Advertisement

Rep. Hurd: Congress demands info on Juniper backdoor

The chairman of the House Oversight and Government Reform Committee’s IT subcommittee took the federal government to task in an op-ed Wednesday over its lack of response to the backdoor discovered in Juniper Network’s software last month.

The chairman of the House Oversight and Government Reform IT Subcommittee took the federal government to task Wednesday over its lackadaisical response to the backdoor discovered in Juniper Network’s widely used security software last month.

Freshman Rep. Will Hurd, R-Texas, wrote in an op-ed in the Wall Street Journal that the government dragged its feet in notifying lawmakers on how it’s responded to the vulnerability discovered in Juniper’s ScreenOS software, despite the fact that the information should be easy to obtain.

“Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen,” Hurd wrote.

In December, the company discovered the backdoor that would allow sophisticated hackers to control the firewall of un-patched Juniper products and decrypt network traffic. The company’s products are used by a number of government agencies, including the departments of Defense, Justice and Treasury.

Will Hurd, R-Texas

Will Hurd, R-Texas

The FBI and Department of Homeland Security have been working to determine if there has been any damage done to government systems and whether they’ve been patched, but Hurd said agencies have been short on details.

The op-ed comes as members of the oversight committee issued a letter (like this one) to 24 agencies last week demanding agencies list their inventory of Juniper products and whether they’ve been patched.

“If they fail to respond they will be called before Congress to explain why they couldn’t produce this basic information — even though the 2002 Federal Information Security Management Act requires government bodies to monitor and protect the data they possess,” Hurd wrote.

The incident shines a light on two areas where the government uses technology, Hurd writes. He called for agencies to move away from legacy software — which ScreenOS can be considered as — and refrain from calls to insert backdoors into encryption for the sake of law enforcement investigations.

Advertisement

Read the full op-ed on the Wall Street Journal (paywall).

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts