News Stay informed about the latest enterprise technology news and product updates.

TSA security lapses example of outsourcing failure

A congressional report issued last week outlined the failure of the Transportation Security Administration to secure a special Web site designed to help travelers whose names appeared erroneously on the airline watch lists. It turns out to be a situation that wreaks of multiple ethical lapses that ultimately put sensitive information at risk. Though the Web site was taken down and hosted on Department of Homeland Security servers, what is most interesting is how the site was initially contracted out to a third party to build and manage. Here’s a situation where a government site was to host potentially sensitive information. But the contract was awarded without competition with specifications drafted so only one Web design company (Desyne Web Services) could qualify for the job. To make matters worse, the job of oversight at TSA was conducted by a former employee of Desyne, Nicholas Panuzio, according to the report.

Information being hosted and transmitted via the site included Social Security numbers, telephone numbers, addresses, birth dates and birth place. The site was launched on October 6, 2006, and was not taken down until a blogger, Chris Soghoian of the University of Indiana, discovered the vulnerabilities after February 13, 2007. The site wasn’t encrypted, it wasn’t hosted at a government domain and transactions weren’t conducted securely. Chris writes about the incident at his Cnet blog.

What is even more galling is that Desyne wasn’t sanctioned for poor performance and to date has received almost $500,000 worth of no-bid contracts to provide Web services to TSA and DHS. Also, no disciplinary action was taken against Panuzio, since he didn’t personally benefit financially from the contract.

In a time when the nation is so sensitive about security lapses and protecting critical data, reports like this only highlights how slow and ineffective the government is at securing its systems and protecting an individual’s information. This may have not been the nation’s most guarded secrets, but nonetheless it still is sensitive information tied to U.S. citizens that could be used fraudulently by cybercriminals and even more frightening, a terrorist organization.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Websites should be safeguarded enough, especially those that contain potentially sensitive information like Social Security Numbers, contact numbers, birthdays and addresses of countless web clients. Otherwise, these could feed fraudulent criminals and terrorists who may later create more hostilities. The issue here is the security of clients and of everybody else. Outsourcing should not all be favorable to companies outsourcing chunks of their undertakings to somebody or to a group. It should also be for the welfare of its bread and butter, the clients.
Looks like the good ole boy network is alive and well at the DHS. But this isnt the first time there was a snafu there. They outsourced a nonclassfied web site to be built by another company. That company used chinese nationals and the site was filled with malware, trojans. Of course it was reporting back to sites in china. Nothing was done about that
Wow... what a great post! Has anyone ever wondered how to fill out forms online? I have, and found a simple service. You'll forget about paperwork when you try PDFfiller. MN GAC 11-U can be filled out in 5-10 mins here