TSA officials put on administrative leave after security lapse
DHS head promises full investigation into matter
Computerworld - The United States Department of Homeland Security (DHS) has placed several employees on administrative leave for their role in the recent exposure of a document containing detailed information on the passenger screening procedures used by Transportation Security Administration (TSA) officials at U.S. airports.
DHS Secretary Janet Napolitano told members of the Senate Judiciary Committee this morning that the breach was caused by a contract worker who failed to properly redact sensitive information from the document before posting it on a publicly accessible federal government Web site.
The contract worker and immediate supervisors have been placed on leave while the matter is investigated by DHS Inspector General Richard Skinner and by the TSA's Office of Inspections, Napolitano told the committee. Her comments came during testimony for a previously scheduled hearing when she was asked about the data breach.
Responding to those questions, Napolitano reassured the committee that the security of the travelling public had not been compromised. "We have already initiated personnel actions against the individual involved. We have already instituted an internal review to see what else needs to be done," to prevent similar incidents in future, she said.
Napolitano also said she has ordered a department-wide review to ensure that the DHS is being "rigorous and very disciplined" about what it posts online.
Her comments come amid widespread concerns over the security lapse, which resulted in a TSA manual detailing sensitive procedures for airport passenger and luggage screening being publicly posted. The document was posted as part of a TSA contract solicitation process on the Federal Business Opportunities Web. A blogger discovered the manual on Sunday and posted links to it on his Web site. Though the original document has since been removed by the TSA, numerous copies of it are freely available on the Web.
The exposed material included details on TSA procedures for screening passengers, special rules for handling the CIA, diplomats and law enforcement officials and the technical settings and tolerances used by metal and explosive detectors used at airports. It also included information on the frequency with which checked bags are to be hand-screened for explosives, the names of 12 countries whose citizens are automatically sent to secondary screening and a list of items for which screening is not always required.
Each page of the document warns that the information is sensitive and should be only released on a "need to know" basis.
The TSA itself has maintained that the document was outdated and has downplayed the seriousness of the data.
Sen. Susan Collins (R-Maine) ranking member of the Senate Committee on Homeland Security yesterday called the gaffe "shocking" and said the information "provides a road map to those who would do us harm."
Other senators today expressed similar concerns during a previously scheduled hearing on intelligence reform and terrorism prevention. Sen. John Ensign (R-Nev.) called the breach a "serious matter" and asked DHS Assistant Secretary for Policy David Heyman whether the people who authorized the posting had also been put on administrative leave.
"We do not want a scapegoat here," Heyman said.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts