Skinner: Screening system needs stronger controls

Greatest potential threat is within the department itself

The Homeland Security Department has deployed robust information technology security controls to protect personal information for air travelers within its Automated Targeting System, but a few key vulnerabilities remain, according to a new report from the department's inspector general.

The automated targeting system is a risk assessment tool that evaluates air passengers' personally identifiable information from numerous databases and assigns a risk score to each traveler. The system has been criticized by privacy advocates since it first drew widespread attention when described in a Privacy Act notice a year ago, but it has been operating for more than a decade in various forms.

To protect privacy, DHS has established robust operational and system security controls on the targeting system, Inspector General Richard Skinner concluded. These include access controls that limit accessibility to the system data to specific users based on their responsibilities and roles in the program, with passwords and privacy awareness training to ensure those limits are enforced. The system also has network protections, including firewalls and encryption.

"Customs and Border Protection is effectively employing these controls in protecting individuals' personally identifiable information," the IG report states.

However, the agency needs to be vigilant in ensuring the controls are up-to-date and properly authorized. Specifically, there need to be periodic reviews of users' access privileges, checks to make sure that old accounts are disabled and independent internal reviews to make sure that passwords and software patches are being used correctly, Skinner wrote.

Ongoing attention is needed to protect against potential threats to the system from DHS' own employees and ex-employees, the IG said. "The greatest risk to the security and privacy of the personally identifiable information housed in the Automated Targeting System stems from insider threats."

Strengthening IT security controls at DHS and other federal agencies has been an active area of contracting opportunity for several years.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.