Subscribe to RSS - TSA

TSA

TSA’s quest to merge cybersecurity and information technology

 - 
Wednesday, January 15, 2020

We’re about two weeks into the new year, and suffice to say, gearing up for travel is top of mind for security professionals. The “big” industry shows always seem so far away at this point, but before we know it, ISC West will be here in March, followed by ESX in June; GSX in September; ISC East in partnership with ASIS NYC in November; and more. In addition to these, are the smaller, boutique-type events, such as our SecurityNext conference in February (It’s not too late to register, btw!), not to mention all the companies that host events throughout the year. This puts you and your personal data in quite a few airports’ computer systems, screening technologies, etc., which can be a hacker’s paradise. 

Fortunately, while you’re on your yearly security quests, TSA is on a “quest” of its own: “to merge cybersecurity and information technology,” according to a special notice issued on January 7, 2020. And, they aren’t going at it alone. The agency has the support of America’s airport facilities, working together to create a cybersecurity culture by adopting the requirement “cybersecurity by design” to ensure cybersecurity is at for forefront, as opposed to being an add-on or afterthought. 

In addition to merging cyber and information technology, there are other “requirements for the information security and security screening technologies industry to ensure everyone is working towards a common goal,” it said in the notice. Other requirements include: 

  • Implementation of adequate access control and account management practices by enabling multi-level access to equipment sources and the ability to restrict users;
  • The ability for airport operators to change system level passwords;
  • Use of unique identification of individuals, activity and access to security equipment; 
  • Protection of screening algorithms form compromise, modification and rendering equipment inoperable, and provide immediate alert when algorithms have been accessed;
  • Covering USB ports are covered and access to ports, cables and other peripherals are protected from unauthorized use;
  • Employing automated measures to maintain baseline configurations and ensure systems protections;
  • Proper management of internal and external interfaces and encryption of ingress and egress traffic;
  • Implementing methods to update security equipment affected by software flaws; 
  • Running security assessment tools on devices to ensure appropriate configuration and patch levels, and that no indicators of compromise are present; 
  • Full support to ensure security equipment hardware, software and operating system vulnerabilities are identified and remediated; 
  • Use of an approved encryption method to ensure integrity of all data at rest on security equipment; 
  • Providing comprehensive list of all software and hardware that compromise security equipment; 
  • Demonstrating the ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting; and 
  • Vetting all local or remote maintenance personnel with the inclusion of background checks. 

TSA hopes that these requirements will “increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry—making it easier for vendors to adapt to end user requirement.”

Sounds like a win for anyone involved in travel. 

 

Why seeing a star on your driver’s license is a good thing

 - 
Friday, August 23, 2019

I remember in elementary school those little gold, silver, red, green and blue foil star stickers the teacher would put at the top of my paper, each color reflecting my grade: gold for the perfect score of 100; silver for 90s; blue for 80s; and green for 70s. If I saw a red star, just forget it, because that meant redoing the whole assignment, usually DURING recess, or when I got home from school DURING my favorite TV shows — Woody Wood Pecker, Tom & Jerry and Heathcliff. 

Let’s see if you pass the star test or if you’ll be caught at your local Department of Motor Vehicles during your recess, what we adults commonly call our lunch break! Take out your driver’s license. Does it have a black or gold star on it? If so, you passed and your lunch break is safe. If not, looks like a trip to your state’s Department of Motor Vehicles (DMV) is in your future if you plan on using your driver’s license to fly. 

Back in 2005, Congress passed the Real ID Act, designed to ensure that people boarding a flight or entering a federal building are exactly who they claim to be in all U.S. states and territories including Puerto Rico, Guam, Northern Mariana Islands and U.S. Virgin Islands. Now, 14 years later, all states and territories are compliant or have an extension (Maine, New Jersey, Oklahoma and Oregon are extended until Oct. 10, 2019) and are awaiting each and every citizen over the age of 18 to pay a visit to their local DMVs. 

