What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

Close

DHS Web sites vulnerable to hackers, IG says

Protocols are in place, but patch management is spotty

The Homeland Security Department’s most popular Web sites appear to be vulnerable to hackers and could put department data at risk of loss or unauthorized use, according to a new report from DHS Inspector General Richard Skinner.

An audit of cybersecurity for DHS’ nine most frequently visited Web sites found that although general security protocols were followed, there were still a number of vulnerabilities and gaps in security, including inconsistent management of security patching and security assessments.

“These vulnerabilities could put DHS data at risk,” Skinner wrote in the report issued Oct. 8. “In addition, DHS can make improvements in managing its system inventory and providing technical oversight and guidance in order to evaluate the security threats to its public-facing Web sites.”

The nine sites — including sites for DHS agencies that include U.S. Customs and Border Protection, the Coast Guard, and the Transportation Security Administration — had recommended security settings and controls in addition to strong password and access controls, but had weaknesses in other areas, Skinner wrote.

Several components scored better on security. TSA and the Coast Guard perform regular vulnerability assessments on their sites.

And the Web sites for the Federal Emergency Management Agency, the department's National Protection and Programs Directorate and the Coast Guard “contained no vulnerabilities listed as critical or high, and all security patches were applied. These components’ security practices, through periodic assessments, patch and update policies, and documented procedures, set an example of an effective defense in depth approach to good information technology security,” the report states.

Overall, DHS has more than 125 Web sites accessible by the public, which provide communication and service to the public. However, their accessibility can make them a target for terrorist attack and hackers, Skinner wrote.

The Web sites reviewed also included DHS Headquarters, Federal Law Enforcement Training Center, Immigration and Customs Enforcement, and Citizenship and Immigration Services.

Skinner made six recommendations for improvements, and DHS officials agreed with the advice and implemented the changes, the report states.

Cybersecurity has been a concern in the department before. In May, hackers attacked DHS’ online platform for sharing sensitive but unclassified information.

About the Author

Alice Lipowicz is a staff writer for Federal Computer Week.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

eSeminar

  • Where Cyberwarfare and Cybersecurity Meet

    We invite you to attend the third event in this three-part series on Cybersecurity. 1105 Government Information Group will present a panel of government and cybersecurity experts including Gregory T. Garcia, the nation's first presidentially-appointed Assistant Secretary for CyberSecurity and Communications with the U.S. Department of Homeland Security, 2006-2008; and Jeffrey Carr, cyber strategies consultant and author of Inside Cyber Warfare, in this editorial webcast on Tuesday, April 13 at 11 a.m., where they will discuss the cyberwarfare threat to both industry and government, as well as strategies to consolidate the wider cybersecurity mission. Read more

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.

Highlights from the current issue