FBI Probing Unisys Over TSA Cyber Breach
I feel a little sorry for Unisys, who is a local provider of cyber-security services for the TSA, which is part of Homeland Security. The folks who run their security operations center are under fire and accused of not fulfilling contractural obligations to monitor the security of the TSA. Specifically, the full scope of a security breach was not immediately recognized and TSA did not respond to the warnings Unisys gave them.
The end result is that 150 computers were compromised and data was exfiltrated from the system to a “chinese language webserver.” Now an anonymous Hill Staffer has told the WaPo that the FBI is investigating Unisys for “criminal fraud.” The whole story is here at the Washington Post.
As disclosure, I know and am friends with several of the folks who work in Unisys’ Operations Center, and they are all good people. And their mission for the TSA is huge and complex, and one that I do not envy. For security reasons, I will not describe the operation, but understand that it is vast, and that the TSA is distributed across all airports and many regional offices. To detect complicated cyber-security breaches across such an infrastructure is a daunting task, but its one that they do well under one of the harshest service level agreements in the industry.
When TSA was first starting up, Congress poured billions of dollars into getting TSA assembled. It required staffing and training thousands of employees, taking over existing infrastructure or building new infrastructure, and creating a nationwide wide area network in a matter of months. Unisys was given a BILLION dollars to get the job done, followed by another 750 Million bucks as follow-on work. This price tag has been a huge source of criticism for DHS.
Now there is a majority in Congress that is investigating everything it can to embarrass the President and is known to be hostile to DHS. They look at the huge price tag of TSA security, find it failed, and commence to having public hearings on the security breaches. They even leak to the press that an FBI investigation is underway.
And from this huge confluence of politics and cyber-security, Unisys’ name is dragged through the mud- and they have likely been more successful at stopping cyber threats than many other players in the federal contracting space.
My pal at Unisys wrote to say that this breach was at a DHS location and that TSA was not directly affected.