Two Democratic congressmen have asked the US Department of Homeland Security (DHS) to investigate cyberattacks against government systems reportedly managed by Unisys.The chairman of the House Committee on Homeland Security and the chairman of the House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, sent a letter on Friday to the DHS inspector general, indicating DHS systems are being attacked by hackers based in other countries.
The letter alleged that the networks are at risk because of "incompetent and possibly illegal activity" by a major IT security consulting firm.
The congressmen did not identify the contractor, but a report in the Washington Post indicated that the FBI is investigating Unisys, which has a $1.7 billion (£843 million) contract with the DHS.
The FBI is reportedly investigating Unisys for failing to detect cyberattacks linked to a Chinese-language website, then trying to cover up the breaches. The Post also reported that in 2002, Unisys won a $1 billion (£500 million) deal to deploy and securely manage the IT networks of the Transportation Security Administration (TSA), a division of the DHS.
"The infiltration of federal government networks by unauthorised users is one of the most critical issues confronting our nation, but it's hardly a new threat," Thompson and Langevin wrote. "For years, these attacks have resulted in the loss of massive amounts of critical information. Cyber-espionage is an issue of national security, and we must improve our defensive posture to prevent the theft of data or the compromise of the integrity of our data."
The congressmen noted that intruders moved information from the compromised computers to a web-hosting company with ties to Chinese websites. It is also alleged that the DHS contracted with Unisys to install network intrusion detection systems that were not fully deployed during the incidents.
The letter noted that the Committee on Homeland Security was notified that password-theft malware and malicious code were discovered on more than 12 computers at DHS headquarters. The congressmen said the computers could still be compromised because of the contractor's "insufficient mitigation efforts."
Unisys released a statement on Monday saying it “vigorously disputes the allegations” in the Post article, "but federal security regulations preclude public comment on specific incidents.”