Inspector General Gives TSA Failing Marks On Cybersecurity

Inspector General Gives TSA Failing Marks On Cybersecurity

WASHINGTON DC – Five years of Department of Homeland Security audits have revealed, to the surprise of few and the dismay of all, that the TSA is as great at cybersecurity as it is at customer service.

The final report from the DHS Office of Inspector General details serious persistent problems with TSA staff’s handling of IT security protocols. These issues include servers running software with known vulnerabilities, no incident report process in place, and zero physical security protecting critical IT systems from unauthorized access.

What we’re talking about here are the very basics of IT security, and the TSA has been failing at these quite spectacularly for some time.

The report centers on the the way TSA (mis)handles security around the data management system which connects airport screening equipment to centralized servers. It’s called the Security Technology Integrated Program (STIP), and TSA has been screwing it up security-wise since at least 2012.

In essence, TSA employees haven’t been implementing STIP properly — that is, when they’ve been implementing it at all.

STIP manages data from devices we see while going through security lines at airports, namely explosive detection systems, x-ray and imaging machines, and credential authentication.

To read the rest of this story, click on http://www.engadget.com/2016/05/20/the-tsa-is-failing-spectacularly-at-cybersecurity/

By |2016-05-22T12:50:02-04:00May 22nd, 2016|Cyber Defense|

Share This Story, Choose Your Platform!

About the Author: