Is Charbo doing his job at DHS?

Legislators angered at mounting DHS breaches

Fed up with mounting cybersecurity breaches at the Homeland Security Department, lawmakers brought their frustrations to bear on DHS Chief Information Officer Scott Charbo in a hearing June 20, accusing him of misspending his budget and not doing his job.

DHS reported that 844 cybersecurity-related incidents occurred in fiscal 2005 and 2006. Incidents involved workstations infected with Trojan viruses, unauthorized access to secure systems and misconfigured firewalls.

The Government Accountability Office also reported that investigators were unable to fully assess whether DHS databases ? such as those used in the U.S. Visitor and Immigrant Status Indicator Technology program ? had been breached because no evaluation tools were in place.

Members of the House Homeland Security Committee's Emerging Threats, Cybersecurity and Science and Technology Subcommittee accused Charbo of not taking his job seriously and the agency of failing to set an example of good information technology security.

"I am not convinced that [Charbo] is serious about fixing the vulnerabilities in our systems," said Rep. Bennie Thompson (D-Miss.).

Subcommittee Chairman Jim Langevin (D-R.I.) called the security problems very disturbing. He criticized DHS' certification and accreditation process and the Plan of Action and Milestones (PO-AMs) the department used to comply with the Federal Information Security Management Act. DHS received a D grade on the last FISMA report card.

Langevin also said nearly 69 percent of 3,566 open vulnerabilities reported on DHS' PO-AMs did not have resources allocated for them. Another 438 were tagged with $1 remediation costs.

Committee members accused Charbo of not spending enough money on cybersecurity. "Cybersecurity spending has remained flat or has fallen at DHS as the budget for IT has risen over 20 percent over the years," said Rep. Bob Etheridge (D-N.C.).

Charbo defended himself, saying the agency was already in the process of completing many of GAO's recommendations. However, when asked if GAO's investigation was the reason for DHS taking action on cybersecurity weaknesses, Charbo was less forthcoming.

"I'm not prepared to say that I already knew about those vulnerabilities and weaknesses," Charbo said.

Rep. Michael McCaul (R-Texas) also announced his intention to introduce new legislation for a national cybersecurity threat assessment to determine the health of the country's IT infrastructure.

Wade-Hahn Chan writes for Federal Computer Week, an 1105 Government Information Group publication.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • POWER TRAINING: How to engage your customers

    Don't miss our July 12 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More

  • PROJECT 38 PODCAST

    In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.