The Transportation Security Administration (TSA) has taken steps to address potential threats to its information technology (IT) systems posted by its trusted insiders including conducting checks and vulnerability assessments, although the agency can take more detailed steps to strengthen its internal security posture, the Department of Homeland Security (DHS) Inspector General (IG) says in a new report.
In addition to conducting vulnerability assessments of its IT infrastructure and from an information security perspective at select airports, the agency also performs compliance checks where employees such as systems administrators have privileged access to information systems and therefore greater opportunity to commit insider attacks, says the report, Transportation Security Administration Has Taken Steps To Address the Insider Threat But Challenges Remain (OIG-12-120).
The report cites research of insider threat incidents by researchers at Carnegie Mellon Univ. of about 400 cases that include fraud, sabotage and intellectual property theft in the United States against critical infrastructures.
The report also says that TSA has established an agency-wide Insider Threat Working Group to develop a strategy to prevent, and detect against, insider threats, and an Insider Threat Section that helps to oversee and implement the insider threat program as well as develop and promote related policies.
TSA also has a Security Operations Center that monitors its computer networks and information systems daily.
As for challenges, the IG says that TSA can further improve its insider threat program by clearly computing with its employees how they can mitigate these threats. The IG also says that the agency needs to implement a risk management plan related to the insider threat so that its employees can address risk consistently.
TSA lacks a training and awareness program for its employees, contractors and partners regarding the insider threat, the report says. Such a program would help provide the necessary knowledge to these groups. It also says that the agency needs “protective measures to detect or prevent instances where unauthorized employees using portable media devices (e.g., universal serial buses, or USBs) to copy or remove sensitive data from desktop and laptop computers.”
TSA concurred with two of the IG’s recommendations to provide policy and procedures for its Insider Threat Management program and to implement a training and awareness program for its workforce.
However, the agency disagreed with recommendation—which is partially redacted in the report—related to USBs, saying this wouldn’t be feasible.
TSA also disagreed with a recommendation that system administrators should limit the size of email file attachments if there is no legitimate business need for them, noting that such controls can be tailored based on users roles and accounts. The agency said that its existing physical and automated controls prevent inadvertent access to sensitive data.