IG: Holes exist in Homeland Security RFID systems
- By Alice Lipowicz
- Aug 22, 2006
The Homeland Security Department has gaps in the security controls for its Radio Frequency Identification systems, according to a new report
from the agency Inspector General Richard Skinner.
Skinner examined RFID systems DHS uses:
- The Global Enrollment System and the Free and Secure Trade (Fast) program, both operated by Customs and Border Protection, to enroll "trusted travelers" who frequently cross the borders; and
- The U.S.-Visitor and Immigrant Status Indicator Technology Automated Identification Management System, in which foreigners who leave the United Stages at certain land ports receive documents containing RFID tags. If they wish to re-enter, they must display the documents.
Overall, the audits found good physical security controls on the RFID systems. However, there are no department policies and procedures regarding management and protection of the systems, according to the IG. And there also is a lack of security planning while systems are in development and inadequate security controls on databases associated with the RFID systems.
Furthermore, operating procedures for RFID systems, including procedures to safeguard unused tags and destroy damaged tags, are either incomplete or are not being followed consistently.
"These security-related concerns, if not addressed, increase the potential for unauthorized access to DHS resources and data," the report said.
Departmental officials agreed with the findings and are taking steps to implement improvements, the report said. Some of the findings have been noted in separate reports.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.