A week after receiving a second consecutive failing grade on cybersecurity, officials from the Department of State on Thursday will be called on the carpet to answer questions from a House committee about a serious intrusion of the department's computer network last summer.
As part of a broader review of the federal government's information security policies and practices, a subcommittee of the House Committee on Homeland Security plans to hold a hearing Thursday to seek more information about the attacks, which took place in July 2006. At the time of the intrusion, officials said the attacks were against unclassified State Department systems and that no sensitive information had been compromised.
"First of all, the systems affected were unclassified computer systems. And let me just say that this was, as these things go, a textbook example of how you monitor -- detect, monitor and immediately address a challenge to the integrity of a computer system in terms of cybersecurity efforts," department spokesman Sean McCormack said in a press briefing at the time of the intrusion. "Our folks monitored this attempt and took immediate steps to prevent any loss of sensitive U.S. Government information. There is an ongoing forensic investigation to examine exactly what happened and to try to learn from that, but the initial findings of the investigation are that there was no compromise of sensitive U.S. Government information."
The attacks appeared to originate in Asia, officials said, and targeted systems in both the United States and overseas. But now, the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology wants to know more, and the list of data it is seeking is extensive. In a letter sent to Secretary of State Condoleeza Rice on April 6, committee Chairman Bennie Thompson asked the department to provide specific information regarding how quickly department security specialists detected the attack, whether the department knows how long the attackers had access to the network and what other systems may have been compromised during the attack. The three-page letter also asks the department to provide evidence that it completely eliminated any malicious software the attackers may have planted, as well as documentation of all of the communications between State and the Department of Homeland Security regarding the incident.
But the part that could be especially problematic for State Department officials is the detailed information the committee is seeking on its Federal Information Security Management Act (FISMA) compliance efforts. In his annual report card on federal cybersecurity and FISMA compliance released last week, Rep. Tom Davis, R-Va., and the House Committee on Oversight and Government Reform gave State an F, the same grade the department received the previous year and in 2003. Among other things, FISMA requires computers on federal networks to be certified according to specific standards. Thompson, D-Miss., is asking State for a wide range of FISMA-related documentation, including:
The witness list for Thursday's hearing is extensive, and includes a number of security experts from the private sector, as well as government officials. Among those scheduled to testify are Jerry Dixon, director of the National Cybersecurity Division at DHS; Don Reid, senior coordinator for secure infrastructure at the Bureau of Diplomatic Security at the State Department; Ken Silva, CSO of VeriSign Inc.; and Rob Thomas of Team Cymru, a collection of security specialists.