Inspector general faults TSA's internal controls
Agency failed to properly redact a public contract solicitation containing sensitive information before posting it online last year.
The Transportation Security Administration's internal controls for preventing the release of sensitive security information are deficient and led to the improper posting of details about airport security screening operations to the Internet last year, Homeland Security Department Inspector General Richard Skinner said in a report released on Wednesday.
TSA failed to properly redact a public contract solicitation containing sensitive information on standard operating procedures for screening aviation passengers and bags, Skinner found. The solicitation, which was for privatizing airport screening operations in Montana, was posted to the Internet in March and remained online until Dec. 6.
The sensitive information was finally removed after a TSA employee notified agency officials about the security breach.
"We determined that for the two documents in question, the redactions were not applied properly, and appropriate quality control procedures were not in place to protect against inadvertent disclosure," wrote Skinner, who made five recommendations to improve the process for redacting information. "When TSA learned that [sensitive security information] was publicly available, it took immediate actions and began intermediate and long-term measures to mitigate vulnerabilities."
In a written response to the IG, TSA acting administrator Gale Rossides said the agency agreed with the recommendations and regretted the incident.