GAO: Secure Flight improved IT security
The Secure Flight passenger screening program has improved IT security and privacy controls in the last five months, auditors say.
The Transportation Security Administration took action between January and April to meet Congress’ requirements for information security and privacy controls for its Secure Flight passenger watch list screening system, according to a new report from the Government Accountability Office.
“As of April 2009, TSA had generally achieved nine of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved one condition,” the GAO report posted on the Web today said.
Under Secure Flight, TSA officials are to screen airline passengers against watch lists of suspected terrorists. Since the 2001 terrorist attacks, commercial airlines have handled those duties for domestic flights while Secure Flight has been in development.
Congress last year established 10 conditions for the TSA to meet as it completed development of the program, including conditions for accuracy, redress, oversight, privacy, life-cycle cost estimates and information security. The agency certified in September 2008 that it had met the 10 conditions.
However, GAO's auditors reported this January that the TSA had met only five of the conditions. Requirements for information security and privacy were among the conditions that remained incomplete then.
In a follow-up review this April, GAO said nine of the 10 conditions had been met, including conditions for information security and privacy.
The GAO said the TSA since January has corrected deficiencies in information security. By March 20, the TSA had fixed all 60 high- and moderate-risk information security vulnerabilities associated with the final version of Secure Flight, the report states.
TSA met the requirement related to privacy by March 31, GAO also said.
However, to date the agency has only partially met a requirement to develop appropriate life-cycle cost estimates, expenditure plans, budgets and schedules for Secure Flight, the report states.
In late January 2009, TSA began to operate Secure Flight for a limited number of domestic flights for one airline. Secure Flight will be operating watch-list matching functions for all domestic flights by March 2010 and will begin assuming those duties for international flights at that time, GAO noted.