TSA officials put on administrative leave after security lapse
DHS head promises full investigation into matter
Computerworld - The United States Department of Homeland Security (DHS) has placed several employees on administrative leave for their role in the recent exposure of a document containing detailed information on the passenger screening procedures used by Transportation Security Administration (TSA) officials at U.S. airports.
DHS Secretary Janet Napolitano told members of the Senate Judiciary Committee this morning that the breach was caused by a contract worker who failed to properly redact sensitive information from the document before posting it on a publicly accessible federal government Web site.
The contract worker and immediate supervisors have been placed on leave while the matter is investigated by DHS Inspector General Richard Skinner and by the TSA's Office of Inspections, Napolitano told the committee. Her comments came during testimony for a previously scheduled hearing when she was asked about the data breach.
Responding to those questions, Napolitano reassured the committee that the security of the travelling public had not been compromised. "We have already initiated personnel actions against the individual involved. We have already instituted an internal review to see what else needs to be done," to prevent similar incidents in future, she said.
Napolitano also said she has ordered a department-wide review to ensure that the DHS is being "rigorous and very disciplined" about what it posts online.
Her comments come amid widespread concerns over the security lapse, which resulted in a TSA manual detailing sensitive procedures for airport passenger and luggage screening being publicly posted. The document was posted as part of a TSA contract solicitation process on the Federal Business Opportunities Web. A blogger discovered the manual on Sunday and posted links to it on his Web site. Though the original document has since been removed by the TSA, numerous copies of it are freely available on the Web.
The exposed material included details on TSA procedures for screening passengers, special rules for handling the CIA, diplomats and law enforcement officials and the technical settings and tolerances used by metal and explosive detectors used at airports. It also included information on the frequency with which checked bags are to be hand-screened for explosives, the names of 12 countries whose citizens are automatically sent to secondary screening and a list of items for which screening is not always required.
Each page of the document warns that the information is sensitive and should be only released on a "need to know" basis.
The TSA itself has maintained that the document was outdated and has downplayed the seriousness of the data.
Sen. Susan Collins (R-Maine) ranking member of the Senate Committee on Homeland Security yesterday called the gaffe "shocking" and said the information "provides a road map to those who would do us harm."
Other senators today expressed similar concerns during a previously scheduled hearing on intelligence reform and terrorism prevention. Sen. John Ensign (R-Nev.) called the breach a "serious matter" and asked DHS Assistant Secretary for Policy David Heyman whether the people who authorized the posting had also been put on administrative leave.
"We do not want a scapegoat here," Heyman said.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts