Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/8/2005
02:53 PM
50%
50%

Another Casualty For Homeland Security

Nowhere has the government's struggle to keep the country safe while at the same time preserving individual liberties been more pronounced than at the Transportation Security Administration. On 9/11 air travel proved to be the weakest link in national security, and a lot of money and effort has since been spent to correct this. Now TSA, which launched in 2002 with ambitious and uncompromising goals of using technology and manpower to keep the airways from again being used as instruments of terro

Nowhere has the government's struggle to keep the country safe while at the same time preserving individual liberties been more pronounced than at the Transportation Security Administration. On 9/11 air travel proved to be the weakest link in national security, and a lot of money and effort has since been spent to correct this. Now TSA, which launched in 2002 with ambitious and uncompromising goals of using technology and manpower to keep the airways from again being used as instruments of terrorism, is shriveling. This isn't necessarily a good thing, despite the controversy surrounding its No-Fly list and Secure Flight initiative.It's not easy to succeed when one of your flagship programs, the No-Fly list, is most famous for snaring Sen. Ted Kennedy and former pop star Cat Stevens. And TSA's Secure Flight program, which emerged from the ashes of its controversial CAPPS II program, was repeatedly pointed to this week by the new Homeland Security Data Privacy and Integrity Advisory Committee as a place for it to begin examining how government can do a better job of protecting the country without trampling on civil liberties.

Now comes word that TSA administrator David Stone will in June step down from his post. He's leaving, or being asked by the Bush administration to leave, depending upon whom you listen to, as the third TSA administrator in as many years, following in the footsteps of John Magaw and Adm. James Loy.

Any explanation of Stone's upcoming departure would be speculation at this point, but that won't stop me from pointing out that many of TSA's programs are being absorbed by other areas of Homeland Security's Directorate of Border and Transportation Security. Although the Bush administration has requested more than $5.5 million for TSA in its fiscal 2006 budget, up from the $5.4 billion approved for 2005, zero dollars would be allocated to TSA's Secure Flight, Crew Vetting, and Registered Traveler programs. In fact these programs, plus the Transportation Worker Identification Credential and hazardous materials driver's license screening initiatives, are being transferred to Border and Transportation Security's Screening Coordination Office.

That leaves the still very important, although not quite as innovative, role of hiring and training baggage and passenger screening personnel to TSA, right? Not so fast--the department has the ability to turn more of this work over to private companies.

Why might TSA's dismantling be a bad thing (or at least not a good thing)? It doesn't solve any of the problems that plagued the agency. The No-Fly list will likely persist because there's little public oversight governing its existence, but Secure Flight won't get off the ground until there's some policy guiding how Homeland Security is allowed to use the personal information it collects about travelers.

In fact, several members of the Data Privacy and Integrity Advisory Committee hold up Secure Flight as an example of where their work should begin. A careful examination of Secure Flight will put the pieces in place, said Jerry Berman, president of the Center for Democracy and Technology, when speaking this week before the committee during its inaugural meeting. Simply sliding Secure Flight and other screening programs over to other areas of Homeland Security exacerbates the problem. "You can't reconcile national security and civil liberties if work is done uncoordinated and in too many places," Berman added.

In fairness to TSA and the rest of Homeland Security, theirs is a difficult job. The whole department was likely conceived as government officials watched the Pentagon burn on 9/11. Speaking before the new committee this week, Penrose Albright, assistant secretary of Homeland Security's Science and Technology Directorate, pointed out that a simple fact of national security is that the government, in doing its job, runs across a variety of sensitive information, including names, addresses, and Social Security numbers. "You need this to do your job, even if it makes people uncomfortable," Albright said.

It will likely take awhile before the advisory committee produces any meaningful insight that Homeland Security can use to evaluate its mission and conduct. During that time, the department's reorganization will continue. Let's hope changes such as those to TSA don't simply mask the challenges that the department faces.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.