DHS Information Sharing Platform Breached
contributed by SANS NewsBites Vol.11 Num 38

A US Department of Homeland Security official has acknowledged a
security breach of the platform the department uses to share sensitive,
unclassified information with state and local authorities. Chief
Information Officer for DHS Office of Operations Coordination and
Planning Harry McDavid said that the US Computer Emergency Readiness
Team detected two intrusions into the Homeland Security Information
Network: one in March and one in April. The intruders managed to gain
access to the system through an account belonging to a federal employee
or contractor.
http://fcw.com/Articles/2009/05/13/Web-DHS-HSIN-intrusion-hack.aspx
[Editor's Note (Pescatore): The new secretary of the Department of
Energy, Steven Chu, was recently quoted as saying "well-meaning people"
in the chief information officer's office and in the procurement and
finance offices "whose job it is to protect the Department of Energy"
actually hinder what the department can do." I hope he looks at this DHS
incident to make sure that DoE increases, vs. decreases, building
security into its systems and applications.
(Northcutt): ".. gained ACCESS through an account belonging to a federal
employee." Maybe we could get a special holiday commissioned, "access
control day."]