Skinner: Screening system needs stronger controls

Greatest potential threat is within the department itself

The Homeland Security Department has deployed robust information technology security controls to protect personal information for air travelers within its Automated Targeting System, but a few key vulnerabilities remain, according to a new report from the department's inspector general.

The automated targeting system is a risk assessment tool that evaluates air passengers' personally identifiable information from numerous databases and assigns a risk score to each traveler. The system has been criticized by privacy advocates since it first drew widespread attention when described in a Privacy Act notice a year ago, but it has been operating for more than a decade in various forms.

To protect privacy, DHS has established robust operational and system security controls on the targeting system, Inspector General Richard Skinner concluded. These include access controls that limit accessibility to the system data to specific users based on their responsibilities and roles in the program, with passwords and privacy awareness training to ensure those limits are enforced. The system also has network protections, including firewalls and encryption.

"Customs and Border Protection is effectively employing these controls in protecting individuals' personally identifiable information," the IG report states.

However, the agency needs to be vigilant in ensuring the controls are up-to-date and properly authorized. Specifically, there need to be periodic reviews of users' access privileges, checks to make sure that old accounts are disabled and independent internal reviews to make sure that passwords and software patches are being used correctly, Skinner wrote.

Ongoing attention is needed to protect against potential threats to the system from DHS' own employees and ex-employees, the IG said. "The greatest risk to the security and privacy of the personally identifiable information housed in the Automated Targeting System stems from insider threats."

Strengthening IT security controls at DHS and other federal agencies has been an active area of contracting opportunity for several years.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.