Congress to grill Homeland Security on cyberweaknesses
A congressional panel has been investigating how the agency handles threats to its own network. On Wednesday, it's set to put the department's top tech official on the spot.
A congressional panel that has been none too pleased about various federal agencies' responses to cyber threats plans on Wednesday to put the Department of Homeland Security's chief information officer in the hot seat.
The title of the latest House of Representatives Homeland Security Committee hearing--"Hacking the Homeland: Investigating Cybersecurity Vulnerabilities at the Department of Homeland Security"--suggests another bruising may be on the horizon for CIO Scott Charbo and the oft-criticized agency chiefly responsible for overseeing the nation's cybersecurity efforts.
The event follows an April hearing that focused primarily on cyberattacks involving computers at the State and Commerce Departments.
At the time, Committee Chairman James Langevin (D-R.I.) warned that Homeland Security, with its continually abysmal marks on a yearly federal information security report card, wouldn't escape scrutiny of its own. "I don't know how the department thinks it's going to lead this nation in securing cyberspace when it can't even secure its own networks," he said.
This time around, politicians are expected to share some of the committee's findings in its own ongoing investigation of Homeland Security's network security.
According to letters sent to Charbo and shared with CNET News.com, the committee has opened its own investigation into Homeland Security's cybersecurity practices, posing dozens of questions and requesting detailed information in the process. The inquiry includes whether Homeland Security's wireless and other computer systems are vetted regularly for vulnerabilities, whether it reduces funding for agency components that don't meet security expectations, and whether it has tested its systems' resistance to attacks.
It's not exactly clear what the committee's investigation has found. But information in the letters indicates that Homeland Security has provided a list of internal cyberincidents reported during fiscal years 2005 and 2006--and suggests that at least one of those episodes may have been serious enough to warrant "disciplinary action" against a contractor involved. Two Government Accountability Office investigators who focus on information security issues are also scheduled to testify at the hearing.
Update: Check out the full story on CNET News.com here.