DHS computer systems vulnerable to hackers

Published 20 June 2007

DHS reports that during the past two years, its computer systems suffered more than 800 hacker break-ins, virus outbreaks, and other computer security problems

Physician, heal thyself. DHS acknowledged that the department suffered more than 800 hacker break-ins, virus outbreaks, and other computer security problems during the past two years. In one instance, hacker tools for stealing passwords and other files were found on two internal DHS computer systems. The agency’s headquarters sought forensic help from the department’s own Security Operations Center and the U.S. Computer Emergency Readiness Team it operates with Carnegie Mellon University.

Another example: Computer workstations in the Coast Guard and the Transportation Security Administration (TSA) were infected with malicious software detected trying to communicate with outsiders; laptops were discovered missing; and agency Web sites suffered break-ins.

AP reports that congressional investigators, expected to testify today during an oversight hearing about the department’s security lapses, determined that persistent weaknesses “threaten the confidentiality, integrity and availability of key DHS information and information systems,” according to a new report from the Government Accountability Office (GAO) being released later in June.

Scott Charbo, DHS’s CIO, assured lawmakers his organization was working to prevent such problems. “We need to increase our vigilance to ensure that such incidents do not happen again,” Charbo wrote in testimony prepared for today’s hearing. “The department takes these incidents very seriously and will work diligently to ensure they do not recur.”

The computer problems disclosed to the House Homeland Security subcommittee occurred during fiscal 2005 and fiscal 2006, and occurred at DHS headquarters and many of the department’s agencies, including TSA, the Coast Guard, Federal Emergency Management Agency (FEMA), Customs and Border Protection (CBP), and others. All the problems involved DHS’s unclassified computer networks, although DHS officials also have acknowledged to lawmakers dozens of incidents they described as “classified spillage,” in which secret information was improperly transmitted or discussed over nonsecure e-mail systems.