Department of Homeland Security (DHS) Chief Information Officer (CIO) Scott Charbo revealed in testimony before the United States House of Representatives Committee on Homeland Security that DHS suffered from 844 cyber attacks or security breaches between 2005 and 2006. While many of the documented lapses, such as an unauthorized computer connecting to DHS’s network, may not have lead directly to a loss of data, the overwhelming number of incidents indicates that DHS has likely either suffered a serious penetration of its networks or will likely suffer one in the near future.
Known Breaches
In this most recent disclosure of security breaches it was reported DHS computers were found littered with trojans, keyloggers, viruses, and bots controlled via the Internet Relay Chat service (IRC) – all of which are capable of stealing sensitive data. In light of these revelations DHS CIO Charbo stated that all of the discovered vulnerabilities or breaches were not as serious as they appeared because other security controls that would prevent the lose of data were not taken into account. For example, while keyloggers were found on the DHS network, Charbo argued that other security controls in place would have prevented the keyloggers from siphoning data out of the enterprise.
Zotob and US-VISIT
However, one other publicly known penetration of a DHS information system cannot be downplayed or dismissed as insignificant. In August 2005, the Zotob worm, which was created by Moroccans Farid Essabar and Achraf Bahloul, spread across the Internet and ultimately infected the Immigration and Customs Enforcement bureau network, as well as the workstations at various ports of entry running the US-VISIT software application. Zotob was able to crash the workstations running the US-VISIT application and resulted in major delays at many airports nationwide thereby demonstrating that a more malicious attacker may have been able to execute a more devastating attack on the US-VISIT system.
Pervasive Weaknesses
Certainly, DHS’s record on cyber security leaves much to be desired, but it is important to note that in this respect DHS is no different than any other federal bureaucracy or even large private corporations. For example, the Department of Defense (DoD) has been the target of an untold number of attacks – many of them successful. Within this past week, the US Defense Secretary announced that 1,500 computers from the Office of the Secretary of Defense (OSD) were taken offline due to an intrusion. Unfortunately, DoD is not the only government bureaucracy to suffer from a damaging cyber security breach. The following reports summarize previously announced breaches of various government networks:
• US State Department (Previous Report)
• US Department of Energy (Previous Report)
• US Commerce Department (Previous Report)
• US Naval War College (Previous Report)
• US Army Information Systems Engineering Command at Fort Huachuca (Previous Report)
• Defense Information Systems Agency (Previous Report)
• Naval Ocean Systems Center (Previous Report)
• US Army Space and Strategic Defense installation (Previous Report)
It is unclear how many other government agencies have been attacked, as it is possible that additional intrusions have either not been detected or reported. Therefore, it is likely that the above list only represents the tip of the iceberg.
This is not to claim that DHS should downplay its security lapses, but rather to illustrate that the entire government must address security of online infrastructures lest individual agencies continue to suffer repeated breaches and the possible loss of critical data.