http://blog.wired.com/27bstroke6/2007/06/dhs-security-ch.htmlDHS Security Chief Dismisses Congress's Hacking Questions
By Ryan Singel EmailJune 20, 2007 | 5:00:46 PMCategories: Breaches
Congress asked Homeland Security's chief information officer, Scott Charbo, who
has a Masters in plant science, to account for more than 800 self-reported vulnerabilities over the last two years and for recently uncovered systemic security problems in US-VISIT, the massive computer network intended to screen and collect the fingerprints and photos of visitors to the United States.
Charbo's main tactic before the House Homeland Security subcommittee Wednesday was to downplay the seriousness of the threats and to characterize the security investigation of US-VISIT as simultaneously old news and news so new he hasn't had time to meet with the investigators.
"Key systems operated by Customs and Border Patrol were riddled by control weaknesses," the Government Accountability Office's director of Information Security issues Gregory Wilshusen told the committee. Poor security practices and a lack of an authoritative internal map of how various systems interconnect increases the risk that contractors, employees or would-be hackers can or have penetrated and disrupted key DHS computer systems, Wilshusen and Keith Rhodes Director, the GAO's director of the Center for Technology and Engineering told the committee.
Rep. Bob Etheridge (D-N.C.) pondered the worst case scenario for US-VISIT.
"Terrorists or nation states could get int there and change or alter their names rendering our watchlists and visa program useless," Etheridge said.
Charbo cited the absence of evidence as the evidence of absence: "There are other controls placed around that system and there is no evidence that the system has been hacked by outsiders." (ed. note This is false since US-VISIT was infected by a worm.)
more...