Homeland Security CIO comes under attack for security weakness

Centralizing various government security agencies under the umbrella of the Department of Homeland Security hasn't quelled concerns about cybersecurity flaws - and at least one congressional Democrat questioned whether the agency's CIO is up for the task, reports CNET News.

Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee has accused CIO Scott Charbo of not spearheading the drive to protect the nation's computer systems.

"How can we ask the private sector to better train employees and implement more consistent access controls when DHS allows employees to send classified e-mails over unclassified networks and contractors to attach unapproved laptops to the network?" Thompson asked at an afternoon hearing here held by a subcommittee that deals with cybersecurity issues.

Since 2005, DHS has been plagued with a variety of incidents including unauthorized users hooking up personal computers to government networks, unauthorized software installations, classified emails traveling over unclassified networks, suspicious botnet activity, trojans and virus infections, classified data spillages and misconfigured firewalls.

Responding to the list of mistakes, Charbo said that actual penetrations of the system and varied widely in the level of severity.

"Those are events that we report on as a data-gathering tool," the IT chief told the politicians, adding that he was confident all breaches considered significant had been addressed properly.

Also testifying at the hearing, Government Accountability Office auditor Keith Rhodes reported on his investigation into the US-VISIT program, which uses fingerprint scans to verify the ID of visiting foreigners.

"I did not see controls in place that would prevent (hacking), I did not see defensive perimeters, and I did not see detections systems in place that would let you know whether it had or had not" been hacked, Rhodes told the committee.