News Stay informed about the latest enterprise technology news and product updates.

State Department to face hearing on '06 security breach

A Congressional subcommittee is seeking answers about the attacks, which appeared to originate in Asia.

A week after receiving a second consecutive failing grade on cybersecurity, officials from the Department of State on Thursday will be called on the carpet to answer questions from a House committee about a serious intrusion of the department's computer network last summer.

As part of a broader review of the federal government's information security policies and practices, a subcommittee of the House Committee on Homeland Security plans to hold a hearing Thursday to seek more information about the attacks, which took place in July 2006. At the time of the intrusion, officials said the attacks were against unclassified State Department systems and that no sensitive information had been compromised.

"First of all, the systems affected were unclassified computer systems. And let me just say that this was, as these things go, a textbook example of how you monitor -- detect, monitor and immediately address a challenge to the integrity of a computer system in terms of cybersecurity efforts," department spokesman Sean McCormack said in a press briefing at the time of the intrusion. "Our folks monitored this attempt and took immediate steps to prevent any loss of sensitive U.S. Government information. There is an ongoing forensic investigation to examine exactly what happened and to try to learn from that, but the initial findings of the investigation are that there was no compromise of sensitive U.S. Government information."

State Department breach:
State Department probes computer break-ins

State Department's Jane Scott Norris
: In an interview with Information Security magazine, Jane Scott Norris, Department of State's first CISO, offers some insight on what it takes to become a CISO.

The attacks appeared to originate in Asia, officials said, and targeted systems in both the United States and overseas. But now, the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology wants to know more, and the list of data it is seeking is extensive. In a letter sent to Secretary of State Condoleeza Rice on April 6, committee Chairman Bennie Thompson asked the department to provide specific information regarding how quickly department security specialists detected the attack, whether the department knows how long the attackers had access to the network and what other systems may have been compromised during the attack. The three-page letter also asks the department to provide evidence that it completely eliminated any malicious software the attackers may have planted, as well as documentation of all of the communications between State and the Department of Homeland Security regarding the incident.

But the part that could be especially problematic for State Department officials is the detailed information the committee is seeking on its Federal Information Security Management Act (FISMA) compliance efforts. In his annual report card on federal cybersecurity and FISMA compliance released last week, Rep. Tom Davis, R-Va., and the House Committee on Oversight and Government Reform gave State an F, the same grade the department received the previous year and in 2003. Among other things, FISMA requires computers on federal networks to be certified according to specific standards. Thompson, D-Miss., is asking State for a wide range of FISMA-related documentation, including:

  • How much money the department spent on certifications and accreditations, and how those efforts led to better defenses.
  • What changes were made to systems based on those reports?
  • How much does FISMA compliance cost the department?
  • What model of secure configurations was the department using for Windows systems at the time of the attack and has the department issued a policy since the attack requiring that secure configurations be used?
  • When did the department last test its Windows systems to ensure they were in compliance with the secure configuration?
  • When was the last time the department ran Web security tools against its Internet-facing applications?

    The witness list for Thursday's hearing is extensive, and includes a number of security experts from the private sector, as well as government officials. Among those scheduled to testify are Jerry Dixon, director of the National Cybersecurity Division at DHS; Don Reid, senior coordinator for secure infrastructure at the Bureau of Diplomatic Security at the State Department; Ken Silva, CSO of VeriSign Inc.; and Rob Thomas of Team Cymru, a collection of security specialists.

  • Dig Deeper on Government information security management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.