Lawmakers to DHS: Investigate response to cyberattacks

The House Homeland Security Committee has requested that the Homeland Security Department's inspector general investigate cyberattacks on DHS that originated from Chinese-language Web sites and actions by Unisys that the committee called incompetent and possibly illegal and may have failed to detect the intrusions. Unisys built and maintains the networks for DHS headquarters and the Transportation Security Administration.

Committee Chairman Bennie Thompson (D-Miss.) and James Langevin (D-R.I.), chairman of the committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, also seek a review of the department officials who oversee management of the contract, the lawmakers said in their Sept. 21 letter to DHS Inspector General Richard Skinner.

Unisys provided inaccurate and misleading information to DHS about the source of the attacks and attempted to hide security gaps, the lawmakers said in their letter. Furthermore, DHS officials did not act on the information once they were informed.

"When presented with the reality that hackers were within their systems, department officials preferred to complete the fiscal year's financial transactions rather than immediately take steps to mitigate the problem," the lawmakers wrote. That decision could have further compromised critical DHS' financial information.

DHS said it has been working with the committee. "We take the committee's allegations very seriously and have cooperated fully. We will continue to work with the department's inspector general and the committee as necessary concerning these allegations," a DHS spokesman said.

Since last year, Chinese hackers have attacked systems at the Defense, Commerce and State departments, the lawmakers said. In the past several months, the committee has examined and held hearings on DHS cybersecurity incidents and how the department has beefed up its network security in response. Since April, Scott Charbo, DHS' chief information officer, has provided information to the committee on information technology security efforts.

DHS incident reports that the committee received earlier this month described the placement of a hacking tool, a password-dumping utility and other malicious code on more than a dozen computers at the department's headquarters, the letter states. The committee found that hackers compromised dozens of DHS computers, and these incidents were not noticed until months after the initial attack.

"These computers may still be compromised due to insufficient mitigation efforts by the contractor responsible for information technology services at the department," the lawmakers wrote in the letter.

Hackers extracted information out of DHS systems to a Web hosting service that connects to Chinese Web sites.

Although network intrusion-detection systems were part of the department’s Information Technology Managed Services contract, the systems were not fully deployed at the time of the initial incidents.

"If network security engineers were running these systems, the initial intrusions may have been detected and prevented," the lawmakers wrote.

Unisys said it performed its contract according to protocol, said company spokeswoman Lisa Meyer, who could not speak about specific incidents because of federal security regulations.

"We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect," she said in a statement. "In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."

The company has worked closely with DHS security personnel to develop effective security systems and processes that meet the department's requirements, she said. The contractor's government-certified and accredited security programs and systems have been in place throughout the period in question in 2006 and continue today.

"We believe that a proper investigation of this matter will conclude that Unisys acted in good faith to meet the customer’s security requirements," Meyer said.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.