[ad]
Not just attempts, but 844 successful intrusions over the past two years, quite a scary statistic no?
They are actually having a subcommittee hearing entitled “Hacking the Homeland”.
This includes all kinds of intrusions including web site hacks, viruses, worms and other kinds of intrusion.
DHS and its constituent agencies have suffered more than 800 serious computer security incidents from 2005 through 2006, including compromised agency Web sites, unchecked computer virus and worm infections, and digital intruders that were quietly transmitting stolen data out of government networks. The panel also will examine reports of system compromises that lead to “classified data spills” within DHS.
House Homeland Security Committee Chairman Rep. Bennie Thompson (D-Miss.) said what DHS is doing on its own networks speaks so loud that its message on the importance of securing computer systems and networks is not getting across to anybody else.
They’ve spent a lot of money on security, perhaps in all the wrong places. I guess it’s time they hire people like us to tell them what to do eh?
It’s definitely a case of “Do what I say, not what I do” – a recipe for disaster.
The committee also is expected to quiz department leaders on spending such a small amount of its total information technology budget on security. According to data handed over to the committee, DHS’s chief information security officer’s budget shrank or remained stagnant over the past three years, even in the face of persistent security problems at the agency. In 2005, DHS allocated just $17.5 million for its CISO office, a figure that fell to just $15 million in FY2007.
Like several other agencies this year, DHS earned a grade of “D” on meeting federal cyber-security requirements. But many critics of that grading process say the law that the marks are based upon – the Federal Information Security Management Act (FISMA) – more accurately measures how adroitly agencies can tackle paperwork exercises, not necessarily the strength of each agency’s network and computer defenses.
I’m sure everyone is interested to hear exactly what is going on at Homeland.
This story seems to have been pulled off a number of original sources too, which I find a little odd – I had to hunt a little to find another version.
Source: Tech Target
Ian Kemmish says
This should not be any real surprise. DHS is intended to make people feel more secure, not to make them physically more secure. The DHS’s single most visible initiative – fingerprinting anyone who arrives in the USA through a major airport – would not have caught a single one of the 9/11 attackers.
morbid says
I think that’s an homemade problem most gouvernments worldwide suffer from. Making law’s against hacker and “hacker tools”, which results in pentester can’t do their work legally anymore, this results in a decline of gouvernemnt, which leads to the fact, that they don’t work for the gov’s anymore.
Sounds a bit odd but has happened. I recently spoke to a friend of mine who is pentester and some german gov. agencys where his clients, after publishing the new “anti hacker tool law” he stoped working for them.
Nobody_Holme says
Best advice for governments ever, leave a fairly low-security section of network open with “if you hacked this file, we’ll hire you to secure our networks” in it… or some such. also, go fix some laws.
Steve Walcott says
It’s kinda scray that the people yould would expect to be most secure as well as protect our data, are the ones with the poorest security in place.
But the is an old addage that a shoe maker does own the worst pair of shoes.
Rich Hall says
Not surprising, but frightening nonetheless. The usual government incompetence at work. I work in a building the houses a DHS office. We were working with MCI to terminate some new high circuits in the basement and were chucking to see the feeds for DHS clearly marked “Department of Homeland Security”. Now the basement of this office tower is not exactly public access, but it would not be difficult to wander down there undetected. None of the access was locked. Sure there were cameras, but if I were up to no good I’d probably arrive a little before 6AM when the one security guard usually naps at his post. I don;t know about you, but I certainly feel more secure!
Sandeep Nain says
Well its not the first time when any government deptt is hacked. it has happened earlier and keep happening in future too even though they allow a huge budget for information security.
The money spent on security (in papers) usually go to official’s bank accounts… well actually they are spending money on security but not information security but their own financial security.
I hope they will start worrying about the info security soon enough and take measures to protect themselves from attackers
TheRealDonQuixote says
The American DHS is pure window dressing. I mean what do you expect from the same department that STILL hasn’t secured the US ports OR Airports. They sold out the Airport security jobs to private firms at the lowest bid!! It wouldn’t surprise me if they have the Geek Squad working on all their PC’s and servers.
Sorry, I have my issues with how US security has been handled since 9/11.
Sandeep Nain says
Yeah i full agree with you TRDQ. US govt’s security measures are just not reliable…
By any chance.. have you seen the movie “The Pentagon Wars”. its a small comedy by one of the retired US Airforce Officer about the corruption inside.. a must watch…
TheRealDonQuixote says
Sandeep: I haven’t seen that film yet, but I think I have heard of it. However, I have had an Airport “Rent A Cop” absentmindedly pat me down and miss that I sitll had my cell phone in my pocket!! Minimum wage is no way to pay a true security guard.
Sandeep Nain says
U r right TRDQ, more sugar you put in it, sweeter its gonna become..
u hire a reputed security agency u will get beter secuity guards and better efforts… staff members feel that they are being paid more to work better and responsibly
TheRealDonQuixote says
Or use regular Armed Forces like they do in Holland!!
Nobody_Holme says
but that would be a sensible, low cost solution, and we all know how often governments take those…
Sandeep Nain says
That will definitely be a low cost solution but the problem with this solution is that it will be corruption free too.
No tenders, No money making for decision makers…
Daniel says
@Nobody and Sandeep
LOLOLOLOLOLOLOLOLOLOLOL ROFLCOPTER
sarcastic auditing of US politicians’ corruption FTW
@the story
I officially bang my head on my keyboard on behalf of all americans.
jnhuim vbghyyuhn bj
^the result
Nobody_Holme says
not just US politicians. we have them here in the UK too. :(
Sandeep Nain says
well.. this is not the problem with one country…
i have never come across any politician in my life who was not corrupt (india/aus/nz/us). are there any tech savvy politicians??? i don’t think so…
Nobody_Holme says
There are two I know of… they’ve both lost elections recently…
TheRealDonQuixote says
@Nobody_Home
At least your UK politicians sound all cool cause of their posh accents.
Meanwhile, the US commander and chief just compared the war in Iraq to the Vietnam war, like it was a good thing?!?!WTF?!?! While in the same speech, to a group of war vets no less, he mispronounced “nuclear” as “new-cue-ler” multiple times.
FTW – G W Bush as most retarded politician in the WORLD!! EVER!!
Nobody_Holme says
*sigh* politicians in general.
Bush is a shining example of who i really really think should be culled for the sake of the gene pool, but brown really isn’t that much better…
And whats worse is we brits are used to the cool accents. :'(