TSA posts document on airport screening procedures online
Lawmakers call gaffe shocking, demand investigation
Computerworld - In a gaffe called "shocking" and "reckless" by some U.S. lawmakers, the Transportation Security Administration (TSA) inadvertently posted a 93-page document containing highly sensitive information on its airport screening procedures on a government Web site.
The aviation security manual included details on TSA procedures for screening passengers, special rules for handling the CIA, diplomats and law enforcement officials and the technical settings and tolerances used by metal and explosive detectors used at airports.
The document included information on the frequency with which checked bags are to be hand screened for explosives, the names of 12 countries whose citizens are automatically sent to secondary screening and a list of items for which screening is not always required. Also included were images of sample credentials used by members of Congress and the CIA which the TSA said could be easily imitated. Each page of the manual carries the admonition:"NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A 'NEED TO KNOW.'
The document, which was posted on the Federal Business Opportunities Web site was discovered on Sunday by The Wandering Aramean blog. The manual was posted as part of a TSA contract solicitation and was supposed to have been redacted.
But rather than removing the sensitive text from the document "they just drew a black box on top of it," the blog noted. "Turns out that PDF documents don't really care about the black box like that and the actual content of the document is still in the file."
The TSA document has since been removed from the federal Web site. But numerous copies of the documents have since become available around the Internet.
In a statement, a TSA spokesman said that the document was an "outdated, unclassified version of a Standard Operating Procedures. This version of the SOP was never implemented. Because TSA has to constantly adapt to address ever evolving threats, there have been 6 newer versions of the procedures since this version was drafted." The statement goes on to add that while the document demonstrates the "complexities of checkpoint security" it does not contain information related to the specifics of everyday screening. A full review is now under way into the incident, the TSA said.
The TSA's claim that the document was outdated has done little to quell the outrage expressed by some lawmakers.
In a statement today, Sen. Susan Collin (R-Maine), the ranking member of the Senate Homeland Security Committee blasted the TSA over its lapse. "This manual provides a road map to those who would do us harm," Collins said. "The detailed information could help terrorists evade airport security measures
The "shocking breach" will undercut the American's public's confidence in security measures at U.S. airports, she said. Collins said she intends to ask the Department of Homeland Security for a complete explanation of how the breach happened and what specific actions are being taken to prevent "this type of reckless dissemination" in future.
In a similar statement, Sen. Joseph Lieberman, (I-Conn.) called the release of the SOP manual an "embarrassing mistake."
"A security manual, redacted or not, is not the type of document we want to share with the world," Lieberman noted, adding that the improper redaction only compounds the error.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts