It was like a child being scolded with no place to run.
A Congressional subcommittee had some harsh words this afternoon for Department of Homeland Security Chief Information Officer Scott Charbo in light of audit findings from the Government Accountability Office that identified 46 security weaknesses in DHS systems and offered 56 recommendations.
The report prompted a critical response from the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology members, including Rep. Bennie Thompson of Mississippi, the first Democratic chairman of the Homeland Security Committee.
Thompson, in the hearing's most biting reprimand, told Charbo: "How can the DHS be a real advocate for sound cybersecurity practices without following some of its own advice? If [you're] not committed in securing our networks, I have to question [your] ability to lead the department's IT [department]."
He continued, "I think the first thing Mr. Charbo should explain is why he should be able to keep his job?"
Charbo never defended his employment status but did counter that DHS is taking steps to improve its overall security posture and the GAO audit overlooked "compensating or mitigating controls" to secure legacy systems.
Still, the committee wanted answers. They wanted to know whether Chinese hackers had ever infiltrated the DHS database, whether there are confidential employee email exchanges leaving protected channels, and most of all, whether national security is being threatened. And I must say, it was refreshing to hear lawmakers who at least sounded like they knew what they were talking about.
And there wasn't a single mention of the internet being comparable to a series of tubes!
It sounds like at least some of Congress has had it with federal agencies' miserable FISMA grades, even if they don't measure security, only compliance.
You won't want to miss tomorrow's full news story on the hearing, where you'll hear from the GAO on their findings, other members of Congress and, most interesting perhaps, Charbo's response to claims that DHS is a sitting duck for a cyberattack.