Homeland Security to detail IT attacks

Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions.

In a hearing labeled "Hacking the Homeland: Investigating Cyber-security Vulnerabilities at the Department of Homeland Security," officials including DHS chief information officer Scott Charbo and Gregory Wilshusen, director of information security issues at the Government Accountability Office (GAO) are scheduled to detail their findings in response to requests from Congress to test the agency's IT security defenses.

In a letter sent to Charbo on April 30, members of Congress led by Rep. Bennie G. Thompson (D-Miss.), chairman of the House Committee on Homeland Security, asked DHS to conduct a review of its information system security in the wake of news that the departments of commerce and state were successfully hacked during 2006.

Details of those systems intrusions were first revealed at a hearing coordinated by the House Subcommittee on Emerging Threats, Cyber-security, Science, and Technology on April 19.

"These incidents jeopardize the integrity of our government's information. We are concerned that similar incidents may be occurring within the networks of the Department of Homeland Security," read the letter, which was also signed by ranking members of the House Subcommittee on Management, Investigations, and Oversight.

Among the issues expected to be addressed by Charbo and other witnesses -- including Keith A. Rhodes, director for the Center for Technology and Engineering in the GAO -- at next week's hearing will be a review of cybersecurity incidents reported to the DHS Security Operations Center (SOC), such as instances of rootkits, classified leaks, compromised Web sites, bot infections, unauthorized use of networks by contractors, and virus attacks.

According to a Congressional press release distributed ahead of the hearing, the GAO witnesses will also describe an investigation they conducted on a specific DHS network that is "riddled with significant information security control weaknesses that place sensitive and personally identifiable information at increased risk of unauthorized disclosure."

The subcommittee also plans to air some of its concerns with the DHS OneNet project, which is aimed at consolidating all of the agency's information networks under one roof, and to question a perceived lack of IT security funding by Charbo.

The Congressional committee has said it will call for further investigation of security issues existing within DHS at the hearing.

Among the specific questions posed to DHS leaders by Thompson and other members of the House Committee on Homeland Security are what responsibility Charbo has over management of the agency's networks, and his relationship with the department's chief information security officers (CISOs) and chief information officers.

Charbo was also asked to provide details of the agency's information security policies and incident response plans, along with data on how many and what types of security events it has reported to the U.S. Computer Emergency Readiness Team (US-CERT), which was established in 2003 and operates as a partnership between DHS and the public and private sectors.

Among the incidents that Congress has specifically asked for more information about are the most severe threats encountered by the agency between 2004 and 2007.