Re: stripped searched (pocket knife)


"NotABushSupporter" <user@xxxxxxxx> wrote in message
news:SaydnVJoPNTVKMzbnZ2dnUVZ_h7inZ2d@xxxxxxxxxxxxxx
me wrote:



In many places the TSA type federal officials would have been more
likely. It isn't clear why she chose the federal official instead of
the
state or local official. It is clear that it is absurd to justify an
entire
department of the federal government for this local level issue.


Who said this event justifies the existence of the TSA?

"Maybe even the TSA has doubts about itself:

If security is a culture, what happened at the TSA?
http://blogs.techrepublic.com.com/tech-manager/?p=304&tag=nl.e101

* Date: May 20th, 2007
* Blogger: Ramon Padilla
* Category: General, Data Accountability, Data Security, Data Breach
* Tags: Security, Transportation Security Administration, Ramon Padilla

Just in case you missed it, the Transportation Security Administration (TSA)
is missing a hard drive containing some 100,000 current and former employee
payroll records. The missing data contains names, Social Security numbers,
payroll information, bank account, and routing information.

The hard drive was discovered missing last Thursday (May 3, 2007) from a TSA
controlled security area. By Friday, the agency began notifying affected
employees. The missing data covers TSA personnel employed by the agency from
January 2002 through August of 2005.

Obviously, this has caused a stir among TSA employees, Homeland Defense, and
of course, Congress and the White House. I'm still shaking my head about
this one.
The reason I am so perplexed is that I have always preached that security is
a culture and that it is not something you "do," but a lifestyle, so to
speak. Organizations that have cultivated a security culture have ingrained
it in their employees that you think about security in everything you do.
Furthermore, there are serious consequences to those that slip up and
violate security policy.

Having said that, one would think that the TSA - an arm of Homeland
Security - would have this culture of security. Yet kapow! A doozy of a
breach like this pops up. What gives?

My guess is that - contrary to what many might think (or maybe not) - the
TSA lacks this culture of security, and here are my reasons for saying so:

* The TSA is a young organization; it is not quite six years old. It was
created on paper on November 19, 2001 in the wake of 9/11.
* It was initially an arm of the Department of Transportation and was
tasked by Congress to "recruit, assess, hire, train, and deploy Security
Officers for 450 commercial airports from Guam to Alaska in the span of 12
months."
* The organization moved from Transportation to Homeland Security in
March 2003. Homeland Security is only four years old and on its second
director.

Given the above factors - a hurried creation, a massive and rushed hiring
effort, four significant changes in leadership, and a workforce that, for
the most part, is "tolerated" by travelers; and you have to wonder if the
organization has a culture at all!

Please do not take this as a diatribe against the hard-working employees at
the TSA, because it is not. It is just recognition that given the
circumstances under which it was created, the organizational changes it has
undergone, and the enormity of its responsibilities, it's not surprising
that this has happened after all.

Additionally, the fact that the position of Cyber Security Chief has been
held by four different individuals since Homeland Security was created and
you realize that the TSA is bound to have more than its share of IT security
challenges; I'm sure we just haven't heard about them all.

It's tough in any organization that has had this much change to create a
culture that does much of anything correctly. Add in the fact that TSA is an
outward facing organization (unlike the CIA which is constantly examining
its belly button) and is more focused on catching the bad guy out there
rather than wondering if there is one in their midst, and the fact that IT
security is often talked about but rarely acted upon and we begin to see the
challenges TSA faces every day.

Given all this information, should one excuse this massive breach in
security? Of course not! We just now have a little more context in which to
understand how something like this can happen and the knowledge to know that
it is going to take some serious effort to remedy the situation. This effort
has to be implemented from the top down and be more than lip service if the
TSA is going to prevent something like this from happening again.

On the bright side (if there is one), in order for large bureaucracies to
learn anything, it often takes something catastrophic to make them change.
Perhaps this will be the jolt that sends TSA and its management in the right
direction concerning IT security. This is small comfort for TSA employees
today - and selfish on my part - but I would prefer the lesson be learned
now rather than after a breach of confidential data from the millions of
records it must hold regarding passengers. That scenario is just plain
scary!"


.

Loading