Cyberattacks at DHS prompt new finger-pointing
House committee demands answers from the agency after investigators turn up dozens of intrusions last year with ties to Chinese Web servers; IT contractor says it wasn't at fault.
A congressional committee is once again questioning the U.S. Department of Homeland Security's ability to detect and fend off cyberattacks, as a recent investigation has turned up evidence of Chinese-linked hacking incidents on internal computers last year.
According to the results of a recent U.S. House of Representatives Homeland Security investigation described in a letter released Monday (PDF), "dozens" of computers on networks at the sprawling cabinet department's headquarters were "compromised by hackers" last year. The intrusions involved planting malicious code that cracked network administrator passwords, masked signs of intrusion and beamed back information to "a Web hosting service that connects to Chinese Web sites."
That style of attack is reminiscent of around the same time last year, the committee wrote.
The letter pinned at least some of the blame on an outside contractor that failed to deploy the necessary "network intrusion detection systems" and attempted to hide "security gaps in their capabilities."
That contractor, Unisys Corp., is now under investigation by the FBI for alleged criminal fraud, according to the The Washington Post, which first reported the Friday letter in a story published Monday morning.
But the letter, signed by Rep. Bennie Thompson (D-Miss.), who leads the Homeland Security Committee and Rep. James Langevin (D-R.I.), who leads a cybersecurity panel within that committee, also faulted Homeland Security officials. The committee leaders accused the department--and particularly its chief information officer--of downplaying the potential for serious cyberintrusions and providing "misleading" responses to the congressional panel's requests for information about reported incidents. They asked Homeland Security Inspector General Richard Skinner to conduct his own investigation into the matter.
Unisys, for its part, told the Post that it hadn't yet been informed of any criminal investigation against it. The company also denied failing to install the proper number of network intrusion tools and said it even continued deploying the monitoring services after Homeland Security, citing lack of funding, stopped paying for them.
Homeland Security representatives, meanwhile, told the Post that Unisys' version of the story was "entirely baseless and disingenuous" and suggested the firm may not be awarded contracts in the future. The agency also denied withholding any information from congressional investigators, with a spokesman saying department officials are "aware of, and have responded to, malicious cyberactivity directed at the U.S. government over the past few years."