Department of Homeland Security: Data Breaches
Washington Post
By Ellen Nakashima and Brian Krebs
Washington Post Staff Writers
Monday, September 24, 2007; Page A01

The FBI is investigating a major information technology firm with a $1.7 billion Department of Homeland Security contract after it allegedly failed to detect cyber break-ins traced to a Chinese-language Web site and then tried to cover up its deficiencies, according to congressional investigators.

At the center of the probe is Unisys Corp., a company that in 2002 won a $1 billion deal to build, secure and manage the information technology networks for the Transportation Security Administration and DHS headquarters. In 2005, the company was awarded a $750 million follow-on contract.

On Friday, House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) called on DHS Inspector General Richard Skinner to launch his own investigation.

As part of the contract, Unisys, based in Blue Bell, Pa., was to install network-intrusion detection devices on the unclassified computer systems for the TSA and DHS headquarters and monitor the networks. But according to evidence gathered by the House Homeland Security Committee, Unisys's failure to properly install and monitor the devices meant that DHS was not aware for at least three months of cyber-intrusions that began in June 2006. Through October of that year, Thompson said, 150 DHS computers -- including one in the Office of Procurement Operations, which handles contract data -- were compromised by hackers, who sent an unknown quantity of information to a Chinese-language Web site that appeared to host hacking tools.

The contractor also allegedly falsely certified that the network had been protected to cover up its lax oversight, according to the committee.

"For the hundreds of millions of dollars that have been spent on building this system within Homeland, we should demand accountability by the contractor," Thompson said in an interview. "If, in fact, fraud can be proven, those individuals guilty of it should be prosecuted."

A Unisys spokeswoman, Lisa Meyer, said that "no investigative body has notified us formally or informally of a criminal investigation" on the matter and added that she could not comment on specific security incidents.

She said that Unisys has provided DHS "with government-certified and accredited security programs and systems, which were in place throughout 2006 and remain so today."

The DHS intrusions are especially disturbing in light of a rash of attacks on government computer systems linked to Chinese servers, Thompson said. Since last year, hackers have penetrated e-mail and other systems at the Defense, State and Commerce departments. Unisys was not providing information-security services in those cases.

National security and cyber-security experts say the U.S. government and its contractors are the target of a growing cyber-warfare effort that they suspect is being conducted by the Chinese government and its proxies with the aim of stealing military secrets and accessing the computer networks of the world's only military superpower. The trend, they say, reflects the convergence of cyber-crime and espionage, abetted by the availability of hacker tools on the Internet and lax information-technology security.

"This is a warning that our networks are porous and vulnerable to the new breed of hackers," said James Lewis, a senior fellow at the Center for Strategic and International Studies.

DHS, which oversees agencies critical to domestic security, including the TSA and Customs and Border Protection, has insufficiently secured its networks, Thompson said. He said he is "troubled" by what he sees as DHS officials' indifference to the problem.

Original Text