|
Hackers succeeded in penetrating computer systems of
the Department of Homeland Security in hundreds of attacks on the
lead US cybersecurity agency, a congressional panel disclosed
Wednesday.
A lawmaker said at a hearing that documents provided to his
subcommittee showed DHS suffered 844 cybersecurity
"incidents" in fiscal 2005 and 2006, including some
resulting in infection with viruses or other malicious code.
"It was a shock and a disappointment to learn that the
Department of Homeland Security -- the agency charged with being the
lead in our national cybersecurity -- has suffered so many
significant security problems on its networks," Representative
James Langevin told the hearing of the Committee on Homeland
Security.
Langevin said documents showed the 844 incidents affected various
DHS agencies including Immigration Customs Enforcement (ICE) and the
Federal Emergency Management Agency (FEMA).
The incidents including unauthorized access to DHS computers,
misconfiguration of firewalls, the compromising of a website,
infection with Trojans and viruses and classified data
"spillages," the lawmaker said.
"What does this mean? It means terrorists or nation states
could be hacking Department of Homeland Security databases, changing
or altering names to allow them access to this country, and we
wouldn't even know they were doing it," he said.
Scott Charbo, the agency's chief information officer acknowledged in
prepared testimony: "Certainly, we need to increase our
vigilance to ensure that such incidents do not happen again."
A report by the congressional Government Accountability Office said
DHS has made some progress following earlier reviews but that
computer security remained inadequate.
"Significant weaknesses in computer security controls threaten
the confidentiality, integrity, and availability of key DHS
information and information systems," the report said.
Some lawmakers said DHS needs to step up its efforts to promote
sound security and protect against what some fear is a "digital
Pearl Harbor" in which critical computer systems are attacked.
"How can the Department of Homeland Security be a real advocate
for sound cybersecurity practices without following some of its own
advice?" Representative Bennie Thompson said.
"How can we expect improvements in private infrastructure
cyberdefense when DHS bureaucrats aren't fixing their own
configurations?"
 --AFP
|
