Risk
2/2/2010
03:05 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Homeland Security Plans Cybersecurity, Data Center Investments

Other big-ticket tech projects in the department's fiscal 2011 plans include advanced imaging for airport security and upgrades to the E-verify system for employee verification.

The Department of Homeland Security is looking to invest nearly $900 million in fiscal 2011 on technology projects that include bolstering cyber security and continued work on a data center consolidation project that's already underway.

Other IT priorities listed as part of the department's proposed $56.3 billion budget, unveiled Monday, include improvements to an existing Internet-based verification program that lets employers check that someone is legally allowed to work in the United States and technology for airport security.

Overall, DHS said that protecting the United States against terrorism and other threats and promoting fiscal responsibility and efficiency within the department are its top priorities for fiscal 2011 funding.

DHS is asking for $379 million to go to its National Cyber Security Division (NCSD) to develop capabilities for preventing and responding to cyber attacks. The department plans to use the money to identify and reduce vulnerabilities within both its .gov and .com Internet domains, officials said on a conference call.

NCSD is a division within DHS that's meant to work collaboratively with public, private, and international organizations to secure cyberspace and the U.S. government's cyber infrastructure. At the same time that it's investing in cybersecurity, the Obama administration has made several key appointments to oversee such efforts, including cybersecurity coordinator Howard Schmidt. (See "U.S. Cybersecurity Team Takes Shape.")

Homeland Security is requesting $192.2 million in its FY 2011 budget to continue migrating applications and systems from 24 data centers to two enterprise-wide data centers. The project was started after its inspector general, in 2005, reported deficiencies in the department's IT disaster-recovery planning.

As part of the budget's focus on enforcing immigration laws, DHS wants to bolster its E-verify program with $103.4 million for planned improvements. E-verify is an online system that can be used by employers to compare a potential employee's legal-work-status information with more than 444 million records in the Social Security Administration database and more than 60 million records in Department of Homeland Security immigration databases.

DHS also plans to spend $214.7 million to procure and install 500 advanced imaging machines at airport checkpoints to detect dangerous materials, according to the proposed 2011 budget.

InformationWeek has published a look at the technical and political ramifications of Google's problems in China. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

Best of the Web