Software // Information Management
News
9/24/2007
03:21 PM
Connect Directly
RSS
E-Mail
50%
50%

Congressmen Call For Investigation On Government Cyberattacks

Unisys, a major government IT contractor, reportedly is being investigated for allegedly failing to detect cyberattacks, and then covering up its failings.

Two congressmen have called for an investigation into cyberattacks aimed at the Department of Homeland Security, along with a contractor charged with securing those networks.

Committee on Homeland Security Chairman Bennie G. Thompson, D-Miss., and Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Chairman James R. Langevin, D-R.I., sent a letter last Friday to Richard L. Skinner, inspector general of the Department of Homeland Security. In the letter they say the House Committee on Homeland Security's investigations led them to believe the department is under attack by foreign powers, and could be at risk because of "incompetent and possibly illegal activity" by a U.S. contractor.

The congressmen didn't name the contractor in the letter. However, the Washington Post on Monday reported that the FBI is investigating Unisys, a major information technology firm with a $1.7 billion Department of Homeland Security contract, for allegedly failing to detect cyber break-ins traced to a Chinese-language Web site and then trying to cover up its deficiencies. The Post also reported that in 2002, Unisys won a $1 billion deal to build, secure, and manage the information technology networks for the Transportation Security Administration and DHS headquarters. In 2005, the company was awarded a $750 million follow-on contract.

"The infiltration of federal government networks by unauthorized users is one of the most critical issues confronting our nation, but it's hardly a new threat," wrote Thompson and Langevin in their letter. "For years, these attacks have resulted in the loss of massive amounts of critical information... Cyberespionage is an issue of national security, and we must improve our defensive posture to prevent the theft of data or the compromise of the integrity of our data."

This past April, an official with the Department of Commerce testified before a Congressional hearing that hackers operating through Chinese servers used a rootkit to penetrate computers at the Commerce Department. The department's IT staffers reportedly never discovered when the break-in occurred or the amount of information that was stolen.

And in another congressional hearing this summer, Langevin himself testified that Homeland Security, the government agency tasked with being the leader of the nation's cybersecurity, suffered 844 "cybersecurity incidents" within two years. He also said the Chinese have been "coordinating attacks against the Department of Defense for years."

The letter also noted that earlier this month, the committee on Homeland Security received information that a hacking tool, a password dumping utility, and malicious code was found on more than 12 computers in the department's headquarters. Langevin and Thompson added that the machines may still be compromised due to the contractor's "insufficient mitigation efforts."

The letter also said the hackers moved information out of the compromised computers and to a Web hosting service that connects to Chinese Web sites.

Langevin and Thompson went on to allege that the Department of Homeland Security contracted for network intrusion-detection systems to be put in place, but they were not fully deployed when the latest incident occurred.

"If network security engineers were running these systems, the initial intrusions may have been detected and prevented," the letter said. "Contractors provided inaccurate and misleading information to Department of Homeland Security officials about the source of these attacks and attempted to hide security gaps in their capabilities."

The congressmen also are calling for a review of the government officials charged with overseeing the contractor.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.