Lawmaker criticizes DHS cybersecurity nominee
The Homeland Security Department has appointed an official who oversaw a cybersecurity contractor whose work is under federal investigation to a key position overseeing a program worth hundreds of millions of dollars to secure computer networks across the federal government.
The Feb. 1 appointment of Scott Charbo, Homeland Security's chief information officer, to be deputy undersecretary for the national protection and programs directorate, drew immediate criticism from House Homeland Security Committee Chairman Bennie Thompson, D-Miss., who was familiar with Charbo's past.
In a letter to Homeland Security Secretary Michael Chertoff, Thompson said an investigation conducted by his committee last year showed Charbo failed to properly address computer security breaches within agencies housed at department headquarters, along with incompetent and possibly illegal activity by private contractor Unisys.
The incidents included the exfiltration of information from Homeland Security Department networks to a Web-hosting service that connects Chinese Web sites, according to Thompson's investigation.
The security breaches that occurred under Charbo's watch and the work by Unisys are now under investigation by the FBI and the Homeland Security Department inspector general, according to Thompson and congressional aides.
The IG's office confirmed to CongressDaily that its investigation is continuing. The FBI would not confirm or deny the existence of an investigation.
Thompson asked the department's Office of Security to conduct an investigation but has yet to get a briefing from officials despite repeated requests.
Thompson said Charbo will be responsible for overseeing a critical part of a massive cybersecurity initiative that the Bush administration has launched.
Chertoff announced this week that the department is requesting about $294 million in its fiscal budget request for its portion of the initiative.
His department will secure computer networks across agencies under the initiative, the details of which remain classified.
"Given his previous failings as chief information officer, I find it unfathomable that you would invest him [Charbo] with this authority," Thompson wrote Chertoff on Feb.1. "This decision raises concerns about the seriousness of the administration's initiative."
Senate Homeland Security and Governmental Affairs Committee Chairman Joseph Lieberman, I-Conn., did not criticize Charbo's appointment but is "deeply concerned about vulnerabilities in the nation's cybersecurity, as well as DHS' own systems," according to his spokeswoman.
"The committee, however, is conducting vigorous oversight of the cybersecurity initiative to ensure successful deployment and efficient spending of the increasing amount of money Congress has appropriated for the program," she said.
The Homeland Security Department did not make Charbo available for comment Wednesday.
A department spokeswoman issued a statement saying: "It is unfortunate that the chairman [Thompson], who has often criticized the department about vacancies in key leadership positions and the state of morale, has once again chosen to make a personal attack on a department employee who has demonstrated over a number of years his able and dedicated service to this nation."
Charbo was appointed chief information officer in 2005 and later became the department's acting undersecretary for management. None of the positions, including the most recent one, required Senate confirmation.
The spokeswoman said Charbo has "invaluable management skills" and "made impressive progress" on securing computers and networks while institutionalizing "rigorous network security and data and privacy protection programs."
She added that the department takes Thompson's allegations "very seriously" and has provided every incident report to the department's security operations center, as well as to the House Homeland Security Committee when requested.
"The vast majority of these incidents were minor in nature and were resolved quickly, often within hours," she said. "Every incident report has been provided to Chairman Thompson's committee and more than 97 percent of all incidents reported have been closed."
Thompson has claimed that Unisys employees provided "inaccurate and misleading information" to Homeland Security officials about the source of attacks and attempted to hide security gaps.
A Unisys spokeswoman referred to a statement the company issued in September in response to Thompson's allegations about the firm, when they were first reported by the Washington Post.
"Unisys vigorously disputes the allegations . . . ," the company said. "Facts and documentation contradict the claims described in the article, but federal security regulations preclude public comment on specific incidents."
The statement said the company routinely follows prescribed security protocols and had properly reported incidents to the Homeland Security Department.
The department rebid its contract for computer and network security for headquarter agencies in the fall. Unisys submitted a bid but did not win. Instead, a contract worth $362 million was awarded to Lockheed Martin Corp., a Homeland Security spokesman said.
COMMENTS
- Attacking Bennie Thompson is irrelevant to Charbo's qualifications. Charbo admitted in the Congressional testimony that no one had been fired as a result of what is being publicly reported as a chinese hacking incident. That would certainly seem to be within his power to do. The testimony also stated that Charbo initially believed this incident of running password crackers and sending data to chinese web sites was the work of an insider?? The testimony states that Charbo was unable to deploy Einstein network intrusion sensors to protect his own agency's network and may have even personally blocked it. So the person who may have blocked the success of the NPPD's flagship product is now a believer and is being put in charge of the NPPD. And another article on the subject states that "He said one thing GAO recommended would be to encrypt the department’s local-area network, but he believes that won’t be necessary." If the chinese are truly attacking DHS as the news reports state, this stance doesn't make much sense. unknown Posted May 2, 2008 11:47 AM
- Amazing. All four prior comments turn on the charge against Charbo that he was under Federal investigation; a comment that has since been retracted by this Web site and an edited article substituted for the original. NO ONE knows the fine details of the case against Charbo outside a select few people; Bennie Thompson is immune to prosecution for breaking security on the case and thus can get away with making allegations that no one can legally deny - because the exonerating evidence is classified. Bennie Thompson is going through the entire Tailgunner Joe McCarthy playbook in his quest to smear DHS. Bennie Thompson's relationship with Lockheed Martin bears looking into before his word on other people's ethical lapses is taken at face value. His showboating sure paid off for them when the contract was put up for bids again. Dreyfus Posted April 19, 2008 9:07 PM
- And, I rest my case. Before the government spends good money for Ethics training, it should determine what the ROI would be. This is a good example of who creates the ethical mess. You can expect the return on this investment to be similar to what he is being investigated for. Apparently, hiring the best qualified wasn't what happened in this instance. Surely there is a candidate pool that exists that includes highly skilled personnel who are not under investigation. What more can be said. Retired DOD Business Analyst Posted February 11, 2008 10:45 AM