Technically you have until October 1, 2020 to get your star, but as busy security professionals, 13 months will pass faster than a hot knife through butter! (That’s Texan for “quickly.”)  So, here are some strategies and tips to make the process as painless as possible: 

Decide if you even need a Real ID. If you want to fly with only your state-issued ID, don’t have a passport or other TSA-approved ID or need to visit a security federal facility, such as a military base, then yes, you do need a Real ID. 

If you only need your state-issued ID for identification purposes, don’t mind bringing a TSA-approved ID, like a passport, starting October 1, 2020, or are under age 18, then no, you do NOT need a Real ID. 

Physically go to a DMV office. Be sure to bring along identification documents such as a birth certificate and passport. Some states are requiring up to four pieces of identification, so be sure to check your state’s requirements BEFORE standing in that long line, finally arriving at the clerk’s desk after a five hour wait (that’s the typical wait time in Texas) just to be turned away to go back home, retrieve said documents and then wait another five hours in line! (As “they” say, “Everything’s bigger in Texas;” I guess that includes these lines, too!)

  • Tip #1: To be on the safe side, at the very least, bring proof of identity, social security number and residency, proof of name change (if applicable) and of course, money (a fee is involved).
  • Tip #2: I would suggest bringing cash and/or check in case your DMV doesn’t accept credit cards or charges a fee. It looks like North Carolina is the cheapest at $13.00 and Massachusetts is the highest at $85.00. Check your particular state’s DMV website for the fee schedule. 
  • Tip #3: If your state allows it, make an appointment to visit your DMV. This will cut back on wait time and frustration. 

 

I wish you well on your endeavor to obtain your star!

 

 

Disaster recovery within 15 minutes at Delta

Duplicate site and drills ensure business continuity
 - 
05/28/2014

ATLANTA—If Delta Air Lines’ Operations Control Center is incapacitated due to a fire, extreme weather or bomb, it can set up within 15 minutes at a duplicate facility already in place nearby. That’s been proven during yearly drills.

Lawmaker calls for tougher security at airports

 - 
05/07/2014

SAN JOSE, Calif.—A Bay Area congressman on Friday called for tougher security standards and a technology study after an incident two weeks ago in which a teenager managed to scale a fence at Mineta San Jose International Airport and stow himself away in the wheel well of a Hawaii-bound airliner, according to an article from the San Jose Mercury News.

TycoIS secures exit at Maine airport

‘Technology doesn’t get tired or distracted’
 - 
09/18/2013

PORTLAND, Maine—Passengers deplaning at the Portland International Jetport here now must make their way through a special security exit portal, one of only two of its kind in the country.

SIA: Biometric ID cards 'sound policy' for immigration

 - 
06/12/2013

WASHINGTON—With immigration reform gaining momentum in Congress, the Security Industry Association is calling on lawmakers to approve biometrics on identity cards to ensure the highest level of security at U.S. entry points.

MorphoTrust general counsel discusses legal implications of facial recognition technologies

 - 
01/10/2013

LAS VEGAS—Facial recognition technology is a powerful tool, but there are concerns the technology could be misused, according to Scott Boylan, general counsel of MorphoTrust USA, a biometrics provider based in Billerica, Mass.

Accenture receives TSA contract

 - 
11/26/2012

ARLINGTON, Va.—Accenture Federal Services, a consulting and technology services company, received a five-year contract from the U.S.

Good service leads to good contract

Safety Systems of Vermont retrofits Burlington International Airport
 - 
01/31/2011

COLCHESTER, Vt.—Good customer service has not only given Safety Systems of Vermont steady growth since it started eight years ago, but led to a quarter-million-dollar project retrofitting the Burlington International Airport’s fire alarm system, said co-owner Scott Carroll.

An inside look at Logan Airport’s security operations

‘Security is everyone’s responsibility and we all recognize that and step up’
 - 
11/23/2010

BOSTON— On the morning of Nov. 17, two security officers used extended mirrors to sweep under his Massport vehicle, checking for bombs, and they carefully verified our identification credentials before the tilt gate opened and my host, Tom Domenico, director of IT operations at the Massachusetts Port Authority, could drive us onto the airfield at Boston Logan International Airport.