Homeland Security to detail IT attacks

Officials from the US Department of Homeland Security will hold a hearing this week to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions.

Share

Officials from the US Department of Homeland Security will hold a hearing this week to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions.

In response to requests from Congress to test the agency's IT security defences, DHS chief information officer Scott Charbo and Gregory Wilshusen, director of information security issues at the Government Accountability Office (GAO) will detail their findings in a hearing labelled "Hacking the Homeland: Investigating Cyber-security Vulnerabilities at the Department of Homeland Security".

In a letter sent to Charbo on 30 April, members of Congress led by representative Bennie G. Thompson, chairman of the House Committee on Homeland Security, asked DHS to conduct a review of its information system security in the wake of news that the departments of commerce and state were successfully hacked during 2006.

Details of those systems intrusions were first revealed at a hearing coordinated by the House Subcommittee on Emerging Threats, Cyber-security, Science and Technology on 19 April.

"These incidents jeopardise the integrity of our government's information. We are concerned that similar incidents may be occurring within the networks of the Department of Homeland Security," read the letter, which was also signed by ranking members of the House Subcommittee on Management, Investigations and Oversight.

Among the issues expected to be addressed by Charbo and other witnesses - including Keith A. Rhodes, director for the Center for Technology and Engineering in the GAO - at the hearing on 20 June will be a review of cybersecurity incidents reported to the DHS Security Operations Center (SOC), such as instances of rootkits, classified leaks, compromised websites, bot infections, unauthorised use of networks by contractors and virus attacks.

According to a Congressional press release distributed ahead of the hearing, the GAO witnesses will also describe an investigation they conducted on a specific DHS network that is "riddled with significant information security control weaknesses that place sensitive and personally identifiable information at increased risk of unauthorised disclosure."

The subcommittee also plans to air some of its concerns with the DHS OneNet project, which is aimed at consolidating all of the agency's information networks under one roof, and to question a perceived lack of IT security funding by Charbo.

The Congressional committee has said it will call for further investigation of security issues existing within DHS at the hearing.

Among the specific questions posed to DHS leaders by Thompson and other members of the House Committee on Homeland Security are what responsibility Charbo has over management of the agency's networks, and his relationship with the department's chief information security officers (CISOs) and chief information officers.

Find your next job with computerworld UK jobs