Skip to main content
Emerging ThreatsData Breaches

DHS Faces Scrutiny Over Unclassified Network Breach

Government office interior with secure access point and network infrastructure in background.

"The information in HSIN, while not classified, is highly sensitive, and its exposure risks national security," Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., said last week.

House Homeland Security Committee staff seek briefing

Staff for the House Homeland Security Committee have requested a briefing from the Department of Homeland Security (DHS) about a breach of the agency’s Homeland Security Information Network (HSIN), according to a committee aide familiar with the matter. The aide, who spoke on the condition of anonymity because the subject is sensitive, said staff are hoping to be briefed on the intrusion by Friday.

The request follows a report first published by Nextgov/FCW last week that disclosed the intrusion. Committee staffers are pursuing details on the scope of the incident and the department’s response.

Homeland Security Information Network (HSIN) targeted in late May–early June window

Officials believe hackers penetrated HSIN sometime between late May and early June, a person familiar with the matter previously said. HSIN carries unclassified but sensitive information and is used by approved users to securely access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents and share mission-critical information among federal, state, local, territorial, tribal, international and private-sector partners.

It remains unclear from available reporting whether any contents were pilfered from the platform and the affiliation of the intruders has not been determined, the source said.

Sen. Mark Warner links HSIN use to World Cup and America250 events

Senate Intelligence Committee Vice Chairman Mark Warner said the network is being used to support security for World Cup games being held around the United States and for America250 events. Warner also cited HSIN’s role for emergency responders during a mid-air collision last year between an American Airlines flight and an Army Black Hawk helicopter outside Washington, D.C., underscoring the network’s use for operational coordination in high-profile incidents.

Warner told reporters that DHS and the Justice Department must "thoroughly investigate who breached HSIN, what the attackers accessed, and ensure all DHS partners are provided with timely information and the tools necessary to mitigate any associated risks from the breach."

Department of Homeland Security response and status of investigation

When asked about the committee briefing request, a DHS spokesperson provided the same statement the department issued the previous week confirming the hack. That statement said staff "immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation."

The department added that the investigation is ongoing and that more details cannot be provided at this time.

What this means for emergency responders, event planners, and federal/state/local partners

  • Emergency responders: HSIN has been used in past incident response—Warner cited its role during a mid-air collision—and responders will be watching closely to learn whether operational details or response procedures were exposed.
  • Event planners and security coordinators: With HSIN reportedly supporting World Cup and America250 events, event planners and interagency security teams will seek clarity on whether the intrusion revealed plans or coordination details that could affect public safety or event operations.
  • Federal, state and local partners: Because HSIN is a conduit for mission-critical information across federal, state, local, territorial, tribal, international and private-sector partners, those organizations will require timely information and mitigation tools if DHS determines exposure or data exfiltration occurred.

The public record provided so far establishes three immediate next steps: the House Homeland Security Committee staff’s requested briefing by Friday, DHS’s ongoing forensic investigation, and calls from at least one Senate committee leader for DHS and the Justice Department to pursue a thorough inquiry into who breached HSIN and what they accessed. Significant questions remain about the intruders’ affiliation and whether data was removed from the network—questions committee staff and partners will be pressing DHS to answer.

Original story