Security Bytes

May 2 2007   10:02AM GMT

Congress demands answers on DHS network security

David Schneier David Schneier Profile: David Schneier

Don’t look now, but it appears that Congress is beginning to pay some serious attention to the security (or lack thereof) of the federal government’s networks. A House subcommittee last month held a hearing on some serious intrusions into the networks at thScott Charboe Department of State and Department of Commerce last year, and the members spent a lot of time asking the federal officials what they knew and when they knew it. From the comments coming out of the hearing, it did not appear that the lawmakers were even close to satisfied with the answers.

Now the House Committee on Homeland Security is looking for some straight answers from the Department of Homeland Security about how that department plans to improve the security of its network. The committee sent a letter to DHS CIO Scott Charbo on Monday demanding reponses to a series of 13 questions, including:

  • Has the department mandated two-factor authentication for all privileged personnel and systems administrators? If not, why?
  • Has the department implemented a secure coding initiative? What portion of software deployed by the department and its components have been tested using source code analysis tools?
  • When was the last time the department used ingress and egress filtering on client personal computers?
  • When the department purchases software do the procurement documents require that the purchased software operates effectively on the secure configurations?

The letter is similar to one that the committee sent to the State Department ahead of last month’s hearing, and it’s a clear indication that at least some members of Congress are aware of the vulnerability of the country’s federal networks. Whether any concrete changes come from these actions remains to be seen, but things are starting to get interesting inside the Beltway.

Technorati Tags: , ,

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: