Unisys Investigated For Covering Up Cyber-Attacks 114
Stony Stevenson writes "Unisys, a major government IT contractor, is reportedly being investigated for failing to detect cyber-attacks, and then covering up its failings. Two US congressmen have called for an investigation into cyber-attacks aimed at the Department of Homeland Security, along with a contractor (that would be Unisys) charged with securing those networks. 'The House Committee on Homeland Security's investigations led them to believe the department is under attack by foreign powers, and could be at risk because of "incompetent and possibly illegal activity" by a US contractor. The congressmen didn't name the contractor in the letter. However, the Washington Post on Monday reported that the FBI is investigating Unisys, a major information technology firm with a $1.7 billion Department of Homeland Security contract, for allegedly failing to detect cyber break-ins traced to a Chinese-language Web site and then trying to cover up its deficiencies.'" Unisys denies it all.
Incompetence on both ends (Score:3, Interesting)
Yes, Unisys may have screwed up, but then again, its all about the better mousetrap and all...
Re:Page 2? (Score:3, Interesting)
Typical govt C&A hokum (Score:5, Interesting)
Unysis (Score:2, Interesting)
Re:Typical unisys (Score:5, Interesting)
This is a big part of the problem. The vast majority of Government Contractors are only marginally qualified and got their jobs by having the clearance, not by being technically proficient. This is known as "warm bodies" syndrome since many contracts pay per position filled. Getting a clearance can take years, depending on the level, and usually takes months, so this is a high barrier to entry and keeps a lot of smart people out.
There are many very capable and well-qualified people in Government Contracting, but they are a minority. Of course, Management, being what it is, doesn't want to give bad news to a customer, so sometimes they "muddy the waters".
Re:Typical unisys (Score:3, Interesting)
I know this, because I worked for IBM in a government data center at the time. We handled the big iron (oddly enough, including some machines from Sun and some ancient AS/400s) and the Unisys flunkies did operations and tape library stuff (cartridge and reel to reel). DOT, IRS, etc stuff. Believe it or not, they had PCs in there running Win95 and NT4 with no egress filtering to the internet... There were quite a few Ukrainians, Chinese, Russian and Estonian employees working there for Unisys. Over in the other room Lockheed Martin had their stuff running. No one but U.S. citizens allowed in there, and no outside internet access. I pitied the network admins (not really).
Not surprising (Score:1, Interesting)
1. When a user asked for a password change, we were not supposed to challenge them in any way. This included people as high up as the Secretary(or more accurately-the secretary's assistant), but we didn't even have a list of who his assistants were.
2. Each desk had two systems, one Unisys and one DHS. The building had no physical security and the systems were not locked down. Also, nobody ever locked their desktops.
3. The head of cybersecurity resigned at one point, stating that nobody took network security seriously. Two weeks later, his account was still active.
4. I worked there for about 8 months before I decided to get out. In that time, I never received any sort of security clearance.
Those are just the big ones. That was my first and last job for a government contractor.