- Obama military strategy too weak for future security, panel reports
- Sen. Tom Coburn vows to slow down budget-busting bills ahead of recess
- Obama fantasizes about more executive power, signs new order on federal contractors
- Clintons call Klein, Halper, Kessler ‘a Hat Trick of despicable actors’: report
- Boehner accuses Obama of ‘legacy of lawlessness’
- Pro-marijuana group claims responsibility for Brooklyn Bridge flag swap
- Young adults shun Obamacare mostly due to cost: survey
- Stabbing attack on transgender girl, 15, was ‘bias motivated,’ police say
- LGBT adults still lean overwhelmingly toward Democratic Party
- Lawmakers rattled by Syria genocide horrors, call on Obama to act
Homeland Security at risk of computer breach
Report: Outmoded equipment, policies
Question of the Day
Created to safeguard the nation, the Department of Homeland Security is instead having difficulty ensuring its own computers are protected from hacking and cybersecurity breaches, a new report says.
Agency plans, policies and systems aren’t being updated to reflect the most recent threats, a potentially devastating misstep in the ever-evolving world of online security where new threats can pop up overnight, said the agency’s inspector general.
Some DHS cybersecurity guidelines date back to 2008, and “baseline security configuration settings are not being implemented for all systems,” investigators said.
In addition, 47 systems are being used without “authority to operate” certificates that ensure the most up-to-date security protocols are in place. Of those, 17 are systems that handle classified secret data.
“This report shows major gaps in DHS‘ own cybersecurity, including some of the most basic protections that would be obvious to any 13-year-old with a laptop,” said Sen. Tom Coburn of Oklahoma, the top Republican on the Homeland Security and Governmental Affairs Committee.
“DHS doesn’t use strong authentication,” he said. “It relies on antiquated software that’s full of holes. Its components don’t report security incidents when they should. They don’t keep track of weaknesses when they’re found, and they don’t fix them in time to make a difference.”
The number of cybersecurity incidents at DHS has risen 17 percent over the past year, data shows, and attacks by more advanced malicious software have risen 134 percent since 2010.
The agency doesn’t track what information is being stored in public clouds, inspectors said. Plus, DHS has 67 external Internet connections that could be potential gateways for hackers to get in.
The severity of security breaches depends on the nature of the information compromised, said Paul Rosenzweig, a homeland security analyst at the Heritage Foundation, a conservative think tank.
“If it’s the system that contains all of yours and mine flight information, then I’m a little more concerned than if it’s the system they use to buy water bottles for the [airport] screeners,” said Mr. Rosenzweig, a former DHS official.
What’s perhaps more troubling, he said, is the government’s inability to get its own affairs in order and the evidence of the difficulties federal agencies have in procuring IT services and equipment.
“We have not managed to match our means of purchasing computer cybersecurity systems to the dynamic, ever-changing environment that is the cyberspace,” Mr. Rosenzweig said.
Officials at Homeland Security said they are working to shore up the agency’s vulnerabilities.
“DHS has also taken actions to address the administration’s cybersecurity priorities, which included implementation of trusted Internet connections, continuous monitoring of the department’s information systems and data that support the DHS mission,” a response from the agency said.
© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.
About the Author
Phillip Swarts is an investigative reporter for The Washington Times, covering fiscal waste, fraud and political ethics. He is a graduate of the Medill School of Journalism at Northwestern University and previously worked as an investigative reporter for the Washington Guardian. Phillip can be reached at email@example.com.
- Golden Hammer: Railroad board pays $1B in bogus disability benefit
- U.S. chemical sites vulnerable to terrorists despite millions spent on security: Congress
- Insurgent-allied businesses in Afghanistan eligible for U.S. taxpayer aid
- Ex-Gitmo detainee Moazzam Begg charged with terrorism
- Chicago shooting spree: 22 people shot in 12 hours
Latest Blog Entries
TWT Video Picks
Both parties recognize the Democrats' scam
- Inside the Ring: Israel surprised by Hamas tunnel network
- Army's 3-D printed bombs to create 'a whole new universe' of lethal capabilities
- Chicken pox outbreak puts illegal immigrant facility on lockdown
- CRUZ: A tale of two hospitals: One in Israel, one in Gaza
- GOP leaders delay border bill, leave Obama in control
- Israel surprised by Hamas tunnel network
- Report: 40% of weapons sent to Afghanistan are unaccounted for
- CIA admits improperly hacking Senate computers in search of Bush-era information
- Colorado poll shows women tuning out Democrats' 'war on women' strategy
- 3 African leaders cancel trip to U.S. over Ebola outbreak; Obama still plans summit
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world