Article

DHS suffered more than 800 cyber attacks in two years

Robert Westervelt, News Director

The Department of Homeland Security (DHS) suffered 844 attacks in the last two years, according to senior officials who testified before a House subcommittee Wednesday.

    Requires Free Membership to View

What we found in terms of staff investigative work and also the GAO report is very disturbing in terms of weaknesses to security.

Rep. Jim Langevin, D-R.I.subcommittee chairman

The officials acknowledged that a rootkit was discovered within two internal DHS servers designed to steal passwords and other sensitive data. The agency documented hundreds of break-ins and received assistance from its Security Operations Center and the U.S. Computer Emergency Readiness Team it operates with Carnegie Mellon University.

"What we found in terms of staff investigative work and also the GAO report is very disturbing in terms of weaknesses to security," said Rep. Jim Langevin, D-R.I., who serves as chairman of the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology.

The Homeland Security Department's chief information officer, Scott Charbo, said the department is implementing "numerous changes to improve and address emerging information security risks and challenges while at the same time enhancing information sharing." He said the department was taking a more proactive approach to cybersecurity, including migrating legacy systems to more secure servers and adding network encryption and authentication.

Gregory Wilshusen, director of information security issues in the Government Accountability Office (GAO) said "shortcomings in the DHS security program persist though some progress has been made." The DHS completed an inventory of its systems for the first time in fiscal year 2006 and implemented contingency plan and security control testing.

Since 2005, the department had been working to improve its preparedness.

Despite the progress, "the quality and effectiveness of these activities was not assured and program deficiencies continue to exist," Wilshusen said. "These deficiencies contribute to serious security control weaknesses and threaten the confidentiality and availability of key DHS systems."

All the computer problems involved the department's unclassified computer networks. The computer problems disclosed to the House Homeland Security subcommittee occurred during fiscal 2005 and fiscal 2006, and occurred at DHS headquarters and many of the department's agencies, including TSA, the Coast Guard, Federal Emergency Management Agency, Customs and Border Protection and others.

Lawmakers were concerned pressed the senior officials about the origination of botnets, which attacked the DHS network. In a hearing in April, lawmakers found out that the attacks on a State Department system originated in east Asia after a department employee opened a malicious email that contained an attachment that installed a Trojan.

"Of those events which are bots, I have no evidence that points back to the Chinese network," Wilshusen said. He said that when malicious spyware or rootkits are discovered forensic analysis is conducted to identify if further actions need to be taken.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: