Rep. Thompson condemns DHS decision to promote Charbo

Less than two hours after the Homeland Security Department named Scott Charbo as the new deputy undersecretary for the National Protection and Programs directorate, a key Democratic lawmaker questioned the promotion. Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security Committee, sent a letter to DHS Secretary Michael Chertoff today asking for an explanation of how — in light of Charbo's and the agency's repeated shortcomings in cybersecurity — he is qualified for this new role helping lead the government’s expanded cybersecurity efforts. “Your decision to promote Mr. Charbo to deputy undersecretary of National Programs and Plans effectively places him in charge of the cyber initiative at the department,” Thompson wrote. “Given his previous failings as chief information officer, I find it unfathomable that you would invest him with this authority. This decision raises concerns about the seriousness and credibility of the administration’s initiative.” Charbo has been CIO since 2005. Thompson asked Chertoff to contact him to discuss the matter. Thompson’s unhappiness with Charbo stems from a June hearing which uncovered that hackers had compromised DHS’ networks and stolen data. “The testimony the committee received was deeply troubling,” Thompson wrote. “Mr. Charbo seemed unaware and unconcerned about any serious malicious activity on the networks he was charged with securing.” Thompson said Charbo’s attitude toward evidence that Chinese hackers were stealing data from DHS networks suggests that neither he nor the rest of the department was taking the issue of cybersecurity seriously enough. “Ultimately, the evidence uncovered by our investigation suggests that while Mr. Charbo may have created information technology services and capabilities throughout the department, he did so at the expense of security,” Thompson wrote. “In this day and age — where the cyberthreat both from home and abroad is real and dangerous — this is an incredible and unacceptable dereliction of duty.” An e-mail asking for comment from DHS was not immediately returned. IT security has been a constant weakness for the agency since Congress created it in 2003. For instance, an October inspector general report also found DHS’s IT security was weak. The audit said as of July 31, DHS’ chief information security officer reported that 530 of the department’s 603 operational systems had been certified and accredited to meet information security requirements. However, the inspector general found that only 486 systems should be considered certified and accredited.