Congress holds hearings on tech insecurity at DHS

Over at Wired's Threat Level blog, Ryan Singel writes:

A House Homeland Security subcommittee is holding a hearing [today] into security breaches, hacking and IT security failure at the Department of Homeland Security, that totaled more than 800 incidents in two years.

During that hearing, Congresswoman Zoe Lofgren (D-CA) questioned congressional auditors about their report criticizing U.S. Visit, the IT system intended to keep track of foreigners entering and leaving the United States. Again, Ryan Singel blogs:

"What did you find regarding US Visit in terms of cyber security?," Logren asked.

Keith A. Rhodes, the director of the Center for Technology and Engineering at the Government Accountability Office, seemed to be waiting for this one:

Security issues are pervasive. As matter of fact, i realize that there was earlier statement that our audit was a year old, but actually our audit started a year ago. As matter of fact, we curtailed our assessment since we kept getting more and more findings. If we continued to this day, we would still be finding problems. The problems are pervasive and systemic.

Actually, a lot could be fixed. Systems were out of date or misconfigured. A lot of them are zero cost fixes. I reiterate the systems are run by contractors.

"Was the US Visit database hacked?" Lofgren asked.

Rhodes hesitated and then said.

"I did not see controls in place that would prevent it and did not see defensive perimeter and detection systems in place to tell whether it had or had not been been hacked.

THREAT LEVEL needs not hestitate, since WIRED already found out through government sunshine litigation that US VISIT computers — ostensibly not connected at all to the internet — were hit by the Zotob virus, an infestation the government tried to cover-up.

Link.