Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/8/2005
02:53 PM
50%
50%

Another Casualty For Homeland Security

Nowhere has the government's struggle to keep the country safe while at the same time preserving individual liberties been more pronounced than at the Transportation Security Administration. On 9/11 air travel proved to be the weakest link in national security, and a lot of money and effort has since been spent to correct this. Now TSA, which launched in 2002 with ambitious and uncompromising goals of using technology and manpower to keep the airways from again being used as instruments of terro

Nowhere has the government's struggle to keep the country safe while at the same time preserving individual liberties been more pronounced than at the Transportation Security Administration. On 9/11 air travel proved to be the weakest link in national security, and a lot of money and effort has since been spent to correct this. Now TSA, which launched in 2002 with ambitious and uncompromising goals of using technology and manpower to keep the airways from again being used as instruments of terrorism, is shriveling. This isn't necessarily a good thing, despite the controversy surrounding its No-Fly list and Secure Flight initiative.It's not easy to succeed when one of your flagship programs, the No-Fly list, is most famous for snaring Sen. Ted Kennedy and former pop star Cat Stevens. And TSA's Secure Flight program, which emerged from the ashes of its controversial CAPPS II program, was repeatedly pointed to this week by the new Homeland Security Data Privacy and Integrity Advisory Committee as a place for it to begin examining how government can do a better job of protecting the country without trampling on civil liberties.

Now comes word that TSA administrator David Stone will in June step down from his post. He's leaving, or being asked by the Bush administration to leave, depending upon whom you listen to, as the third TSA administrator in as many years, following in the footsteps of John Magaw and Adm. James Loy.

Any explanation of Stone's upcoming departure would be speculation at this point, but that won't stop me from pointing out that many of TSA's programs are being absorbed by other areas of Homeland Security's Directorate of Border and Transportation Security. Although the Bush administration has requested more than $5.5 million for TSA in its fiscal 2006 budget, up from the $5.4 billion approved for 2005, zero dollars would be allocated to TSA's Secure Flight, Crew Vetting, and Registered Traveler programs. In fact these programs, plus the Transportation Worker Identification Credential and hazardous materials driver's license screening initiatives, are being transferred to Border and Transportation Security's Screening Coordination Office.

That leaves the still very important, although not quite as innovative, role of hiring and training baggage and passenger screening personnel to TSA, right? Not so fast--the department has the ability to turn more of this work over to private companies.

Why might TSA's dismantling be a bad thing (or at least not a good thing)? It doesn't solve any of the problems that plagued the agency. The No-Fly list will likely persist because there's little public oversight governing its existence, but Secure Flight won't get off the ground until there's some policy guiding how Homeland Security is allowed to use the personal information it collects about travelers.

In fact, several members of the Data Privacy and Integrity Advisory Committee hold up Secure Flight as an example of where their work should begin. A careful examination of Secure Flight will put the pieces in place, said Jerry Berman, president of the Center for Democracy and Technology, when speaking this week before the committee during its inaugural meeting. Simply sliding Secure Flight and other screening programs over to other areas of Homeland Security exacerbates the problem. "You can't reconcile national security and civil liberties if work is done uncoordinated and in too many places," Berman added.

In fairness to TSA and the rest of Homeland Security, theirs is a difficult job. The whole department was likely conceived as government officials watched the Pentagon burn on 9/11. Speaking before the new committee this week, Penrose Albright, assistant secretary of Homeland Security's Science and Technology Directorate, pointed out that a simple fact of national security is that the government, in doing its job, runs across a variety of sensitive information, including names, addresses, and Social Security numbers. "You need this to do your job, even if it makes people uncomfortable," Albright said.

It will likely take awhile before the advisory committee produces any meaningful insight that Homeland Security can use to evaluate its mission and conduct. During that time, the department's reorganization will continue. Let's hope changes such as those to TSA don't simply mask the challenges that the department faces.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21427
PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in v...
CVE-2021-21426
PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework ...
CVE-2020-36324
PUBLISHED: 2021-04-21
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
CVE-2020-28973
PUBLISHED: 2021-04-21
The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfig...
CVE-2021-29456
PUBLISHED: 2021-04-21
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any...