Lawmakers grill Charbo on DHS cybersecurity breaches

Fed up with mounting cybersecurity breaches at the Homeland Security Department, lawmakers brought their frustrations to bear on DHS Chief Information Officer Scott Charbo in a hearing June 20, accusing him of misspending his budget and not doing his job.

DHS reported that 844 cybersecurity-related incidents occurred in fiscal 2005 and 2006. Incidents involved workstations infected with Trojan viruses, unauthorized access to secure systems and misconfigured firewalls.

The Government Accountability Office also reported that investigators were unable to fully assess whether DHS databases — such as those used in the U.S. Visitor and Immigrant Status Indicator Technology program — had been breached because no evaluation tools were in place.

Members of the House Homeland Security Committee’s Emerging Threats, Cybersecurity and Science and Technology Subcommittee accused Charbo of not taking his job seriously and the agency of failing to set an example of good information technology security.

“I am not convinced that [Charbo] is serious about fixing the vulnerabilities in our systems,” said Rep. Bennie Thompson (D-Miss.).

Subcommittee Chairman Jim Langevin (D-R.I.) called the security problems very disturbing. He criticized DHS’ certification and accreditation process and the Plan of Action and Milestones (PO-AMs) the department used to comply with the Federal Information Security Management Act. DHS received a D grade on the last FISMA report card.

Langevin also said nearly 69 percent of 3,566 open vulnerabilities reported on DHS’ PO-AMs did not have resources allocated for them. Another 438 were tagged with $1 remediation costs.

Committee members accused Charbo of not spending enough money on cybersecurity. “Cybersecurity spending has remained flat or has fallen at DHS as the budget for IT has risen over 20 percent over the years,” said Rep. Bob Etheridge (D-N.C.).

Charbo defended himself, saying the agency was already in the process of completing many of GAO’s recommendations. However, when asked if GAO’s investigation was the reason for DHS taking action on cybersecurity weaknesses, Charbo was less forthcoming.

“I’m not prepared to say that I already knew about those vulnerabilities and weaknesses,” Charbo said.

Rep. Michael McCaul (R-Texas) also announced his intention to introduce new legislation for a national cybersecurity threat assessment to determine the health of the country’s IT infrastructure.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.