TSA posts document on airport screening procedures online
Lawmakers call gaffe shocking, demand investigation
Computerworld - In a gaffe called "shocking" and "reckless" by some U.S. lawmakers, the Transportation Security Administration (TSA) inadvertently posted a 93-page document containing highly sensitive information on its airport screening procedures on a government Web site.
The aviation security manual included details on TSA procedures for screening passengers, special rules for handling the CIA, diplomats and law enforcement officials and the technical settings and tolerances used by metal and explosive detectors used at airports.
The document included information on the frequency with which checked bags are to be hand screened for explosives, the names of 12 countries whose citizens are automatically sent to secondary screening and a list of items for which screening is not always required. Also included were images of sample credentials used by members of Congress and the CIA which the TSA said could be easily imitated. Each page of the manual carries the admonition:"NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A 'NEED TO KNOW.'
The document, which was posted on the Federal Business Opportunities Web site was discovered on Sunday by The Wandering Aramean blog. The manual was posted as part of a TSA contract solicitation and was supposed to have been redacted.
But rather than removing the sensitive text from the document "they just drew a black box on top of it," the blog noted. "Turns out that PDF documents don't really care about the black box like that and the actual content of the document is still in the file."
The TSA document has since been removed from the federal Web site. But numerous copies of the documents have since become available around the Internet.
In a statement, a TSA spokesman said that the document was an "outdated, unclassified version of a Standard Operating Procedures. This version of the SOP was never implemented. Because TSA has to constantly adapt to address ever evolving threats, there have been 6 newer versions of the procedures since this version was drafted." The statement goes on to add that while the document demonstrates the "complexities of checkpoint security" it does not contain information related to the specifics of everyday screening. A full review is now under way into the incident, the TSA said.
The TSA's claim that the document was outdated has done little to quell the outrage expressed by some lawmakers.
In a statement today, Sen. Susan Collin (R-Maine), the ranking member of the Senate Homeland Security Committee blasted the TSA over its lapse. "This manual provides a road map to those who would do us harm," Collins said. "The detailed information could help terrorists evade airport security measures
The "shocking breach" will undercut the American's public's confidence in security measures at U.S. airports, she said. Collins said she intends to ask the Department of Homeland Security for a complete explanation of how the breach happened and what specific actions are being taken to prevent "this type of reckless dissemination" in future.
In a similar statement, Sen. Joseph Lieberman, (I-Conn.) called the release of the SOP manual an "embarrassing mistake."
"A security manual, redacted or not, is not the type of document we want to share with the world," Lieberman noted, adding that the improper redaction only compounds the error.
Read more about Security in Computerworld's Security Topic Center.
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- The Keys to Securing Data in a Collaborative Workplace Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!