The Department of Homeland Security (DHS) suffered 844 attacks in the last two years, according to senior officials who testified before a House subcommittee Wednesday.
The officials acknowledged that a rootkit was discovered within two internal DHS servers designed to steal passwords and other sensitive data. The agency documented hundreds of break-ins and received assistance from its Security Operations Center and the U.S. Computer Emergency Readiness Team it operates with Carnegie Mellon University.
"What we found in terms of staff investigative work and also the GAO report is very disturbing in terms of weaknesses to security," said Rep. Jim Langevin, D-R.I., who serves as chairman of the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology.
The Homeland Security Department's chief information officer, Scott Charbo, said the department is implementing "numerous changes to improve and address emerging information security risks and challenges while at the same time enhancing information sharing." He said the department was taking a more proactive approach to cybersecurity, including migrating legacy systems to more secure servers and adding network encryption and authentication.
Gregory Wilshusen, director of information security issues in the Government Accountability Office (GAO) said "shortcomings in the DHS security program persist though some progress has been made." The DHS completed an inventory of its systems for the first time in fiscal year 2006 and implemented contingency plan and security control testing.
Since 2005, the department had been working to improve its preparedness.
Despite the progress, "the quality and effectiveness of these activities was not assured and program deficiencies continue to exist," Wilshusen said. "These deficiencies contribute to serious security control weaknesses and threaten the confidentiality and availability of key DHS systems."
All the computer problems involved the department's unclassified computer networks. The computer problems disclosed to the House Homeland Security subcommittee occurred during fiscal 2005 and fiscal 2006, and occurred at DHS headquarters and many of the department's agencies, including TSA, the Coast Guard, Federal Emergency Management Agency, Customs and Border Protection and others.
Lawmakers were concerned pressed the senior officials about the origination of botnets, which attacked the DHS network. In a hearing in April, lawmakers found out that the attacks on a State Department system originated in east Asia after a department employee opened a malicious email that contained an attachment that installed a Trojan.
"Of those events which are bots, I have no evidence that points back to the Chinese network," Wilshusen said. He said that when malicious spyware or rootkits are discovered forensic analysis is conducted to identify if further actions need to be taken.