Serious Flaws in Homeland Security IT System

Bob McCarty Writes ^ | 6-9-10 | Bob McCarty

[BobMcCartyWrites]

A recently-released report from the Department of Homeland Security Inspector General Richard L. Skinner reveals serious flaws in the department's computer network.

[BobMcCartyWrites]

Earlier this week, Homeland Security Secretary Janet Napolitano announced what was touted as a "major aviation security milestone". Specifically, she claimed in a news release that 100 percent of passengers traveling within the United States and its territories are now being checked against terrorist watchlists through the Transportation Security Administration's Secure Flight program—a major step in fulfilling a key 9/11 Commission recommendation. Not so fast, Janet!

According to the executive summary of a just-released report from the Department of Homeland Security Inspector General Richard L. Skinner, there are serious flaws in the system:

Systems within the headquarters' enterprise Active Directory domain are not fully compliant with the department's security guidelines, and no mechanism is in place to ensure their level of security. These systems were added to the headquarters domain, from trusted components, before their security configurations were validated. Allowing systems with existing security vulnerabilities into the headquarters domain puts department data at risk of unauthorized access, removal, or destruction.

And that's not all:

Also the department does not have a policy to verify the quality of security configuration on component systems that connect to headquarters. Interconnection security agreements are present for each connections between headquarters and components to secure shared services; however, neither the agreements nor other policy define specific security controls required for connecting systems. Stronger management and technical controls are needed on trusted systems to protect data provided by the department's enterprise wide applications.

What does this mean? The very people charged with protecting the nation from online and offline security threats appear to have failed when it comes to protecting their own information technology systems which, in turn, was supposed to help protect the flying public.

If you "speak" IT and are interested in a more in-depth discussion of the issues, click here.

[Ancient Drive]

transparency... yeah that’s the ticket! transparency!

[FroggyTheGremlim]

If it’s Windows, it’s not secure. Period.

[elk]

ping

[gundog]

Good idea, shootin’ their mouthe off about it. I remember back in the seventies and eighties there’d be little stories in obscure parts of the newspapers about how Fed inspectors were getting things past airport security. Logan was always on the list.

[tacticalogic]

If it’s Windows, it’s not secure. Period.

What is?

[rightwingextremist1776]

has nothing to do with windows and everything to do with security controls and adherence to proper security policy. It’s obvious your understanding of IT security is stuck on stupid.