TSA Security Breach: What's Next?

After a TSA operating manual was published online, what is next? How does TSA recover and ensure that security will not be breached at America's airports?

The 93-page instruction manual was written for airport screeners, providing details on how screening is conducted and the limitations of X-ray machines. It was posted on a Web site for government contractors, with sensitive parts redacted -- but the redacted information was not properly protected, and the information was restored by people familiar with the computer program. The manual was dated May 2008, but the TSA said it was never implemented and has been revised six times, although it did not elaborate on the extent of the revisions. It said the report was removed as soon as it learned of the problem, but the full, unredacted version of the report appeared on at least one Web site Sunday and was distributed more widely Tuesday.

Chris Wacker, senior vice president for Laserfiche, told Security magazine that the person who released the document did not understand how to properly redact an electronic document. The TSA simply drew black rectangles over the sensitive areas. The PDF still contained the sensitive text in the text layer of the document. This means that anyone can simply select all in the document, copy and paste somewhere else to see all the text. It only requires basic computer literacy to circumvent the redaction, he said.

If the TSA had been using a certified electronic document management solution, he suggested, this problem would have been much less likely to have happened. Redaction can be set up to automatically “burn in” the redaction whenever a document is exported. This means that it is not possible to circumvent the redaction, because the text is removed from the image and from the text layer. This lapse, he said, shows a profound lack of understanding of electronic documents at the TSA.

A DHS official noted that the erroneous posting is more a PR nightmare than a security hazard because TSA manuals are popular within the aviation society. TSA officials told CNN that the agency was conducting an internal review of the case. "TSA has many layers of security to keep the traveling public safe and to constantly adapt to evolving threats. TSA is confident that screening procedures currently in place remain strong," the agency announced in a statement.

Yet, yesterday, TSA put five of its employees on administrative leave.

What's next for travelers and airport security? At a hearing on Wedesday, Homeland Security Secretary Janet Napolitano told a Senate Judiciary Committee that “the traveling public was not at risk.” The agency has instituted an internal review of the incident "to see what else needs to be done so that the incident never recurs," she said, and the Department of Homeland Security has asked its inspector general to conduct an independent review "to make sure that we are being rigorous and very disciplined on what is posted and what is not."

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

TSA Security Breach: What's Next?

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

TSA Security Breach: What's Next?

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.