FBI investigates Unisys's responsibility for DHS security breaches

Published 24 September 2007

Chinese cyber-attackers compromised DHS computers during the summer and fall of 2006; these computers were supposed to be secured by Unisys in 2002 $1 billion contract; FBI investigates breaches and alleged cover-up

The FBI is investigating allegations that Blue Bell, Pennsylvania-based Unisys failed to detect a Chinese Web site’s cyber break-ins on computers at DHS and then tried to cover up its shortcomings, the Washington Post reports today. Unisys won a $1 billion contract in 2002 to build and manage information technology networks at the department and the Transportation Security Administration (TSA). Evidence gathered by the Homeland Security Committee of the U.S. House of Representatives indicates network-intrusion devices were not properly installed and monitored, the Post said. As a result, some 150 DHS computers were compromised by hackers using a Chinese-language Web site from June through October in 2006.

Unisys vigourously disputed the charge with a statement saying: “We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols…. We believe that a proper investigation of this matter will conclude that Unisys acted in good faith to meet the customer’s security requirements.” Besides the original $1 billion contract, Unisys received a $750 million follow-up deal in 2005.

An aide on the Homeland Security Committee told the newspaper that the FBI was investigating Unisys for criminal fraud. The committee also has called for the DHS to look into the matter. The committee also said the contractor allegedly had falsely certified the computer network had been protected to cover up its failings, the Post said.