Congressmen Demand Investigation into DHS Georgia Hack

f t # e
Washington, January 13, 2017 | comments

By Edmund Kozak | Lifezette
January 13, 2017

Reps. Jason Chaffetz (R-Utah) and Jody Hice (R-Ga.) sent a letter to Department of Homeland Security Inspector General John Roth on Thursday demanding an official investigation into alleged attempts by DHS to hack Georgia’s firewall.

“We request you investigate Secretary Kemp’s allegations that the Department of Homeland Security (DHS) conducted unauthorized scans of his office’s computer network,” the letter states.

Specifically, Chaffetz and Hice want Roth to investigate whether or not DHS “conduct[ed] an unauthorized scan of the Georgia Secretary of State’s computer network(s)? If so, who authorized the scan(s)? Has the Department conducted an unauthorized scan(s) of any other state’s systems?” and “if so, which states did DHS scan without authorization?”

A Capitol Hill staffer with knowledge of the motivations behind the letter confirmed that the House Committee on Oversight and Government Reform, Secretary Kemp, and the Georgia congressional delegation are growing increasingly frustrated with how DHS has hitherto handled the case.

“Last month, Georgia Secretary of State Brian Kemp wrote a letter to Secretary of Homeland Security Jeh Johnson, in which he identified an ‘unsuccessful attempt to penetrate the Georgia Secretary of State’s firewall’ originating from a DHS-registered IP address,” the letter explains.

“On Dec 12, 2016, Secretary Johnson responded to the [Georgia] Secretary of State’s letter, in an attempt to answer that question. In his response, Secretary Johnson explained the incident identified in Secretary Kemp’s first letter was ‘normal… interaction’ by a DHS contractor with the Georgia Secretary of State’s website,” the letter states.

“Johnson’s response was unequivocal that ‘there was no scanning’ or security assessment of the Secretary of State’s network by DHS’s cybersecurity experts,” the letter notes. Johnson told the congressmen that DHS “traced the activity back to a contractor at the Federal Law Enforcement Training Center in Glynco, Georgia, who was engaged in verifying individuals’ professional licenses but used a less common but still legitimate method of doing so called HTTP OPTIONS.”

The “use of HTTP OPTIONS … triggered false positives for suspicious activity on the Georgia Secretary of State’s servers,” Johnson claimed at the time. But according to Reps. Chaffetz and Hice, Johnson’s response left much to be desired — Johnson has yet to release any information to prove the explanation he gave to Secretary Kemp.

“In Secretary Johnson’s one-page response and his staff’s telephonic briefings, DHS did not provide adequate information to verify or validate any of those statements. Indeed, the Secretary acknowledged in the letter that those were ‘initial findings’ and that his letter was an ‘interim response … subject to change,'” write Chaffetz and Hice.

Although the Oversight Government Reform Committee is formally requesting Inspector General Roth's aid in the matter, it is clear their experience with Johnson and the fact that they have received no updates since DHS' initial response has left Chaffetz and Hice with little faith in DHS' abilities.

"We also question the Department's ability to remain neutral in investigating its own potential misconduct and think an independent investigation of these incidents is warranted," they write, while reminding Roth that "the Committee on Government Oversight and Reform is the principal oversight committee of the House of Representatives" and may at "any time" investigate "any matter" as set forth in House Rule X.
f t # e

Connect with Jody

Sign up to get a newsletter straight to your inbox

Help with a Federal Agency

One of the most important things I do as a U.S. Representative is help constituents work through issues with federal agencies. Although I cannot override the decisions made by a federal agency, I can often intervene on a constituent’s behalf to get answers to questions, find solutions, or just cut through the red tape. Below you will find a list of agencies with which I can help you. However, regardless of which agency you need help navigating, you must complete a privacy authorization form to comply with the provisions of the Privacy Act. Please download this printable version of the casework authorization form and then fax or mail to the address listed under the agency from which you are seeking assistance.

Casework Authorization Form