstrates that “individuals attempting to scan DHS systems through the Internet,” and PCs containing suspicious beaconing activity and a botnet that lets a hacker control the compromised computer. — Government Computer News
Keith Rhodes, chief technologist at the Government Accountability Office, also performed penetration testing of DHS networks. The results were surprising, not because there were problems found, but because of how many problems he found.
“I would label them [DHS] as being at high risk,” Rhodes toldInformationWeek the day after a congressional hearing into the security of the government agency tasked with being the leader of the nation’s cybersecurity. “There was no system we tested that didn’t have problems. There was nothing we touched that didn’t have weaknesses, ranging from WAN to desktops. . . . If we had continued the audit we would have found more. We curtailed the audit because we just kept finding problems. At a certain point, we just ran out of room in our basket.” — InformationWeek
And why, exactly, is computer security so important? You may not have very much of importance on your computer, but DHS certainly does.
“Terrorists or nation states could be hacking Department of Homeland Security databases, changing or altering their names to allow them access to this country, and we wouldn’t even know they were doing it,” Langevin said.
And more bad news is coming down the pike. GAO is preparing to release a report on the US-VISIT program, which maintains a biometric database of foreign visitors to the U.S., which will say that computer security problems are so severe they prevent the government from even knowing whether the system has been penetrated, and that the problems could have been easily fixed.
“I did not see controls in place that would prevent (hacking), I did not see defensive perimeters, and I did not see detections systems in place that would let you know whether it had or had not” been hacked, Rhodes told the committee. — CNET News.com
Do you feel safer now?
(No Ratings Yet)
Loading ...
Karl Marx would love the popular moves among politicians in various state governments and the federal government to ban so-called "junk" food in schools, and to "put healthy food in" convenience stores and on the tables of those they define as poor. It's a very elitist and arrogant mindset that promotes this ideology, and it needs to be addressed.
Ultimately, the war supporters in Congress prevailed in the vote on the resolution. Still, the vote was significant because it places every member of Congress on the record as supporting or not supporting the unconstitutional, costly, violent occupation of a country that never attacked us. This vote should serve as an important reminder to the American people of where their representatives really stand when it comes to policing the world, empire building, and war.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Hell no.
Jun 28, 2007
Every country in the world has a secret agent man over here. They laugh at us and our so called security. Some have said a bunch of corrupt (not all are) Mexicans are running the show now!!!This is not our computer or URL!! Hell there are terrorists in our government yet they go unpunished. They could do a much better job. Hacking is a joke so, I am told it is often too easy.You should never give out personal information to strangers over the net.(plain and simple).
Ray
Jun 29, 2007
Is it possible to “corrupt” the operations of an organization who very purpose and nature is already corrupt?
Slim
Jun 29, 2007
Why doesnt the government just post every piece of information they have on a public website that way people wouldn’t need to hack in to the DHS network and the government bureaucrats would not need to worry there poor little heads about security.
Latest technology.
Jun 29, 2007
The prime information that should be kept secret is the latest technology. That they watch like a junkyard dog. That is what needs to be protected. The other bogus stuff is just child’s play to the rest of the world. The Secret Service, Cops, CIA an FBI are very much needed. We don’t need another 911 but, some religous groups don’t see it that way. The Muslims told us they went to Paradise. That is BS nowhere in the Book of Muslim does it say killers or sucidal people get into paradise.Terrorism must be stopped. The bad law enforcement should be weeded out. They should have to stick to a code of conduct just like everyone else. They say war is not the answer. They need a World wide organization were law makers from allover the world can come to a compromise( a revised UN). The US is making more enemies by blowing up IRAQ’s water supplies, civilians and more.. WE are looking like terrorists to the rest of the world. The beating of Prisoner’s of war is just unjust. They are people just like us. Compromise is still the key. The truth is there is no such thing as security. True security would be a code of conduct that the enitire world would have to follow. Anyone can hack. It truly does’nt take many brains and most likely 911 was an inside job obviously. What kind of World wide code of Conduct would be the best?? All religions have similar ideas so, most likely that would be a great solution. We would never have become a more civilized world without some kind of code of ethics. Two wrongs never make a right either. Good luck to all.
The Threat
Jul 10, 2007
So we have the government talking about itself, saying security is poor. That’s very believable…right?