TSA officials put on administrative leave after security lapse
DHS head promises full investigation into matter
Computerworld - The United States Department of Homeland Security (DHS) has placed several employees on administrative leave for their role in the recent exposure of a document containing detailed information on the passenger screening procedures used by Transportation Security Administration (TSA) officials at U.S. airports.
DHS Secretary Janet Napolitano told members of the Senate Judiciary Committee this morning that the breach was caused by a contract worker who failed to properly redact sensitive information from the document before posting it on a publicly accessible federal government Web site.
The contract worker and immediate supervisors have been placed on leave while the matter is investigated by DHS Inspector General Richard Skinner and by the TSA's Office of Inspections, Napolitano told the committee. Her comments came during testimony for a previously scheduled hearing when she was asked about the data breach.
Responding to those questions, Napolitano reassured the committee that the security of the travelling public had not been compromised. "We have already initiated personnel actions against the individual involved. We have already instituted an internal review to see what else needs to be done," to prevent similar incidents in future, she said.
Napolitano also said she has ordered a department-wide review to ensure that the DHS is being "rigorous and very disciplined" about what it posts online.
Her comments come amid widespread concerns over the security lapse, which resulted in a TSA manual detailing sensitive procedures for airport passenger and luggage screening being publicly posted. The document was posted as part of a TSA contract solicitation process on the Federal Business Opportunities Web. A blogger discovered the manual on Sunday and posted links to it on his Web site. Though the original document has since been removed by the TSA, numerous copies of it are freely available on the Web.
The exposed material included details on TSA procedures for screening passengers, special rules for handling the CIA, diplomats and law enforcement officials and the technical settings and tolerances used by metal and explosive detectors used at airports. It also included information on the frequency with which checked bags are to be hand-screened for explosives, the names of 12 countries whose citizens are automatically sent to secondary screening and a list of items for which screening is not always required.
Each page of the document warns that the information is sensitive and should be only released on a "need to know" basis.
The TSA itself has maintained that the document was outdated and has downplayed the seriousness of the data.
Sen. Susan Collins (R-Maine) ranking member of the Senate Committee on Homeland Security yesterday called the gaffe "shocking" and said the information "provides a road map to those who would do us harm."
Other senators today expressed similar concerns during a previously scheduled hearing on intelligence reform and terrorism prevention. Sen. John Ensign (R-Nev.) called the breach a "serious matter" and asked DHS Assistant Secretary for Policy David Heyman whether the people who authorized the posting had also been put on administrative leave.
"We do not want a scapegoat here," Heyman said.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!