Advertisement
Politics

Homeland Security watchdog investigates whistleblower complaint over lapses in bioterrorism program

Capitol Hill
Anthrax-laced letters sent to Capitol Hill in October 2001 helped lead to the establishment of BioWatch, a bioterrorism detection system.
(Ron Thomas / Associated Press)
EL SEGUNDO, CA-MARCH 14, 2019: Emily Baumgaertner, Science and Medicine Reporter, Los Angeles Times
By Emily Baumgaertner
Follow
Share

The Department of Homeland Security’s inspector general is investigating whether agency officials retaliated against a whistleblower who criticized cybersecurity lapses in the nation’s bioterrorism defense program.

Harry Jackson, a former information security manager at Homeland Security, complained that data from the BioWatch program had been stored on an insecure dot-org website for over a decade, where it was vulnerable to cyberattacks, according to government documents.

The system contained the locations of BioWatch air samplers, which were designed to detect airborne biological weapons in more than 30 U.S. cities. It also included the system’s test results, a list of biological agents that could be detected, and response plans to be put in place in the case of a terrorist attack.

Advertisement
A hazardous materials worker is hosed down on Capitol Hill in October 2001. The mailing of anthrax-laced letters that fall gave momentum to the idea that the military needed defenses against biological threats.

Science & Medicine

It was sensitive data from a U.S. anti-terror program – and terrorists could have gotten to it for years, records show

The Department of Homeland Security stored sensitive data from BioWatch on an insecure website where it was vulnerable to attacks by hackers, records show.

Aug. 25, 2019

Jackson filed a complaint in 2017 alleging that his security clearance was temporarily suspended after he raised concerns about the cybersecurity lapses and demanded that the BioWatch website be taken down.

The inspector general’s whistleblower unit initially notified Jackson’s lawyer this year that it would not investigate his claim. But in a letter to Jackson dated Nov. 19, Brian Volsky, the unit’s director, said an investigator would interview witnesses and review documents to discern whether Jackson was the victim of retaliation.

“If the report of investigation contains recommendations for corrective action,” Volsky wrote, the findings would be given to Congress.

Jackson said he believes the inspector general decided to look into his claims only after The Times published details about his complaint in August.

“It’s unfortunate that it took news coverage bringing this to light before DHS decided to revise their past decisions and open this case,” Jackson told The Times on Monday.

“I wasn’t protected back when I brought this to the attention of senior DHS officials back in 2017. Now it’s just a matter of seeing what DHS will do moving forward to protect people who choose to do the right thing.”

Advertisement

Homeland Security did not respond to requests for comment on Monday.

The agency previously notified Jackson that his security clearance was suspended because he had published his concerns about the BioWatch program’s website in an academic journal and also had been recently convicted of drunk driving.

Jackson first demanded that Homeland Security stop storing sensitive data on the website shortly after he was assigned to the program in 2016. A security audit completed in January 2017 confirmed “critical” and “high risk” vulnerabilities, such as weak encryption that made the website “extremely prone” to online attacks, according to records reviewed by The Times. There “does not seem to be any protective monitoring on the site,” a summary of the audit explained.

A subsequent report by the agency’s inspector general reiterated the system’s loopholes and recommended moving the data behind a secure firewall. It said that agency officials agreed to do so.

But government emails and documents show that a bitter clash ensued within the department, as officials argued over the practical obstacles to moving the database. Several also questioned whether the anti-terrorism information would be valuable to an enemy. (An earlier investigation by The Times revealed the system’s long-outdated technology and unreliable performance.)

Jackson filed a whistleblower reprisal complaint to the agency’s inspector general in June 2017; he left the agency later that year.

James F. McDonnell, who led the agency’s Countering Weapons of Mass Destruction Office, told The Times this year that the database had been fully migrated behind a secure firewall by May. But he acknowledged that officials do not know whether hackers ever gained access to the data. McDonnell has since resigned.

More to Read

PoliticsScience & Medicine
Emily Baumgaertner

Emily Baumgaertner was a national correspondent for the Los Angeles Times focused on medical investigations and features. She joined the newsroom in 2019 from the New York Times Washington bureau and left in 2022. Her work has appeared in the Atlantic, the Washington Post, Foreign Policy, Scientific American and elsewhere. A New Haven, Conn., native, Baumgaertner earned her master of public health degree from the George Washington University.

More From the Los Angeles Times

Advertisement