Posts
Analysis by: Scott Watkowski, PPS
SUMMARY: The Transportation Security Administration (TSA) is investigating an online posting that revealed agency secrets pertaining to airport passenger screening. The leak is considered serious and exposed details such as: technical settings used by X-ray machines and explosives detectors; 12 countries whose passport holders are automatically subjected to added scrutiny; pictures of credentials used by federal officials; and how often checked bags are to be hand-searched.
ANALYSIS: Today’s sophisticated terrorist groups and many organized crime elements already knew about the security information that was irresponsibly posted to a public/open source of information by the TSA. These groups are very well funded and most have an insider in just about every level of government and major companies. The security information that was compromised would be most valuable to the ‘‘aspiring’’ terrorist or the lone-wolf types. These groups, while small in number and limited in resources, still pose a very real and constant threat to our national security and public safety.
A major area of concern here is the TSA's policies of handling sensitive data and how the breach of operational security happened. Most disturbing is the liaise-fare attitude they have had since this story was revealed. In the private business world, this event would have brought swift legal action for such an unreported disclosure. Something of this magnitude warrants a full investigation and an audit of the agency’s information policies.
The general public and the Department of Homeland Security have every right to be concerned about the TSA’s databases being compromised if there is not a procedure audit and a review of policies. Congress and the associated oversight committees should address how the TSA -- and all government agencies -- are safeguarding sensitive information from outside hackers and internal mishandlings. A check and balance system combined with better accountability would be a step in the right direction.
Firestorm offers Red-Flag Policy Reviews for companies to help them safeguard against disclosures and fines and lawsuits should there be a security breach by hackers or identity thieves. In short, corporations may now be found liable for damages to individuals whose information is stolen. The question for everyone is accountability and auditing your procedures on regular basis.
