DHS vulnerability scanning program offline after Virginia office loses power
Two cybersecurity programs the Department of Homeland Security offers states and the private sector have been temporarily knocked offline due to a power outage, while other services have been shifted to backup locations, multiple sources tell CyberScoop.
The National Cybersecurity and Communications Integration Center (NCCIC), the 24/7 hub for monitoring cyberthreats across the government and critical infrastructure, has shifted operations to a backup location in Florida. The move was made after the Arlington, Virginia, building that houses NCCIC lost power last week due to heavy rains.
Additionally, two other programs under NCCIC’s National Cybersecurity Assessments and Technical Services (NCATS) — Cyber Hygiene vulnerability scans and Phishing Campaign Assessment — have been offline since July 26.
The Cyber Hygiene program remotely detects known vulnerabilities on internet-facing services. The Phishing Campaign Assessment program is part of a remote penetration testing service. Both programs are used by hundreds of customers across the country. Thirty-four states have received vulnerability scans through the Cyber Hygiene program, according to a DHS presentation given at the National Association of State Election Directors summer conference.
DHS Assistant Secretary for Cybersecurity and Communications Jeanette Manfra told CyberScoop that the disruption to Cyber Hygiene is temporary, and that election systems will be the first to resume service once the program comes back online. Officials expect scans to resume Aug. 6.
The building housing NCCIC suffered heavy damage when portions of the façade ruptured due to the volume of rain that fell in the Washington, D.C., region. The roof of a restaurant on the building’s ground level failed during business hours on July 26.
A video from WJLA-TV shows the damage:
A number of DHS offices are in that building.
CyberScoop has learned that due to the water damage, the building completely lost power, which prevented server rooms used by DHS from staying cool. Once the room reached a certain temperature, a sprinkler system was activated. Those sprinklers damaged servers supporting the Cyber Hygiene and Phishing Campaign Assessment programs.
On Sunday, the NCATS office sent an email to its customers informing them that Cyber Hygiene and Phishing Campaign Assessment were offline and that contingency plans have been put in place.
“In order to minimize the operational impact, we immediately implemented our contingency plans and transferred functions to other sites, including NPPD’s facility in Pensacola, Fla.,” the email, obtained by CyberScoop, reads. “We are working to restore these services as quickly as possible. We will let you know when the service and reports will resume.”
NPPD is the National Protection and Programs Directorate, which oversees NCCIC.
According to Manfra, the power loss to the Arlington building rendered the elevators unusable. The department decided that until the building is fully online, it will continue to use the Pensacola location for the NCCIC watch floor. Manfra said if personnel need access to secure facilities, they will be able to use other locations in the D.C. area.
Chris Krebs, the DHS undersecretary in charge of NPPD, told CyberScoop that the department is “taking this opportunity to get some efficiencies into the system, but also to build resilience and redundancy.”
The power outage has had a “minimal impact” on DHS’s cybersecurity operations, Krebs said. The incident has not, for example, affected the department’s ability to respond to cyber incidents or issue warnings to the private sector.
“Cyber Hygiene scans are not mission-critical scanning systems,” he said, but “they are services we provide that are important to support.”
DHS has been at the center of the federal government’s efforts to fortify U.S. voting infrastructure following the 2016 presidential election, when Russian hackers probed systems in 21 states. Last week it was revealed that the same outfit of Russian hackers that meddled in the 2016 election appears to have targeted Democratic Sen. Claire McCaskill‘s office.