Congressional leaders are pushing the TSA to ramp up protections against what they consider an “information technology insider threat”. In other words, they are concerned that TSA employees will rebel against or attempt to sabotage the federal agency by leaking sensitive information.
A DHS inspector general report, released last week, concluded that although the TSA has created an Insider Threat Working Group, and an Insider Threat Section, the agency does not have adequate countermeasures in place against potential information leaks.
The report recommended that the TSA should actively train all of its staff on data protection and “implement insider threat policies”.
The report also recommended that the TSA should centrally monitor all of its systems to ensure insiders do not tamper with, transmit or remove any information beyond the agency’s network.
This week, the ranking members of the Homeland Security Committee and the Transportation Security Subcommittee wrote to TSA head John Pistole, asking for clarification on what the TSA is doing regarding the matter.
Rep. Bennie Thompson (D-MS), and Rep. Sheila Jackson-Lee (D-TX) have been pressing the TSA on the issue of insider threat programs for four months now with little or no response.
In July the two sent a letter to the TSA outlining concerns that insider threat countermeasures planned for implementation at the TSA seem to be geared towards monitoring employees and interfering with legitimate attempts by employees to act as whistle-blowers.
The TSA has not responded to the Congressional inquiry.
In June, the TSA issued a solicitation for an “enterprise insider threat software package”, in other words, spyware that will allow the agency to monitor the emails, chat, web browser history, and even the keystrokes of its employees.
The TSA contracting documents stated, “In order to detect an insider threat, technology is required to monitor and obtain visibility into users’ actions.”
The solicitation noted that the technology must be Microsoft Windows compatible and have the ability to “monitor user activities through keystroke monitoring/logging; chat monitoring/logging; email monitoring/logging; attachment monitoring/logging; website monitoring/logging; network activity monitoring/logging; files transferred monitoring/logging; document tracking monitoring/logging; screenshot capture; program activity monitoring/logging,”
The document also noted that the spyware should provide the agency with the capability to “mine through all the collected data using built-in or third-party tools,” allow for the movement of the data to a central command, and also “alert” TSA officials of any abnormalities “based on specific criteria such as a name and/or combination of names,”
“The end user (employee) must not have the ability to detect this technology,” the document also stated.
In their letter, Thompson and Lee asked that “TSA immediately withdraw this solicitation and refrain from attempting to acquire technology with similar capabilities.”
“While the law governing TSA employees does not afford specific protections to ensure employee whistleblower protections, the agency is not completely insulated from the affects of the Constitution,” they wrote. “It would seem that installation of the type of technology sought in the solicitation would enable TSA to monitor employee communications with the OSC, the department’s Office of Inspector General and the Congress of the United States.” the representatives concluded.
In recent months multiple whistle-blowers have come forward to reveal startling details about TSA practices and activities.