We’ll be keeping an eye on the House Homeland Security Committee today. Its subcommittee on Emerging Threats, Cybersecurity and Science and Technology is holding a hearing to identify the failures of the Department of Homeland Security (DHS) to secure its information networks. Scott Charbo, CIO of the DHS is expected to appear this afternoon as well as Gregory Wilshusen, director of information security issues in the Government Accountability Office (GAO) and Keith A. Rhodes, director of the Center for Technology and Engineering with the GAO.
Today’s hearing is expected to examine specific incidents that took place on the DHS servers, including “rootkits, classified leaks, compromised websites, bot infections, unauthorized use of networks by contractors, and viruses.” The subcommittee has also identified a specific DHS network that is “riddled with … weaknesses” and could result in data leakage.
The subcommittee has been investigating a breach at the State Department that took place in July 2006. At the time of the intrusion, officials said the attacks were against unclassified State Department systems and that no sensitive information had been compromised. In a hearing in April, lawmakers found out that the attacks originated in east Asia after a department employee opened a malicious email that contained an attachment that installed a Trojan Horse. The subcommittee also learned about an attack on the Department of Commerce systems in October 2006. In that attack, hackers used a rootkit to attack the department’s Bureau of Industry and Security.
Some lawmakers are ultimately trying to decide whether the DHS should be given primary responsibility for overseeing federal network security. Our Washington contributor pointed out in her story from the April hearing that some officials say its not a good idea since DHS has not performed well on the annual FISMA report card.
We’ll let you know if anything new is gleaned from the hearings this afternoon.