The Washington Post

Report shows weaknesses in DHS cybersecurity

The Department of Homeland Security has failed to follow many of its own cybersecurity policies, exposing the agency’s networks to unnecessary risks, according to federal auditors.

Homeland Security logo reflected in the eyeglasses of a cybersecurity analyst at the agency's secretive cyber defense facility in Idaho. (Mark J. Terrill/AP). Homeland Security logo reflected in the eyeglasses of a cybersecurity analyst at the agency’s secretive cyber defense facility in Idaho. (Mark J. Terrill/AP)

An inspector general’s report last month faulted the department for using outdated security controls and Internet connections that are not verified as trustworthy, as well as for not reviewing its “top secret” information systems for vulnerabilities.

Sen. Tom Coburn (R-Okla.), the top Republican on the Senate Homeland Security and Governmental Affairs Committee, blasted the department for the findings Monday.

“This report shows major gaps in DHS’s own cybersecurity, including some of the most basic protections that would be obvious to a 13-year-old with a laptop,” Coburn said in a statement. “We spend billions of taxpayer dollars on federal information technology every year. It is inexcusable to put the safety and security of our nation and its citizens at risk in this manner.”

Overall, auditors found that Homeland Security has improved its information-security program, in part by streamlining its risk-management system and addressing some of the Obama administration’s cybersecurity priorities. But they said some of the department’s components “are still not executing all of the department’s policies, procedures and practices.”

Homeland Security spokesman S.Y. Lee noted that the department agreed with and has already begun implementing all five of the inspector general’s recommendations, which included proposals to conduct reviews of “top secret” systems and ensure baseline security settings for all workstations and servers.

“The Department of Homeland Security continues to improve and strengthen our capabilities to address the cyber risks associated with our critical information networks and systems,” Lee said.

Sen. Tom Carper, who chairs the Homeland Security committee, applauded the department for its progress but said more work needs to be done. He promised to work with Coburn and other lawmakers in the House and Senate on bipartisan legislation to address the nation’s cyber threats.

“As the number of cyber-related attacks and information breaches continue to grow, it is critical that our federal agencies do all that they can to protect their systems and to ensure that sensitive information is properly secured,” Carper said in a statement.

Follow Josh Hicks on TwitterFacebook or Google+. Connect by e-mail at  josh.hicks@washpost.comVisit The Federal Eye, The Fed Page and Post Politics for more federal news. E-mail with news tips and other suggestion.

Josh Hicks covers Maryland politics and government. He previously anchored the Post’s Federal Eye blog, focusing on federal accountability and workforce issues.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
Be a man and cry
Deaf banjo player teaches thousands
Sleep advice you won't find in baby books
Play Videos
Drawing as an act of defiance
A flood of refugees from Syria but only a trickle to America
Chicago's tacos, four ways
Play Videos
What you need to know about filming the police
What you need to know about trans fats
Syrian refugee: 'I’m committed to the power of music'
Play Videos
Riding the X2 with D.C.'s most famous rapper
Full disclosure: 3 bedrooms, 2 baths, 1 ghoul
Europe's migrant crisis, explained
Next Story
Lisa Rein · December 2, 2013

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.