Hackings at State, Commerce draw House subcommittee's attention

The House Homeland Security Committee’s Emerging Threats, Cybersecurity and Science and Technology Subcommittee wants more information from at least two agencies on recent network break-ins.

In letters to State Department Secretary Condoleezza Rice and Commerce Department Secretary Carlos Gutierrez, committee Chairman Rep. Bennie Thompson (D-Miss.) asked them to answer eight questions regarding each agency’s recent cyberattack. The subcommittee will hold a hearing April 19 on this subject with Jerry Dixon, director of the National Cyber Security Division in the Homeland Security Department’s National Protection and Programs Directorate; David Jarrell, manager of Commerce’s Critical Infrastructure Protection Program; Don Reid, senior coordinator for security infrastructure in State’s Bureau of Diplomatic Security; and Greg Wilshusen, the Government Accountability Office’s director of information security issues.

The letters to State and Commerce sought information on how long it took the departments to become aware of the break-ins, how long the hackers were inside the network before they were discovered and whether the attack compromised other systems.

The committee also wants the agencies to address the last time all personal computers were tested for egress and ingress and how many systems that were certified and accredited under the Federal Information Security Management Act (FISMA) were compromised.

In addition to the break-ins, the committee wants more information about FISMA, including how much the agencies spent on meeting the requirements, whether there is policy to use secure configurations and procurement requirements and how long it took to contact DHS.

Cyberattacks on agency systems have been steadily increasing in the past few years. The Office of Management and Budget reported in its 2006 FISMA report to Congress that agencies reported 706 unauthorized accesses last year, up from 304 in 2005. OMB credits most of the increase to the focus on reporting lost or stolen computers and other hardware containing personal identifiable information.

“Privileged or root system access accounted for 25 percent of unauthorized access incidents, more than double that of non-privileged access,” the report states.

Meanwhile, denial-of-service attacks increased by six in 2006 to 37, while incidents involving malicious code dropped to 1,465 from 1,806 in 2005, the report states.

“The fact is some agencies have greater vulnerabilities because they are open targets,” said Rep. Tom Davis (R-Va.), at a recent event where he handed out his annual FISMA report card. “We should be worrying about a cyber Pearl Harbor. It is troubling agencies still are behind.”


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.