The US Department of Homeland Security (DHS) suffered
844 attacks in the last two years, according to senior officials
who testified before a subcommittee .
 | | | | | What we found in terms of staff
investigative work and also the GAO report is very disturbing in
terms of weaknesses to security.
Rep. Jim Langevin,
D-R.I.subcommittee
chairman |
| | | | | |
| |
|
The officials acknowledged that a
rootkit was discovered within two internal DHS servers designed
to steal passwords and other sensitive data. The agency documented
hundreds of break-ins and received assistance from its Security
Operations Centre and the U.S. Computer Emergency Readiness Team it
operates with Carnegie Mellon University.
"What we found in terms of staff investigative work and also the
GAO report is very disturbing in terms of weaknesses to security,"
said Rep. Jim Langevin, D-R.I., who serves as chairman of the House
Homeland Security Subcommittee on Emerging Threats, Cybersecurity
and Science and Technology.
The Homeland Security Department's chief information officer,
Scott Charbo, said the department is implementing "numerous changes
to improve and address emerging information security risks and
challenges while at the same time enhancing information sharing."
He said the department was taking a more proactive approach to
cybersecurity, including migrating legacy systems to more secure
servers and adding network
encryption and
authentication.
Gregory Wilshusen, director of information security issues in
the Government Accountability Office (GAO) said "shortcomings in
the DHS security program persist though some progress has been
made." The DHS completed an inventory of its systems for the first
time in fiscal year 2006 and implemented contingency plan and
security control testing.
Since 2005, the
department had been working to improve its
preparedness.
Despite the progress, "the quality and effectiveness of these
activities was not assured and program deficiencies continue to
exist," Wilshusen said. "These deficiencies contribute to serious
security control weaknesses and threaten the confidentiality and
availability of key DHS systems."
All the computer problems involved the department's unclassified
computer networks. The computer problems disclosed to the House
Homeland Security subcommittee occurred during fiscal 2005 and
fiscal 2006, and occurred at DHS headquarters and many of the
department's agencies, including TSA, the Coast Guard, Federal
Emergency Management Agency, Customs and Border Protection and
others.
Lawmakers were concerned pressed the senior officials about the
origination of botnets, which attacked the DHS network.
In a hearing in April, lawmakers found out that
the attacks on a State Department system originated in east
Asia after a department employee opened a malicious email
that contained an attachment that installed a Trojan.
"Of those events which are bots, I have no evidence that points
back to the Chinese network," Wilshusen said. He said that when
malicious spyware or rootkits are discovered forensic analysis is
conducted to identify if further actions need to be taken.