|July 01, 2004
RAPS DHS FOR FAILURE TO PROTECT ITS WIRELESS NETWORKS
Sensitive Systems, Information
- Governmental Affairs Committee ranking Member Joe Lieberman,
D-Ct., Thursday rebuked the Department of Homeland Security
for failing to take adequate security precautions to protect
its internal wireless communications networks and devices
from terrorist attack.
The Department's Inspector General issued a report on the
The report's findings reveal a troubling lack of diligence," Lieberman
said. "The Department that has responsibility for leading
our national cyber security effort has failed to lead by
example with respect to its own wireless systems. It's
like the fire department forgetting to install smoke detectors
in the station-house.
This lapse leaves sensitive information and systems exposed
to an unacceptable risk of access or attack by criminals
DHS said it has begun to implement the IG's recommendations.
The Department uses wireless communication networks for
a variety of uses such as laptops, other computer connections,
personal digital assistants (PDAs), and other wireless
handheld messaging devices like Blackberries
The IG report found that the department has not "established
adequate security controls to protect its wireless networks
and devices against commonly known security vulnerabilities...
As a result of these wireless network exposures, DHS cannot
ensure that the sensitive information processed by its
wireless systems are effectively protected from unauthorized
accesses and potential misuse."
As early as February of 2003, the Administration's National
Strategy to Secure Cyberspace identified securing federal
wireless local area networks as a top priority.
The IG's report found a host of unacceptable security failures,
Broadcasting wireless signals broadcast beyond secured
facilities, allowing access from parking lot, public roads,
and surrounding residences;
Allowing unauthorized access to sensitive data, or denial
of service attacks disrupting DHS communications in an
emergency; failing to enable secure encryption and to require
robust passwords to minimize threats from unauthorized
Providing inadequate security controls necessary to ensure
that security settings are not disabled on wireless devices,
thereby allowing unauthorized access and potential misuse.
On March 19, 2004, in a letter to Homeland Security Secretary
Ridge, Lieberman said that the Administration has made "far
too little progress" in securing the information systems
that under pin so many aspects of our daily lives."