Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Data Security / Homeland Security Grilled on Failures
Homeland Security CIO Grilled on Weaknesses
Homeland Security CIO Grilled on Weaknesses
By Frederick Lane / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
June 20 was a particularly long day for Scott Charbo, the Chief Information Officer for the Department of Homeland Security (DHS). He was the lead witness in a hearing held by a subcommittee of the U.S. House Committee on Homeland Security. The hearing was convened as part of the Committee's ongoing investigation into the cybersecurity vulnerabilities of the United States.

In his opening statement, the subcommittee's chairman, Rep. James R. Langevin (D-R.I.), emphasized that, from the series of hearings on cybersecurity, it has become clear that "infiltration of federal government networks and the possible theft or exploitation" of government information is "one of the most critical issues" confronting the U.S.

0'Significant Security Incidents'

The irritation of federal lawmakers was heightened by the release of a report by the Government Accountability Office that concluded that, despite some progress, there were still significant flaws in key DHS security programs.

"These program deficiencies," the report states, "contribute to significant weaknesses in computer security controls that threaten the confidentiality, integrity, and availability of key DHS information and information systems."

Langevin said that he was deeply disappointed by the failure of DHS to deal with the security issue. "It was a shock and disappointment," he said, "to learn that the Department of Homeland Security -- the agency charged with being the LEAD in our national cybersecurity -- has suffered so many significant security incidents on its networks."

In a recent report to the Committee on Homeland Security, DHS stated that it had experienced 844 "cybersecurity incidents" in 2005 and 2006. The incidents in question ranged from the discovery of malware for password dumping on DHS computers, to the installation of beacon and botware, to writing out administrator IDs and passwords on hard copy.

The Chair of the Committee on Homeland Security, Bennie Thompson (D-Miss.), said that he questioned Charbo's fitness to continue in his job as DHS CIO. "I've spent some time reviewing Mr. Charbo's responses to our questions," Thompson said, "and reviewing the numerous IG [Inspector General] and GAO audits of his work. I am not convinced that he's serious about fixing the vulnerabilities in our systems."

The Chinese Connection

In one of the hearing's more interesting exchanges, Langevin suggested the possibility that some of the attacks on the DHS stemmed from a single foreign government. "Have you ever requested or received intelligence briefings about Chinese hackers penetrating federal networks," Langevin asked Charbo, "and on a scale of 1 to 10, how concerned are you about this threat?"

"Myself, I have not received intelligence briefings on these incidents," Charbo replied. "Do we receive scans from foreign governments, I believe so. We report those; those are not penetrations. From a scale of 1 to 10, it is significant. It would be at a high scale in terms of concern."

Charbo defended DHS security, telling the subcommittee that, "We do have a decent perimeter for the Department, where we are trapping things that come through, but none of those point back to being an orchestrated attack."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.