Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

TSA Wants To Monitor Employee Computer Activities

Transportation Security Administration seeks software to monitor employee keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits.

Top 14 Government Social Media Initiatives
Top 14 Government Social Media Initiatives
(click image for larger view and for slideshow)
The Transportation Security Administration is looking for better ways to guard against insider threats and wants tools that can keep a close eye on employee computer activities.

The agency issued a Sources Sought solicitation in FedBizOpps on June 20, looking for software able to monitor and log a wide range of activities, including keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits. The solicitation specifies that end users must not be able to tell they are being monitored, and must not be able to "kill" the monitoring.

The software must have the ability to monitor Windows OS, but the solicitation notes it also potentially should have the ability to monitor Mac OS X, as well.

Many of the capabilities TSA is looking for are commercially available now, but are used primarily for computer forensics, to look at activities after they have happened, said Chet Hosmer, VP and chief scientist with WetStone Technologies, a subsidiary of Allen Corporation that specializes in investigative software.

[ Insider threat? Outsider threat? The feds have to deal with them all. Read Feds Bust Hacker For Selling Government Supercomputer Access. ]

"Certainly over the last several years the focus on insider threats has become more prevalent than outsider threats," Hosmer said in an interview. "When we think about 'insider,' we think about people ... but it's not necessarily a human they're looking for. Devices coming in [to networks] could be the threat vector."

Malware continues to evolve in sophistication, he said, and the means and methods of protecting against it has had to evolve as well. For instance, some malware may insert keystrokes; detection might focus on how fast the keystrokes are being inserted, perhaps faster than a human (or that specific human) can type, he said.

The solicitation does not indicate whether TSA aims to store the vast amount of data such monitoring would generate and analyze it after the fact, or whether it is seeking to implement real- or near-real-time monitoring.

Hosmer thought it unlikely the solicitation was a response to the Wikileaks scandal, where a U.S. soldier has been accused of leaking thousands of pages of documents to the public by making them available for posting to the Web.

"Most of the leaks from Wikileaks came from overseas, not here. I haven't heard a lot of chatter about that at all," he said. "I think this solicitation is more serious than that. It sounds broader, the kinds of information they want to monitor ... potentially across agencies. Will contractors be involved? Will their systems be monitored, as well? How's that going to work?"

In an interesting bit of timing, the White House Office of Special Counsel issued a memo on employee monitoring policies to Executive Branch departments and agencies the same day TSA released its solicitation. The OSC warned agencies against using monitoring as a way of muzzling whistleblowers. OSC spokeswoman Ann O'Hanlon said the timing was purely coincidental.

She said the government generally is able to monitor users' computer use, as long as it provides disclosure up front that they are being monitored.

The Office of Management and Budget demands that federal agencies tap into a more efficient IT delivery model. The new Shared Services Mandate issue of InformationWeek Government explains how they're doing it. Also in this issue: Uncle Sam should develop an IT savings dashboard that shows the returns on its multibillion-dollar IT investment. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rharrold92201
50%
50%
rharrold92201,
User Rank: Apprentice
6/26/2012 | 3:40:04 AM
re: TSA Wants To Monitor Employee Computer Activities
TSA employees' computer activities being tracked should not be of any concern to anyone. The "quasi" enforcement organization will only be monitored as is most all government and private computer users' networks. U.S. Customs/DHS, BP, INS, DEA, FBI, and most other law enforcement agencies have for years provided recall features in their computer systems allowing internal affairs and other authorized officers to 'real time' monitor line activies and to review and replay officers' online activity. Plus, with little effort, analysis of online activity provides the means to target, monitor, predict and use as evidence, activities on computer systems that violate law and procedures. For an already questionable intrusion/misguided, overly expensive, deterrent system such as TSA ...to question the propriety of monitoring and using the information gleaned is ludicrous. Consider that users of any Internet link are already exposing themselves to continous surveillance, analysis, and predictive observation why should an organization who has been given the right to make the 4th Amendment the laughing stock of the world be any less exposed to scrutiny?
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/26/2012 | 1:40:10 AM
re: TSA Wants To Monitor Employee Computer Activities
I am a little surprised and disturbed the TSA isn't already doing this. There are a number of cases for doing this, not the least of which is preventing data leaks and policy violations that compromise security.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15703
PUBLISHED: 2020-10-31
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.