Risk
6/25/2012
03:50 PM
50%
50%

TSA Wants To Monitor Employee Computer Activities

Transportation Security Administration seeks software to monitor employee keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits.

Top 14 Government Social Media Initiatives
Top 14 Government Social Media Initiatives
(click image for larger view and for slideshow)
The Transportation Security Administration is looking for better ways to guard against insider threats and wants tools that can keep a close eye on employee computer activities.

The agency issued a Sources Sought solicitation in FedBizOpps on June 20, looking for software able to monitor and log a wide range of activities, including keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits. The solicitation specifies that end users must not be able to tell they are being monitored, and must not be able to "kill" the monitoring.

The software must have the ability to monitor Windows OS, but the solicitation notes it also potentially should have the ability to monitor Mac OS X, as well.

Many of the capabilities TSA is looking for are commercially available now, but are used primarily for computer forensics, to look at activities after they have happened, said Chet Hosmer, VP and chief scientist with WetStone Technologies, a subsidiary of Allen Corporation that specializes in investigative software.

[ Insider threat? Outsider threat? The feds have to deal with them all. Read Feds Bust Hacker For Selling Government Supercomputer Access. ]

"Certainly over the last several years the focus on insider threats has become more prevalent than outsider threats," Hosmer said in an interview. "When we think about 'insider,' we think about people ... but it's not necessarily a human they're looking for. Devices coming in [to networks] could be the threat vector."

Malware continues to evolve in sophistication, he said, and the means and methods of protecting against it has had to evolve as well. For instance, some malware may insert keystrokes; detection might focus on how fast the keystrokes are being inserted, perhaps faster than a human (or that specific human) can type, he said.

The solicitation does not indicate whether TSA aims to store the vast amount of data such monitoring would generate and analyze it after the fact, or whether it is seeking to implement real- or near-real-time monitoring.

Hosmer thought it unlikely the solicitation was a response to the Wikileaks scandal, where a U.S. soldier has been accused of leaking thousands of pages of documents to the public by making them available for posting to the Web.

"Most of the leaks from Wikileaks came from overseas, not here. I haven't heard a lot of chatter about that at all," he said. "I think this solicitation is more serious than that. It sounds broader, the kinds of information they want to monitor ... potentially across agencies. Will contractors be involved? Will their systems be monitored, as well? How's that going to work?"

In an interesting bit of timing, the White House Office of Special Counsel issued a memo on employee monitoring policies to Executive Branch departments and agencies the same day TSA released its solicitation. The OSC warned agencies against using monitoring as a way of muzzling whistleblowers. OSC spokeswoman Ann O'Hanlon said the timing was purely coincidental.

She said the government generally is able to monitor users' computer use, as long as it provides disclosure up front that they are being monitored.

The Office of Management and Budget demands that federal agencies tap into a more efficient IT delivery model. The new Shared Services Mandate issue of InformationWeek Government explains how they're doing it. Also in this issue: Uncle Sam should develop an IT savings dashboard that shows the returns on its multibillion-dollar IT investment. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rharrold92201
50%
50%
rharrold92201,
User Rank: Apprentice
6/26/2012 | 3:40:04 AM
re: TSA Wants To Monitor Employee Computer Activities
TSA employees' computer activities being tracked should not be of any concern to anyone. The "quasi" enforcement organization will only be monitored as is most all government and private computer users' networks. U.S. Customs/DHS, BP, INS, DEA, FBI, and most other law enforcement agencies have for years provided recall features in their computer systems allowing internal affairs and other authorized officers to 'real time' monitor line activies and to review and replay officers' online activity. Plus, with little effort, analysis of online activity provides the means to target, monitor, predict and use as evidence, activities on computer systems that violate law and procedures. For an already questionable intrusion/misguided, overly expensive, deterrent system such as TSA ...to question the propriety of monitoring and using the information gleaned is ludicrous. Consider that users of any Internet link are already exposing themselves to continous surveillance, analysis, and predictive observation why should an organization who has been given the right to make the 4th Amendment the laughing stock of the world be any less exposed to scrutiny?
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/26/2012 | 1:40:10 AM
re: TSA Wants To Monitor Employee Computer Activities
I am a little surprised and disturbed the TSA isn't already doing this. There are a number of cases for doing this, not the least of which is preventing data leaks and policy violations that compromise security.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.