ID program for transport workers called vulnerable

Significant security gaps exist in the DHS program, inspector general says

The Department of Homeland Security (DHS) must address significant security vulnerabilities in its Transportation Worker Identification Credential (TWIC) program before rolling out the system, according to a redacted report released this week by Richard Skinner, the DHS's inspector general (download PDF).

When fully implemented, the TWIC program, now in its pilot phase, will use biometrics to confirm the identities of up to 6 million workers across all transportation industry sectors.

"We determined that significant security vulnerabilities existed relative to the TWIC prototype systems, documentation and program management," Skinner said in the report. "Due to the number and significance of the weaknesses identified, TWIC prototype systems are vulnerable to various internal and external security threats."

The security issues could threaten the confidentiality, integrity and availability of sensitive TWIC data, Skinner said in the report. And until they are corrected, the security flaws jeopardize the certification and accreditation of the identification system prior to its rollout.

Exactly what flaws were identified remains unknown; Skinner redacted all of the specific information about the vulnerabilities from his report. But the report does say that the TWIC system fails to fully comply with requirements of the Federal Information Security Management Act (FISMA).

In addition, Skinner said the DHS needs to update information about how the prototype phase was implemented and tested or spell out what policies need to be in effect prior to its full-fledged implementation. He also said systems contingency plans have not been approved or tested, and system and database administrators have not received specialized security awareness training.

Skinner recommended that officials at the Transportation Security Administration (TSA), which oversees the TWIC program, correct all security vulnerabilities and comply with the FISMA requirements. Officials at the TSA concurred with those recommendations and said they are working to correct the security vulnerabilities.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon