The committee has also asked DHS officials to reveal whether or not they have taken an inventory of each access point on the agency's network, and how it has approached the practice of penetration testing for its internal and external systems.
In addition to questioning the department's security testing policies, the committee has asked DHS to turn over details of any secure software coding initiatives it has launched in the name of eliminating vulnerabilities in its applications, as well as statistics on how much of its coding is being performed by outside contractors.
The committee has also asked for information on whether or not DHS is requiring two-factor IT systems authentication for all privileged personnel and systems administrators.
A good deal of discussion at the hearing is likely to be given over to the process that DHS has employed to meet the terms of the Federal Information Security Management Act (FISMA), which was enacted by Congress in 2002 and is aimed at improving IT security in the federal space via a system of mandated annual audits.
The hearing may be seen as a bellwether moment in the continued development of government IT security policies and enforcement, as the DHS has been charged with helping to oversee the performance of other agencies, including via its work with US-CERT.
If the DHS is found to have failed to protect its own systems adequately, some observers believe that the agency will be put under significant pressure to completely retrench its IT operations in the name of improving security, a process that may then be pushed out to other federal agencies.
Some experts believe that adopting such an approach will soon become a fact of life for all government agencies, as many legacy computer systems and policies are not suited to respond to today's fierce security climate.
Dave Nelson, a retired deputy CIO for IT security at NASA, who also worked in the White House Office of Scientific Research, said that the government, much like enterprise businesses, has been put in the uncomfortable position of coping with security threats in a cat-and-mouse game, based on long-standing flaws in the technologies and processes it employs.
"Until the Internet and the computers that are on it are fundamentally reengineered to be inherently secure, we will always be in coping mode," Nelson said. "The government and IT industry may not know how to make these types of technologies yet, but if they don't get cracking, things will only get worse; as the economic and political payoff of attacks continues to rise, that's our only choice."
While Nelson said he has not been made privy to information on attacks on government IT infrastructure for several years, he estimates that there are still many breaches, and that the sophistication of the attacks is ramping up quickly.
One of the specific areas that Nelson said needs to be investigated more closely is to what extent foreign governments or politically motivated groups such as terrorists may be involved in cyberthreats.
"We don't have any public information that would conclusively prove that some of these attacks are being launched by other nations, but there seem to be significant resources behind them in terms of people and financing," Nelson said. "That's the scariest part, and extrapolating that idea into the future, I don't see a lot of encouraging signs for improvement. If you look at the zero day attacks, they only seem to be getting worse, and I don't see evidence that the systems vulnerabilities they target are going away anytime soon."