Feeds

Lawmakers voice concerns over cybersecurity plan

Too little too late?

High performance access to file storage

Attacks on federal agencies have become a focus of the Committee on Homeland Security. A year ago, the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology heard testimony from representatives of the Departments of State and Commerce regarding attacks on those agencies' systems the previous year.

The Department of State acknowledged in June 2006 that attackers had installed remote access software on systems in the agency and abroad, stolen passwords and targeted information on China and North Korea.

In October 2006, the Department of Commerce took hundreds of computers offline following a series of attacks aimed at federal employees' computer accounts by online thieves that appear to be based in China.

Germany, the United Kingdom and the US have all accused Chinese-funded hackers of breaching their government networks.

A few committee members questioned whether the network monitoring system could cause privacy problems, if the government increased its capabilities.

"My constituents are asking about this," said Rep. Jane Harman (D-CA), a member of the Committee on Homeland Security. "'Government sets up spy network', that is how they are going to perceive this hearing."

Yet, the Bush Administration officials assured the committee members that the privacy impact of the evolved system is currently being investigated.

"Privacy and civil rights have been a top priority of this effort," the DHS's Jamison said. "EINSTEIN has a privacy impact assessment that is public. We are working on a new one."

The original assessment, completed in September 2004, found that the EINSTEIN system did not need to have Privacy Act System of Records "because the program is not intended to collect information that will be retrieved by name or personal identifier".

The committee also took issue with the DHS Secretary Michael Chertoff's decision to appoint Scott Charbo, the former CIO for the department, to the position of Deputy Under Secretary in charge of implementing the program. Charbo had told the committee previously that he had not been briefed on incidents involving infiltration of government systems by foreign attackers. His reply - "You don't know what you don't know." - has become a symbol of the Bush Administration's lack of focus on cybersecurity issues.

"Your decision to promote Mr Charbo to Deputy Under Secretary of National Programs and Plans effectively places him in charge of the cyber initiative at the Department," Rep Thompson stated in a February letter to DHS Secretary Michael Chertoff. "Given his previous failings as chief information officer, I find it unfathomable that you would invest him with this authority."

In a response to the letter, Secretary Chertoff defended Charbo, highlighting the changes that have happened under his watch.

If you have tips or insights on this topic, please contact SecurityFocus.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.