While the Transportation Security Administration has made headway in defending against insider attacks, the agency lacks specific policies and procedures to mitigate those threats, according to a recent inspector general audit.
The September audit, released this week, found that TSA has not implemented insider threat policies and procedures that clearly explain its employees’ role in defending against insider threats. TSA also lacks a risk mitigation plan that ensures all employees address the risks of insider threats in a consistent way.
TSA defines insider threat as “one or more individuals with access or insider knowledge that allows them to exploit the vulnerabilities of the nation’s transportation systems with the intent to cause harm,” according to the Department of Homeland Security IG audit. Threats can include spying, release of information, sabotage, corruption, impersonation, theft, smuggling, and terrorist attacks. Insider threats can include current and former employees and contractors.
The report noted that TSA doesn’t have a mandatory insider threat training and awareness program for employees, and it lacks protective measures to ensure unauthorized employees can’t, for instance, dump massive amounts of sensitive data onto a portable storage device.
The IG recommends that TSA’s assistant administrator for information technology:
- Further develop TSA’s insider threat program by including policies, procedures and a risk management plan.
- Require insider threat awareness training for employees.
- Direct systems administrators to disable USB ports on computers and laptops if there is not a legitimate need for them.
- Limit the size of email file attachments until the proper measures are in place to detect or prevent unauthorized exfiltration of sensitive information.
However, TSA said it has developed a directive, currently awaiting approval, that identifies polices and procedures for its insider threat program. The agency stood up a toll free hotline and email address for reporting insider threats and also plans to roll out an insider threat training and awareness program.
The agency said disabling USB ports isn’t feasible but, instead, has an application in place to alert the agency when data is transferred outside DHS networks. TSA also disagreed with any restrictions on email file sizes.
Further discussions between the agency and the IG are required to hash out differing opinions.
In June, Reps. Bennie Thompson, D-Miss, and Sheila Jackson Lee, D-Texas, questioned TSA’s plans to purchase software that monitors employees’ keystrokes, emails and other online activities as part of a larger effort to defend against internal attacks.
In a response letter, TSA Administrator John Pistole said the software would provide TSA with forensic evidence for investigations should an employee ever be identified as a potential insider threat to TSA’s mission.
In an Oct. 3 response letter to the IG audit, the lawmakers requested a detailed description of TSA’s current spending related to the insider threat, an estimate of the anticipated lifecycle cost of the monitoring software the agency plans to buy, when TSA will have policies, procedures and a risk management plan and other information by Oct. 17.
Colleen Kelley was elected to her fourth four-year term as president of the National Treasury Employees Union last night.
Delegates to NTEU’s national convention chose Kelley overwhelmingly over challenger Eddie Walker. About 86 percent of votes were cast for Kelley.
Kelley pledged to keep fighting political attacks on federal employees, and to get agencies to provide enough personnel, equipment and other resources so employees can do their jobs properly.
“I am honored by the privilege to continue my efforts to move NTEU forward, to help ensure the voices of federal employees are heard in Congress and in their agencies, and to work to see that the public recognizes the dedication, commitment and professionalism of the federal workforce,” Kelley said.
Walker criticized Kelley for losing the election to represent Transportation Security Administration employees, and said that under her leadership, NTEU has not pushed hard enough for employees.
Today is the last day to vote in the runoff election to decide which union will represent some 43,000 Transportation Security Administration screeners. Voters can choose between the American Federation of Government Employees or the National Treasury Employees Union.
The first election, in which screeners could also choose “no union,” ended inconclusively when nobody received a clear majority. Voters do not have the option of choosing no union this time. AFGE had a slight advantage in the first election’s results, and received 274 more votes than NTEU.
Eligible voters can cast their ballots online or over the phone until 11:59 p.m. tonight. The votes will be tallied on Thursday. Speak now, or forever hold your peace.
The Federal Labor Relations Authority yesterday set the Transportation Security Administration’s runoff election to begin May 23. The voting period will end June 21, and the votes will be tallied June 23.
The election will decide whether the American Federation of Government Employees or the National Treasury Employees Union will represent some 43,000 TSA screeners. The first vote — a three-way campaign between AFGE, NTEU and “no union” — ended inconclusively when nobody received a clear majority.
The first election’s results were very close, with AFGE received 274 more votes than NTEU. Voters will not have the option of selecting “no union” in the runoff election. Like the first election, screeners voting in the runoff will cast their ballots over the phone or online. FLRA will mail election packages to screeners May 23, which will include instructions and identification numbers necessary to vote.
Both unions’ leaders say they expect to win the runoff. AFGE’s John Gage said:
AFGE won the first round of a fierce contest against a worthy opponent. We expect to win the runoff election as well and are pleased that FLRA has cleared the way for a swift resolution to this process. I’m asking TSOs to come out and vote for us one more time. We’re one step closer to bringing you a better workplace.
NTEU’s Colleen Kelley said:
NTEU looks forward to the runoff election. We are confident our record of accomplishments and our program for their future will lead TSA officers to elect NTEU to help them improve their work lives and their workplaces. We have got the momentum. It is a dead heat, and we are going to pull ahead.
The election to choose an official union for the Transportation Security Administration ends tonight. It’s been a long time coming, and the winner stands to gain a bargaining unit of roughly 43,000 screeners.
All you screeners out there, feel free to sound off below. Did you vote for the American Federation of Government Employees or the National Treasury Employees Union, and why? Was there one particularly important issue that swayed your vote? What do you hope the winning union does for TSA?
The Transportation Security Administration is digging in its heels over the new patdown procedures for airline passengers who don’t want to go through revealing — and possibly radiation-exposing — scans. But the agency is losing the battle for public opinion — fast.
And the American Federation of Government Employees — one of two major unions vying to represent TSA — is worried the backlash could come down hard on screeners. There’s already been a few physical altercations between screeners and angry passengers, including an incident where a traveler in Indianapolis punched a screener.
“TSA must do a better job explaining these measures to the flying public,” AFGE National President John Gage said yesterday. “This absence of information has resulted in a backlash against the character and professionalism of [Transportation Security Officers] based on a few widely-reported but largely ill-founded claims repeated over and over again by the media. It is unacceptable for any passenger to verbally or physically assault any security officers, and TSA must act now — before the Thanksgiving rush — to ensure that TSOs are not being left to fend for themselves.”
TSA Administrator John Pistole told a Senate committee Tuesday that travelers who object to the Advanced Imaging Technology scans and patdowns have a third option: Don’t fly at all. Even someone who objects to the searches on religious grounds would be out of luck, Pistole said. “While we respect that person’s beliefs, that person’s not going to get on an airplane.”
TSA seems to be caught between a rock and a hard place. After the government failed to detect the Undiebomber before his skivvies fizzled Christmas Day, the hue and cry went up that SOMETHING MUST BE DONE. But now that new measures are in place (Pistole said a patdown or scan would have caught Umar Farouk Abdulmutallab, but the GAO said the jury is still out on the scans), people as diverse as the ACLU, Tea Party activists, Rep. Ron Paul, magician and Cato Institute fellow Penn Jillette, and hero pilot Chesley “Sully” Sullenberger are saying enough is enough.
FedLine friend (and former Federal Times reporter) Mollie Hemingway last week wrote about her recent patdown on the Get Religion blog: “I joked that in some cultures I would be married to my screener by now. But it wasn’t funny. It was incredibly intimate and it actually made me uncomfortable. … After all, the new policies basically say that if you’re uncomfortable with the government taking naked images of you, you will be caressed or groped by strangers.”
TSA’s Blogger Bob is working overtime pointing out that four out of five surveyed Americans are fine with the new procedures and insisting their machines don’t store images. But privacy concerns and bathroom humor can be a potent mix, and will make it tough for TSA to counter opposition to its policies. Let’s review:
- A Conan O’Brien skit on Monday featured a fake TSA screener giving an audience member the creepiest patdown imaginable (video after the jump).
- The anti-patdown crowd now has a rallying cry — “Don’t touch my junk!” — courtesy of software programmer John Tyner.
- Taiwan’s Next Media Animation made a cartoon about the controversy that went viral, and featured a demonic-looking Michael Chertoff working for a company called “RapeScan”, a thinly-veiled parody of backscatter manufacturer Rapiscan (video also after the jump).
- And some online are trying to make next Wednesday — the uber-heavy traveling day before Thanksgiving — a national day of protest in which passengers opt out, en masse, of the body scanners to gum up the works. Atlantic blogger Jeffrey Goldberg wants to up the ante, and is encouraging male travelers to wear kilts and go commando — that is, wear no underwear at all, in true Scotsman style — to make TSA screeners as uncomfortable as possible.
Or maybe we just need TSA contractors to develop the kind of scanners California Governor Arnold Schwarzenegger encountered in Total Recall, that see only bones and guns. Let’s get on that.
The Smoking Gun today published a statement from a Transportation Security Administration screener who allegedly beat a co-worker with a baton for mocking the size of his genitalia. According to alleged assaulter Rolando Negrin’s statement to Miami police, several co-workers teased him day after day as a “little angry man” after a full-body scanner digitally exposed him, and he snapped. He said the relentless mockery became a form of “psychological torture.”
There’s so much about this case that is messed up. Using physical violence to resolve a workplace dispute is, of course, never justified. But if this is actually what happened, this also represents a gross failure of TSA management at Miami International Airport. Being taunted daily about the size of one’s penis is a pretty clear-cut case of sexual harassment, and nobody should have to endure that. It’s a manager’s responsibility to snuff out that kind of middle school behavior precisely so it doesn’t escalate into a parking lot brawl.
H/t Drudge Report
The Chicago regional director of the Federal Labor Relations Authority today denied the American Federation of Government Employees’ bid for an election to determine which union will represent Transportation Security Administration employees.
The regional FLRA upheld its previous determination that because TSA screeners do not have collective bargaining rights, it has no jurisdiction to process the petition for an election. AFGE said it will appeal to the full FLRA within 60 days.
AFGE and the National Treasury Employees Union are each seeking to represent roughly 40,000 TSA screeners. NTEU has filed a similar petition with FLRA.
Associated Press reporter Eileen Sullivan just broke the news that Robert Harding, President Obama’s second nominee to run the Transportation Security Administration, withdrew his nomination this evening. Sullivan reported that Harding said he withdrew because his previous work as a defense contractor had become “distractions” to the administration and the Homeland Security Department.
UPDATE: The White House has formally announced Harding’s selection. From President Obama’s statement:
I am confident that Bob’s talent and expertise will make him a tremendous asset in our ongoing efforts to bolster security and screening measures at our airports. I can think of no one more qualified than Bob to take on this important job, and I look forward to working with him in the months and years ahead.
ORIGINAL POST: CNN and other news organizations are reporting that the White House is going to tap retired Army Maj. Gen. Robert Harding to head the Transportation Security Administration. Under the Clinton administration, Harding was director of operations at the Defense Intelligence Agency and director of intelligence for the Army’s Southern Command.
Homeland Security Secretary Janet Napolitano is expected to announce Harding’s selection later today.