Hackings at State, Commerce draw House subcommittee's attention

The House Homeland Security Committee’s Emerging Threats, Cybersecurity and Science and Technology Subcommittee wants more information from at least two agencies on recent network break-ins.

In letters to State Department Secretary Condoleezza Rice and Commerce Department Secretary Carlos Gutierrez, committee Chairman Rep. Bennie Thompson (D-Miss.) asked them to answer eight questions regarding each agency’s recent cyberattack. The subcommittee will hold a hearing April 19 on this subject with Jerry Dixon, director of the National Cyber Security Division in the Homeland Security Department’s National Protection and Programs Directorate; David Jarrell, manager of Commerce’s Critical Infrastructure Protection Program; Don Reid, senior coordinator for security infrastructure in State’s Bureau of Diplomatic Security; and Greg Wilshusen, the Government Accountability Office’s director of information security issues.

The letters to State and Commerce sought information on how long it took the departments to become aware of the break-ins, how long the hackers were inside the network before they were discovered and whether the attack compromised other systems.

The committee also wants the agencies to address the last time all personal computers were tested for egress and ingress and how many systems that were certified and accredited under the Federal Information Security Management Act (FISMA) were compromised.

In addition to the break-ins, the committee wants more information about FISMA, including how much the agencies spent on meeting the requirements, whether there is policy to use secure configurations and procurement requirements and how long it took to contact DHS.

Cyberattacks on agency systems have been steadily increasing in the past few years. The Office of Management and Budget reported in its 2006 FISMA report to Congress that agencies reported 706 unauthorized accesses last year, up from 304 in 2005. OMB credits most of the increase to the focus on reporting lost or stolen computers and other hardware containing personal identifiable information.

“Privileged or root system access accounted for 25 percent of unauthorized access incidents, more than double that of non-privileged access,” the report states.

Meanwhile, denial-of-service attacks increased by six in 2006 to 37, while incidents involving malicious code dropped to 1,465 from 1,806 in 2005, the report states.

“The fact is some agencies have greater vulnerabilities because they are open targets,” said Rep. Tom Davis (R-Va.), at a recent event where he handed out his annual FISMA report card. “We should be worrying about a cyber Pearl Harbor. It is troubling agencies still are behind.”


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.