B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at
Just select the "B2G Essentials" blog to continue to receive this valuable content.
Hackers Slide Through DHS’s Network Defense; Now its Time to Play the Blame Game

Roughly three weeks after reports surfaced of a Pentagon IT system being hacked, allegedly by the Chinese, DHS is reporting that it too is the victim of an unauthorized network intrusion that allowed the hacker(s) to copy and transfer files to an outside Chinese language Website. The hacks in question accrued over three-month period during 2006.

As reported by the Washington Post, on September 24, 2007, DHS is claiming its vendor failed to install the contracted number of intrusion detection systems, which allowed the network break-in. Moreover, once it was discovered that an intrusion had occurred the severity of the breach was dramatically downplayed.

The process now is centered on determining fault, and truth be told both parties are to blame. Perhaps the contractor did not meet the terms of the contract for intrusion detection services. But, the fact DHS was even unaware that its vendor was not meeting its contract obligations is a problem inherent to fact that DHS, and most federal agencies, lack adequate program management; especially in regards to IT security.

Since its inception, DHS's problems areas have run the gauntlet from the integration of its various network systems to the management of its procurement process. The fact that DHS seems to not know what happened with its own systems is emblematic of an agency that has struggled to blend the remnants of 22 different organizations and failed to provide enough vendor oversight along the way.

It's foolish to believe that such an event could only happen in DHS as a shortage of procurement officials and security program managers exists government-wide. This one event will most likely not prompt other agencies to be more vigilant in auditing their vendor supplied security systems, however one has to wonder how severe of an attack will finally have to occur before agencies get serious about IT security.

Read Washington Post Article "Contractor Blamed in DHS Data Breaches"

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)