IG: Holes exist in Homeland Security RFID systems

The Homeland Security Department has gaps in the security controls for its Radio Frequency Identification systems, according to a new report from the agency Inspector General Richard Skinner.

Skinner examined RFID systems DHS uses:
  • The Global Enrollment System and the Free and Secure Trade (Fast) program, both operated by Customs and Border Protection, to enroll "trusted travelers" who frequently cross the borders; and
  • The U.S.-Visitor and Immigrant Status Indicator Technology Automated Identification Management System, in which foreigners who leave the United Stages at certain land ports receive documents containing RFID tags. If they wish to re-enter, they must display the documents.

Overall, the audits found good physical security controls on the RFID systems. However, there are no department policies and procedures regarding management and protection of the systems, according to the IG. And there also is a lack of security planning while systems are in development and inadequate security controls on databases associated with the RFID systems.

Furthermore, operating procedures for RFID systems, including procedures to safeguard unused tags and destroy damaged tags, are either incomplete or are not being followed consistently.

"These security-related concerns, if not addressed, increase the potential for unauthorized access to DHS resources and data," the report said.

Departmental officials agreed with the findings and are taking steps to implement improvements, the report said. Some of the findings have been noted in separate reports.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB