1. TSA. On June 1,
ABC News reported:
An internal investigation of the Transportation Security
Administration revealed security failures at dozens of the nation's
busiest airports, where undercover investigators were able to smuggle
mock explosives or banned weapons through checkpoints in 95 percent of
trials, ABC News has learned.
The series of tests were conducted by Homeland Security Red Teams who pose as passengers, setting out to beat the system.
According to officials briefed on the results of a recent Homeland
Security Inspector General's report, TSA agents failed 67 out of 70
tests, with Red Team members repeatedly able to get potential weapons
through checkpoints.
The risk of actual weapons getting through was always low, in large part
because there are just not that many people with the desire and the
ability to get an explosive or a weapon onto an airplane. But now we
learn that the TSA would likely not have caught more than a tiny percent
of this tiny percent. So we are not made appreciably safer and, on top
of that, have had to sacrifice our freedom of travel, our convenience
(carrying a bottle of wine on board, for example), our privacy from
intrusive searches by radiation or groping hands, billions of dollars in
tax money, and, by now, billions of hours of our time.
Yet, the acting head of the TSA, Melvin Carraway, has been
"reassigned," not fired). And President Obama's nominee for Administrator of the TSA,
Peter Neffenger, announces his solution:
There may be a need to introduce some inefficiencies to address the recent findings of the inspector general.
Oh joy.
Notice what is not talked about: learning the lesson of United Flight
#93 on 9/11, of the Richard Reid shoe bomber case, and the Detroit
underpants bomber case. The lesson, as
I've written earlier here and
here, is in his Hayek's article
"The Use of Knowledge in Society."
It is that we passengers have the "local knowledge" to handle the
threats from airline terrorists. Will we always do 100%? No, but so far
we
have batted 100%.
2. The federal government's Office of Personnel Management has data
on virtually every federal employee. And now hackers, who might just be
employees of China's government, now have access to those data.
Here, writing in
Wired, are Kim Zetter and Andy Greenberg:
At first, the government said the breach exposed the
personal information of approximately four million people--information
such as Social Security numbers, birthdates and addresses of current and
former federal workers. Wrong.
It turns out the hackers, who are believed to be from China, also
accessed so-called SF-86 forms, documents used for conducting background
checks for worker security clearances. The forms can contain a wealth
of sensitive data not only about workers seeking security clearance, but
also about their friends, spouses and other family members. They can
also include potentially sensitive information about the applicant's
interactions with foreign nationals--information that could be used
against those nationals in their own country.
I recently filled out such a form and took about six or so hours to do
it. It is important to get all the facts right because the employee
signs a statement under threat of perjury that he has. In my case, I
can't think of anything a hostile government would learn from my form
SF-86 that he or she could use to blackmail me. But that's certainly not
the case for every federal employee.
Maybe we can tell ourselves that at least some OPM IT security
employee was enough on top of the job to discover this breach. Even if
that were so, that would be small comfort. But no. Zetter and Greenberg
write:
What's more, in initial media stories about the breach,
the Department of Homeland Security had touted the government's EINSTEIN
detection program, suggesting it was responsible for uncovering the
hack. Nope, also wrong.
Although reports are conflicting about how the OPM discovered the
breach, it took investigators four months to uncover it, which means the
EINSTEIN system failed. According to a statement from the OPM, the
breach was found after administrators made upgrades to unspecified
systems. But the Wall Street Journal reported today that the
breach was actually discovered during a sales demonstration by a
security company named CyTech Services (paywall), showing the OPM its
forensic product.
Here's the
Wall Street Journal story referred to above.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.