DHS report: TSA needs to secure financial systems
The Transportation Security Administration has inadequate computer security controls on its financial systems, according to a new report
released today by Homeland Security Department Inspector General Richard L. Skinner.
The special report is a letter from KPMG LLP accounting firm on IT matters related to TSA's fiscal 2005 financial statements. KPMG was hired to audit the TSA's finances; however, it did not complete its audit because it did not receive final financial statements from the agency. The letter was released in a redacted form with sensitive portions blacked out.
The accounting firm examined both TSA and Coast Guard systems because the Coast Guard's IT systems host key financial applications for the TSA.
It found continuing IT control weaknesses that put at risk the confidentiality, integrity and availability of critical data.
'We noted that many of the conditions identified during our prior year audits, which impact TSA financial processing, have not been corrected because challenges continue to exist related to the merging of numerous IT functions, controls, processes and overall organizational shortages,' the KPMG letter states.
Problems identified were:
- Missing or weak passwords;
- Missing security patches or improper configurations for computers, servers and network devices;
- Lack of procedures for revalidating users;
- Lack of monitoring for high-level IT administration accounts; and
- Lack of procedures and monitoring for overseeing access to the TSA's data centers.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.