Unisys under fire over TSA network security

Unisys Corp. is denying allegations that it failed to properly install security systems for the Transportation Security Administration and did not notify agency officials of security breaches stemming from repeated cyberattacks on TSA computer systems.

The company's defense comes in the wake of a House Homeland Security Committee request that the Homeland Security Department's inspector general investigate cyberattacks on DHS that originated from Chinese-language Web sites and actions by Unisys that the committee called incompetent and possibly illegal and may have failed to detect the intrusions.

Unisys built and maintains the networks for DHS headquarters and the Transportation Security Administration.

House Homeland Security Committee Chairman Rep. Bennie Thompson (D-Miss.) and Rep. James Langevin (D-R.I.), chairman of the committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, also seek a review of the department officials who oversee management of the contract, the lawmakers said in their Sept. 21 letter to DHS Inspector General Richard Skinner.

The lawmakers allege in their letter that Unisys provided inaccurate and misleading information to DHS about the source of the attacks and attempted to hide security gaps. Furthermore, DHS officials did not act on the information once they were informed.

Unisys said it performed its contract according to protocol, said company spokeswoman Lisa Meyer, who could not speak about specific incidents because of federal security regulations.

"We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect," she said in a statement. "In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."

The company has worked closely with DHS security personnel to develop effective security systems and processes that meet the department's requirements, she said. The contractor's government-certified and accredited security programs and systems have been in place throughout the period in question in 2006 and continue today.

"We believe that a proper investigation of this matter will conclude that Unisys acted in good faith to meet the customer's security requirements," Meyer said.

Since last year, Chinese hackers have attacked systems at the Defense, Commerce and State departments, the lawmakers said. In the past several months, the committee has examined and held hearings on DHS cybersecurity incidents and how the department has beefed up its network security in response. Since April, Scott Charbo, DHS' chief information officer, has provided information to the committee on information technology security efforts.

DHS incident reports that the committee received earlier this month described the placement of a hacking tool, a password-dumping utility and other malicious code on more than a dozen computers at the department's headquarters, the letter states. The committee found that hackers compromised dozens of DHS computers, and these incidents were not noticed until months after the initial attack.

"These computers may still be compromised due to insufficient mitigation efforts by the contractor responsible for information technology services at the department," the lawmakers wrote in the letter.

Hackers extracted information out of DHS systems to a Web hosting service that connects to Chinese Web sites.

Although network intrusion-detection systems were part of the department's Information Technology Managed Services contract, the systems were not fully deployed at the time of the initial incidents.

"If network security engineers were running these systems, the initial intrusions may have been detected and prevented," the lawmakers wrote.