Feeds

Lawmakers voice concerns over cybersecurity plan

Too little too late?

Choosing a cloud hosting partner with confidence

Attacks on federal agencies have become a focus of the Committee on Homeland Security. A year ago, the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology heard testimony from representatives of the Departments of State and Commerce regarding attacks on those agencies' systems the previous year.

The Department of State acknowledged in June 2006 that attackers had installed remote access software on systems in the agency and abroad, stolen passwords and targeted information on China and North Korea.

In October 2006, the Department of Commerce took hundreds of computers offline following a series of attacks aimed at federal employees' computer accounts by online thieves that appear to be based in China.

Germany, the United Kingdom and the US have all accused Chinese-funded hackers of breaching their government networks.

A few committee members questioned whether the network monitoring system could cause privacy problems, if the government increased its capabilities.

"My constituents are asking about this," said Rep. Jane Harman (D-CA), a member of the Committee on Homeland Security. "'Government sets up spy network', that is how they are going to perceive this hearing."

Yet, the Bush Administration officials assured the committee members that the privacy impact of the evolved system is currently being investigated.

"Privacy and civil rights have been a top priority of this effort," the DHS's Jamison said. "EINSTEIN has a privacy impact assessment that is public. We are working on a new one."

The original assessment, completed in September 2004, found that the EINSTEIN system did not need to have Privacy Act System of Records "because the program is not intended to collect information that will be retrieved by name or personal identifier".

The committee also took issue with the DHS Secretary Michael Chertoff's decision to appoint Scott Charbo, the former CIO for the department, to the position of Deputy Under Secretary in charge of implementing the program. Charbo had told the committee previously that he had not been briefed on incidents involving infiltration of government systems by foreign attackers. His reply - "You don't know what you don't know." - has become a symbol of the Bush Administration's lack of focus on cybersecurity issues.

"Your decision to promote Mr Charbo to Deputy Under Secretary of National Programs and Plans effectively places him in charge of the cyber initiative at the Department," Rep Thompson stated in a February letter to DHS Secretary Michael Chertoff. "Given his previous failings as chief information officer, I find it unfathomable that you would invest him with this authority."

In a response to the letter, Secretary Chertoff defended Charbo, highlighting the changes that have happened under his watch.

If you have tips or insights on this topic, please contact SecurityFocus.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

Secure remote control for conventional and virtual desktops

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
French 'terror law' declares WAR on the INTERNET itself, say digi-rights folks
Liberté, Égalité, Fraternité: Two out of three ain't bad
SCREW YOU, EU: BBC rolls out Right To Remember as Google deletes links
Not even Google can withstand the power of Auntie
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.