- Israel hits symbols of Hamas rule; scores killed
- Mississippi abortion law can’t be enforced
- Teacher who survived Sandy Hook has book deal
- Jury awards Jesse Ventura $1.8M in case vs. ‘American Sniper’ author Chris Kyle
- Government OKs Arab-owned company to operate U.S. cargo port
- Defense lawyer: McDonnell’s wife had ‘crush’ on CEO
- Chinese hackers stole ‘huge quantities’ of sensitive data on Israel’s Iron Dome
- House unveils bill to speed deportations of illegal immigrant children
- Californians protest middle school for hiring white man to teach cultural studies
- Killer’s sentencing overturned because mother couldn’t find seat in courtroom
Homeland Security at risk of computer breach
Report: Outmoded equipment, policies
Question of the Day
Created to safeguard the nation, the Department of Homeland Security is instead having difficulty ensuring its own computers are protected from hacking and cybersecurity breaches, a new report says.
Agency plans, policies and systems aren’t being updated to reflect the most recent threats, a potentially devastating misstep in the ever-evolving world of online security where new threats can pop up overnight, said the agency’s inspector general.
Some DHS cybersecurity guidelines date back to 2008, and “baseline security configuration settings are not being implemented for all systems,” investigators said.
In addition, 47 systems are being used without “authority to operate” certificates that ensure the most up-to-date security protocols are in place. Of those, 17 are systems that handle classified secret data.
“This report shows major gaps in DHS‘ own cybersecurity, including some of the most basic protections that would be obvious to any 13-year-old with a laptop,” said Sen. Tom Coburn of Oklahoma, the top Republican on the Homeland Security and Governmental Affairs Committee.
“DHS doesn’t use strong authentication,” he said. “It relies on antiquated software that’s full of holes. Its components don’t report security incidents when they should. They don’t keep track of weaknesses when they’re found, and they don’t fix them in time to make a difference.”
The number of cybersecurity incidents at DHS has risen 17 percent over the past year, data shows, and attacks by more advanced malicious software have risen 134 percent since 2010.
The agency doesn’t track what information is being stored in public clouds, inspectors said. Plus, DHS has 67 external Internet connections that could be potential gateways for hackers to get in.
The severity of security breaches depends on the nature of the information compromised, said Paul Rosenzweig, a homeland security analyst at the Heritage Foundation, a conservative think tank.
“If it’s the system that contains all of yours and mine flight information, then I’m a little more concerned than if it’s the system they use to buy water bottles for the [airport] screeners,” said Mr. Rosenzweig, a former DHS official.
What’s perhaps more troubling, he said, is the government’s inability to get its own affairs in order and the evidence of the difficulties federal agencies have in procuring IT services and equipment.
“We have not managed to match our means of purchasing computer cybersecurity systems to the dynamic, ever-changing environment that is the cyberspace,” Mr. Rosenzweig said.
Officials at Homeland Security said they are working to shore up the agency’s vulnerabilities.
“DHS has also taken actions to address the administration’s cybersecurity priorities, which included implementation of trusted Internet connections, continuous monitoring of the department’s information systems and data that support the DHS mission,” a response from the agency said.
IG officials agreed that the department had continued to “to improve and strengthen its information security program,” and had started to address issues raised in the most recent report.
Sen. Thomas R. Carper, Delaware Democrat and chairman of the homeland security committee, said the report “highlighted some very important areas in which DHS, like many other federal agencies, can and should improve.”
In November, the President’s Council of Advisors on Science and Technology released a report that found “the federal government rarely follows accepted best practices” when it comes to cybersecurity.
Some government computers are still using Windows XP as an operating system, the report found. The program is 12 years old and Windows announced that the company will stop supporting it next year. The president’s council wants all federal computers upgraded to more current software within two years.
Mr. Coburn said it was “inexcusable” for the government to waste billions of taxpayer dollars on IT improvements with little to show for it.
“The fact is the federal government’s classified and unclassified networks are dangerously insecure, putting at risk not only U.S. national security, but the nation’s critical infrastructure and vast amounts of our citizens’ personally identifiable information,” he said.
© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.
About the Author
Phillip Swarts is an investigative reporter for The Washington Times, covering fiscal waste, fraud and political ethics. He is a graduate of the Medill School of Journalism at Northwestern University and previously worked as an investigative reporter for the Washington Guardian. Phillip can be reached at email@example.com.
- Christians flee Mosul after ISIL threat: Convert to Islam or die
- Ex-Gitmo detainee Moazzam Begg charged with terrorism
- Chicago shooting spree: 22 people shot in 12 hours
- U.S. bests Iran to advance to the Gold Medal match at the FIVB World League Finals
- Bill Maher blames Hamas for Gaza violence: 'Do you really expect the Israelis not to retaliate?'
Latest Blog Entries
TWT Video Picks
- Boehner rules out impeachment: 'Scam started by Democrats'
- Obama: 'Not a new Cold War,' but new Russia sanctions announced
- Obama thanks Muslims for 'building the very fabric of our nation'
- Federal judge grants 90-day stay in D.C. gun case
- Smugglers, rainstorm combine to poke holes in border fence
- PHILLIPS: Once-in-a-century stupidity
- Obama's brother wears Hamas scarf bearing anti-Israel slogans in photo
- HURT: Impeaching Obama is a losing strategy for the GOP
- Kerry's credibility questioned as fighting in Gaza rages
- D.C. seeks to stay judge's order allowing gun owners to carry in public
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world