By Jason Miller
June 15, 2007
Lawmakers continue to investigate the vulnerability of the Homeland
Security Departments information technology networks.
The investigation, which started April 30 with a letter to department
Chief Information Officer Scott Charbo, will continue June 20 when the
House Homeland Security Committees Emerging Threats, Cybersecurity, and
Science and Technology Subcommittee will hold a hearing examining the
issues DHS faces and what it is doing to improve its security.
In a letter to Charbo May 31, committee Chairman Bennie Thompson
(D-Miss.) asked an additional 12 questions about the status of DHS
networks, how the agency is mitigating risks, when it last audited
contractors and internal systems, and more specifics on the data
security breaches Charbo reported in answers to the first set of
Charbo will testify next week along with Greg Wilshusen, director of
information security issues at the Government Accountability Office, and
Keith Rhodes, GAOs chief technologist.
The subcommittee will begin examining specific incidents that occurred
on DHS networks including rootkits, classified leaks, compromised Web
sites, bot infections, unauthorized use of networks by contractors and
viruses, according to a subcommittee briefing paper on the hearing. GAO
will describe an engagement they completed for the chairman on a
specific DHS network that is riddled with significant information
security control weaknesses that place sensitive and personally
identifiable information at increased risk of unauthorized disclosure.?
The subcommittee will also look at DHS network consolidation project,
called OneNet, and its plans to continue investigating incidents on
contractor-run networks, the briefing paper states.
Charbo has until today to answer Thompsons latest questions. Among the
items Thompson is requesting:
* A full network topology diagram.
* DHS plans to remedy vulnerabilities before converging networks under
* A list of funding reductions for DHS directorates that are not
mitigating risks and completing their security improvement milestones.
* DHS latest assessment of its wireless systems.
* DHS latest assessment of its contractor-run networks.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com