Lawmakers grill Charbo on DHS cybersecurity breaches

Fed up with mounting cybersecurity breaches at the Homeland Security Department, lawmakers brought their frustrations to bear on DHS Chief Information Officer Scott Charbo in a hearing June 20, accusing him of misspending his budget and not doing his job.

DHS reported that 844 cybersecurity-related incidents occurred in fiscal 2005 and 2006. Incidents involved workstations infected with Trojan viruses, unauthorized access to secure systems and misconfigured firewalls.

The Government Accountability Office also reported that investigators were unable to fully assess whether DHS databases — such as those used in the U.S. Visitor and Immigrant Status Indicator Technology program — had been breached because no evaluation tools were in place.

Members of the House Homeland Security Committee’s Emerging Threats, Cybersecurity and Science and Technology Subcommittee accused Charbo of not taking his job seriously and the agency of failing to set an example of good information technology security.

“I am not convinced that [Charbo] is serious about fixing the vulnerabilities in our systems,” said Rep. Bennie Thompson (D-Miss.).

Subcommittee Chairman Jim Langevin (D-R.I.) called the security problems very disturbing. He criticized DHS’ certification and accreditation process and the Plan of Action and Milestones (PO-AMs) the department used to comply with the Federal Information Security Management Act. DHS received a D grade on the last FISMA report card.

Langevin also said nearly 69 percent of 3,566 open vulnerabilities reported on DHS’ PO-AMs did not have resources allocated for them. Another 438 were tagged with $1 remediation costs.

Committee members accused Charbo of not spending enough money on cybersecurity. “Cybersecurity spending has remained flat or has fallen at DHS as the budget for IT has risen over 20 percent over the years,” said Rep. Bob Etheridge (D-N.C.).

Charbo defended himself, saying the agency was already in the process of completing many of GAO’s recommendations. However, when asked if GAO’s investigation was the reason for DHS taking action on cybersecurity weaknesses, Charbo was less forthcoming.

“I’m not prepared to say that I already knew about those vulnerabilities and weaknesses,” Charbo said.

Rep. Michael McCaul (R-Texas) also announced his intention to introduce new legislation for a national cybersecurity threat assessment to determine the health of the country’s IT infrastructure.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.