Site menu:

Welcome | Products & Services | Security Portal | Commentary | Employment | FAQ | Privacy |

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Government Contracting gone Wrong

One part of the efforts being implemented by the United States to make air travel safer (and in many people's minds more frustrating) is a watchlist that identifies travellers who might not have the US's best interests at heart. As with any list of names there are quite a number of false positives, people whose only threat is that they share a name with someone who is a threat. To make the process of air travel simpler for those who are these false positives, the TSA established a website to help expedite the security process for affected individuals.

The only problem was that the site had some serious security problems, which were first exposed last year in a highly public manner. Following the great public outcry over the security weaknesses a Congress Committee has now released a report into the weaknesses of the site.

Key findings from the report include the discovery that the site was created through a no-bid contracting process that was set up such that the only company that could possibly deliver the site was the company awarded the project. Further to this, the TSA official in charge of the project was an ex-employee of the contractor. Having the TSA become heavily reliant upon the contractor for Information Technology expertise is not necessarily a problem - if the agency held the expertise then it would not have needed the contractor, but becoming overly reliant is a significant risk that can see contractors exert undue pressure over government agencies, including establishing system parameters and work practices that effectively exclude other contractors from any future bidding processes.

In the five months that the site was active before the security weaknesses were publicised and the site taken down, thousands of people used the site and several hundred travellers provided detailed personal information through the site.

21 January 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.

More information:

Subscribe to our feed.

Commentary & Insight From Sûnnet Beskerming20242023202220212020201920182017201620152014201320122011201020092008 - December - November - October - September - August - July - June - May - April - March - February - JanuaryForcing users to Update SoftwareWhat's Your Website Hiding?SCADA ConcernsOverreacting to Security Theatre is HarmfulGovernment Contracting gone WrongProblems with Universal Plug and Play (UPnP) Demonstrate Blended Threat riskScareware makes it to the MacMicrosoft warn of Excel ProblemsUnderstanding the Enemy by Inviting them inDoes the new QuickTime 0-day mean Apple has Problems with Patching?Geeks.com Suffers CompromiseIgnorance is no ExcuseEthical Boundaries in Information Security ResearchMicrosoft Security Patch Advance Notification January 2008Information Security Ups and Downs Down UnderTragedy Strikes Chinese Search Engine Giant200720062005

Site Guardian

Reach Us:

Reach us at
info@beskerming.com

Reach us via IM

Jabber:
Server - jabber.org.au Account - Sunnet.Beskerming

AIM / iChat:
sunnetbeskerming

ICQ:
339742914

Google Talk:
Sunnet.Beskerming

Yahoo! Messenger:
sunnet.beskerming

MSN:
info@beskerming.com

Testimonials

"...extremely timely, accurate reporting..."

"...honesty which is refreshing..."

Copyright © 2005-2011 Sûnnet Beskerming Pty. Ltd. Design by Andreas Viklund.