The recent inadvertent release of a secret TSA manual on a government website shows a breakdown in security procedures by the US Department of Homeland Security. According to the agency, this was an outdated, unclassified version of a Standard Operating Procedures manual. They said it was never implemented and there is no cause for concern. According toinformation from a senate hearing, every page of the document said unauthorized release of this information could result in civil penalties. Senator Susan Collins of Maine commented that the manual shows exactly the documents needed to get relaxed screening at a TSA checkpoint in an airport. Seems like a security breach to me and this is one organization that you would assume should know security. So what went wrong?
Was it a breakdown of technology? Doesn’t appear to be, although someone might assume that the PDF document failed. Someone redacted sensitive sections of the document by drawing a black box on top of it rather than actually removing the information. It’s easy to delete the black box. A PDF treats the box like a comment that is easily removed, so the technology worked correctly.
Was it a breakdown of process and procedure? Sounds like it. Someone didn’t keep tight controls on the document. Personnel weren’t properly trained on how to redact sensitive information. Not to mention that an old document that is no longer needed should be properly destroyed or archived.
At this point it is difficult to know the ramifications of the data breach, but clearly the TSA needs to ensure that everyone understands procedures for handling classified information. If and when a breach occurs, everyone must know the correct process for handling notification and action. This may turn out benign, but the next time we may not be so lucky. Like the Black Knight said in Monty Python and the Holy Grail, “Tis but a scratch.”
Photo credit crestlinekathy