Homeland Security On the Hot Seat for Cybersecurity Flaws

By Deborah Gage  |  Posted Monday, June 25, 2007 19:06 PM

There were 844 security incidents at the DHS in 2005 and 2006.

The department was called to explain itself last week in front of a House Homeland Security sub-committee, because an audit by the Government Accountability Office revealed "pervasive and systemic" security problems with DHS computers and networks. The GAO found lost and stolen laptops, malware on computers and possible hacking of the U.S. VISIT database, which, said Congressman Bob Ethridge, could render the government's terrorist watchlist "useless."

The chief information officer of DHS, Scott Charbo, said the problems aren't as serious as the GAO claims. He told the committee that the GAO's data is a year old and many problems have been fixed.

But the GAO said it started its audit a year ago and eventually stopped because it kept finding more and more problems. "I'd argue today that if we were still auditing we'd still be finding things," said the GAO's chief technologist, Keith Rhodes.

One problem for the DHS, according to GAO, is that DHS security is handled by contractors, who misconfigured a router, although Charbo says he caught that. Another is that the DHS was formed in 2002 from parts of 22 government agencies, apparently with little regard for how all those computer systems were going to work together.

What struck me about the hearing was the lack of agreement on how federal CIOs should do their jobs, and the lack of communication within the government. Charbo, for example, said he had not been briefed on Titan Rain, the now infamous probes coming from China of U.S. government computer networks.

Charbo told the subcommittee he wants more intelligence briefings and would like to be able to get them without having to find out they exist and then ask for them. "It doesn't need to be a decoder-ring level, supersecret briefing to understand what's above the fold on the front page of the Washington Post," the GAO's Rhodes shot back.

Let's hope the DHS gets more support. Charbo believes DHS systems have been scanned by foreign countries, but not yet penetrated or systematically attacked.

A video of the hearing is here. The GAO's written testimony is here.