WASHINGTON – Governmental Affairs Committee ranking Member Joe Lieberman, D-Ct., Thursday rebuked the Department of Homeland Security for failing to take adequate security precautions to protect its internal wireless communications networks and devices from terrorist attack. The Department’s Inspector General issued a report on the subject Wednesday.
“The report’s findings reveal a troubling lack of diligence,” Lieberman said. “The Department that has responsibility for leading our national cyber security effort has failed to lead by example with respect to its own wireless systems. It’s like the fire department forgetting to install smoke detectors in the station-house.
“This lapse leaves sensitive information and systems exposed to an unacceptable risk of access or attack by criminals and terrorists.” DHS said it has begun to implement the IG’s recommendations. The Department uses wireless communication networks for a variety of uses such as laptops, other computer connections, personal digital assistants (PDAs), and other wireless handheld messaging devices like Blackberries The IG report found that the department has not “established adequate security controls to protect its wireless networks and devices against commonly known security vulnerabilities… As a result of these wireless network exposures, DHS cannot ensure that the sensitive information processed by its wireless systems are effectively protected from unauthorized accesses and potential misuse.” As early as February of 2003, the Administration’s National Strategy to Secure Cyberspace identified securing federal wireless local area networks as a top priority. The IG’s report found a host of unacceptable security failures, such as: Broadcasting wireless signals broadcast beyond secured facilities, allowing access from parking lot, public roads, and surrounding residences; Allowing unauthorized access to sensitive data, or denial of service attacks disrupting DHS communications in an emergency; failing to enable secure encryption and to require robust passwords to minimize threats from unauthorized access, and Providing inadequate security controls necessary to ensure that security settings are not disabled on wireless devices, thereby allowing unauthorized access and potential misuse. On March 19, 2004, in a letter to Homeland Security Secretary Ridge, Lieberman said that the Administration has made “far too little progress” in securing the information systems that under pin so many aspects of our daily lives.”