DHS security flap swirls around Unisys
Unisys is under fire over data breaches at the Department of Homeland Security. Unisys maintains that it did nothing wrong.
On Monday, the Washington Post reported that the FBI is investigating Unisys after it allegedly failed to detect data breaches linked to a Chinese-language Web site. To make matters worse, the paper reported that Unisys tried to cover up the incident by certifying that the DHS network was secure. Specifically, the Post reports that Unisys, which has a $1.7 billion DHS information security contract, stumbled implementing network intrusion detection devices at DHS headquarters and the Transportation Security Administration. The Post reports:
According to evidence gathered by the House Homeland Security Committee, Unisys's failure to properly install and monitor the devices meant that DHS was not aware for at least three months of cyber-intrusions that began in June 2006. Through October of that year, Thompson said, 150 DHS computers -- including one in the Office of Procurement Operations, which handles contract data -- were compromised by hackers, who sent an unknown quantity of information to a Chinese-language Web site that appeared to host hacking tools.
For its part, Unisys issued a strongly worded statement noting that:
"Unisys vigorously disputes the allegations made in today's article. Facts and documentation contradict the claims described in the article, but federal security regulations preclude public comment on specific incidents.
We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."
While these issues will be sorted out one thing is certain: The DHS' IT woes continue. While the DHS has had some victories the department is unmanageable in its current state. As far as integrating IT goes the job is difficult to impossible. Meanwhile, the CIO at the DHS has little power over projects or funding.
While Unisys--and other DHS contractors--may be hauled before various committees to be tarred and feathered remember the big picture. And that big picture is no one has addressed how the DHS should manage its IT infrastructure.
More reading on the subject: