Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Government Contracting gone Wrong

One part of the efforts being implemented by the United States to make air travel safer (and in many people's minds more frustrating) is a watchlist that identifies travellers who might not have the US's best interests at heart. As with any list of names there are quite a number of false positives, people whose only threat is that they share a name with someone who is a threat. To make the process of air travel simpler for those who are these false positives, the TSA established a website to help expedite the security process for affected individuals.

The only problem was that the site had some serious security problems, which were first exposed last year in a highly public manner. Following the great public outcry over the security weaknesses a Congress Committee has now released a report into the weaknesses of the site.

Key findings from the report include the discovery that the site was created through a no-bid contracting process that was set up such that the only company that could possibly deliver the site was the company awarded the project. Further to this, the TSA official in charge of the project was an ex-employee of the contractor. Having the TSA become heavily reliant upon the contractor for Information Technology expertise is not necessarily a problem - if the agency held the expertise then it would not have needed the contractor, but becoming overly reliant is a significant risk that can see contractors exert undue pressure over government agencies, including establishing system parameters and work practices that effectively exclude other contractors from any future bidding processes.

In the five months that the site was active before the security weaknesses were publicised and the site taken down, thousands of people used the site and several hundred travellers provided detailed personal information through the site.

21 January 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.