Is Charbo doing his job at DHS?

Legislators angered at mounting DHS breaches

Fed up with mounting cybersecurity breaches at the Homeland Security Department, lawmakers brought their frustrations to bear on DHS Chief Information Officer Scott Charbo in a hearing June 20, accusing him of misspending his budget and not doing his job.

DHS reported that 844 cybersecurity-related incidents occurred in fiscal 2005 and 2006. Incidents involved workstations infected with Trojan viruses, unauthorized access to secure systems and misconfigured firewalls.

The Government Accountability Office also reported that investigators were unable to fully assess whether DHS databases ? such as those used in the U.S. Visitor and Immigrant Status Indicator Technology program ? had been breached because no evaluation tools were in place.

Members of the House Homeland Security Committee's Emerging Threats, Cybersecurity and Science and Technology Subcommittee accused Charbo of not taking his job seriously and the agency of failing to set an example of good information technology security.

"I am not convinced that [Charbo] is serious about fixing the vulnerabilities in our systems," said Rep. Bennie Thompson (D-Miss.).

Subcommittee Chairman Jim Langevin (D-R.I.) called the security problems very disturbing. He criticized DHS' certification and accreditation process and the Plan of Action and Milestones (PO-AMs) the department used to comply with the Federal Information Security Management Act. DHS received a D grade on the last FISMA report card.

Langevin also said nearly 69 percent of 3,566 open vulnerabilities reported on DHS' PO-AMs did not have resources allocated for them. Another 438 were tagged with $1 remediation costs.

Committee members accused Charbo of not spending enough money on cybersecurity. "Cybersecurity spending has remained flat or has fallen at DHS as the budget for IT has risen over 20 percent over the years," said Rep. Bob Etheridge (D-N.C.).

Charbo defended himself, saying the agency was already in the process of completing many of GAO's recommendations. However, when asked if GAO's investigation was the reason for DHS taking action on cybersecurity weaknesses, Charbo was less forthcoming.

"I'm not prepared to say that I already knew about those vulnerabilities and weaknesses," Charbo said.

Rep. Michael McCaul (R-Texas) also announced his intention to introduce new legislation for a national cybersecurity threat assessment to determine the health of the country's IT infrastructure.

Wade-Hahn Chan writes for Federal Computer Week, an 1105 Government Information Group publication.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.