Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/8/2005
02:53 PM
50%
50%

Another Casualty For Homeland Security

Nowhere has the government's struggle to keep the country safe while at the same time preserving individual liberties been more pronounced than at the Transportation Security Administration. On 9/11 air travel proved to be the weakest link in national security, and a lot of money and effort has since been spent to correct this. Now TSA, which launched in 2002 with ambitious and uncompromising goals of using technology and manpower to keep the airways from again being used as instruments of terro

Nowhere has the government's struggle to keep the country safe while at the same time preserving individual liberties been more pronounced than at the Transportation Security Administration. On 9/11 air travel proved to be the weakest link in national security, and a lot of money and effort has since been spent to correct this. Now TSA, which launched in 2002 with ambitious and uncompromising goals of using technology and manpower to keep the airways from again being used as instruments of terrorism, is shriveling. This isn't necessarily a good thing, despite the controversy surrounding its No-Fly list and Secure Flight initiative.It's not easy to succeed when one of your flagship programs, the No-Fly list, is most famous for snaring Sen. Ted Kennedy and former pop star Cat Stevens. And TSA's Secure Flight program, which emerged from the ashes of its controversial CAPPS II program, was repeatedly pointed to this week by the new Homeland Security Data Privacy and Integrity Advisory Committee as a place for it to begin examining how government can do a better job of protecting the country without trampling on civil liberties.

Now comes word that TSA administrator David Stone will in June step down from his post. He's leaving, or being asked by the Bush administration to leave, depending upon whom you listen to, as the third TSA administrator in as many years, following in the footsteps of John Magaw and Adm. James Loy.

Any explanation of Stone's upcoming departure would be speculation at this point, but that won't stop me from pointing out that many of TSA's programs are being absorbed by other areas of Homeland Security's Directorate of Border and Transportation Security. Although the Bush administration has requested more than $5.5 million for TSA in its fiscal 2006 budget, up from the $5.4 billion approved for 2005, zero dollars would be allocated to TSA's Secure Flight, Crew Vetting, and Registered Traveler programs. In fact these programs, plus the Transportation Worker Identification Credential and hazardous materials driver's license screening initiatives, are being transferred to Border and Transportation Security's Screening Coordination Office.

That leaves the still very important, although not quite as innovative, role of hiring and training baggage and passenger screening personnel to TSA, right? Not so fast--the department has the ability to turn more of this work over to private companies.

Why might TSA's dismantling be a bad thing (or at least not a good thing)? It doesn't solve any of the problems that plagued the agency. The No-Fly list will likely persist because there's little public oversight governing its existence, but Secure Flight won't get off the ground until there's some policy guiding how Homeland Security is allowed to use the personal information it collects about travelers.

In fact, several members of the Data Privacy and Integrity Advisory Committee hold up Secure Flight as an example of where their work should begin. A careful examination of Secure Flight will put the pieces in place, said Jerry Berman, president of the Center for Democracy and Technology, when speaking this week before the committee during its inaugural meeting. Simply sliding Secure Flight and other screening programs over to other areas of Homeland Security exacerbates the problem. "You can't reconcile national security and civil liberties if work is done uncoordinated and in too many places," Berman added.

In fairness to TSA and the rest of Homeland Security, theirs is a difficult job. The whole department was likely conceived as government officials watched the Pentagon burn on 9/11. Speaking before the new committee this week, Penrose Albright, assistant secretary of Homeland Security's Science and Technology Directorate, pointed out that a simple fact of national security is that the government, in doing its job, runs across a variety of sensitive information, including names, addresses, and Social Security numbers. "You need this to do your job, even if it makes people uncomfortable," Albright said.

It will likely take awhile before the advisory committee produces any meaningful insight that Homeland Security can use to evaluate its mission and conduct. During that time, the department's reorganization will continue. Let's hope changes such as those to TSA don't simply mask the challenges that the department faces.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13482
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.