Risk
2/2/2010
03:05 PM
Connect Directly
RSS
E-Mail
50%
50%

Homeland Security Plans Cybersecurity, Data Center Investments

Other big-ticket tech projects in the department's fiscal 2011 plans include advanced imaging for airport security and upgrades to the E-verify system for employee verification.

The Department of Homeland Security is looking to invest nearly $900 million in fiscal 2011 on technology projects that include bolstering cyber security and continued work on a data center consolidation project that's already underway.

Other IT priorities listed as part of the department's proposed $56.3 billion budget, unveiled Monday, include improvements to an existing Internet-based verification program that lets employers check that someone is legally allowed to work in the United States and technology for airport security.

Overall, DHS said that protecting the United States against terrorism and other threats and promoting fiscal responsibility and efficiency within the department are its top priorities for fiscal 2011 funding.

DHS is asking for $379 million to go to its National Cyber Security Division (NCSD) to develop capabilities for preventing and responding to cyber attacks. The department plans to use the money to identify and reduce vulnerabilities within both its .gov and .com Internet domains, officials said on a conference call.

NCSD is a division within DHS that's meant to work collaboratively with public, private, and international organizations to secure cyberspace and the U.S. government's cyber infrastructure. At the same time that it's investing in cybersecurity, the Obama administration has made several key appointments to oversee such efforts, including cybersecurity coordinator Howard Schmidt. (See "U.S. Cybersecurity Team Takes Shape.")

Homeland Security is requesting $192.2 million in its FY 2011 budget to continue migrating applications and systems from 24 data centers to two enterprise-wide data centers. The project was started after its inspector general, in 2005, reported deficiencies in the department's IT disaster-recovery planning.

As part of the budget's focus on enforcing immigration laws, DHS wants to bolster its E-verify program with $103.4 million for planned improvements. E-verify is an online system that can be used by employers to compare a potential employee's legal-work-status information with more than 444 million records in the Social Security Administration database and more than 60 million records in Department of Homeland Security immigration databases.

DHS also plans to spend $214.7 million to procure and install 500 advanced imaging machines at airport checkpoints to detect dangerous materials, according to the proposed 2011 budget.

InformationWeek has published a look at the technical and political ramifications of Google's problems in China. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.