GAO: Secure Flight improved IT security

TSA has met most of Congress' requirements for Secure Flight

The Transportation Security Administration took action between January and April to meet Congress’ requirements for information security and privacy controls for its Secure Flight passenger watch list screening system, according to a new report from the Government Accountability Office.

“As of April 2009, TSA had generally achieved nine of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved one condition,” the GAO report posted on the Web today said.

Under Secure Flight, TSA officials are to screen airline passengers against watch lists of suspected terrorists. Since the 2001 terrorist attacks, commercial airlines have handled those duties for domestic flights while Secure Flight has been in development.

Congress last year established 10 conditions for the TSA to meet as it completed development of the program, including conditions for accuracy, redress, oversight, privacy, life-cycle cost estimates and information security. The agency certified in September 2008 that it had met the 10 conditions.

However, GAO's auditors reported this January that the TSA had met only five of the conditions. Requirements for information security and privacy were among the conditions that remained incomplete then.

In a follow-up review this April, GAO said nine of the 10 conditions had been met, including conditions for information security and privacy.

The GAO said the TSA since January has corrected deficiencies in information security. By March 20, the TSA had fixed all 60 high- and moderate-risk information security vulnerabilities associated with the final version of Secure Flight, the report states.

TSA met the requirement related to privacy by March 31, GAO also said.

However, to date the agency has only partially met a requirement to develop appropriate life-cycle cost estimates, expenditure plans, budgets and schedules for Secure Flight, the report states.

In late January 2009, TSA began to operate Secure Flight for a limited number of domestic flights for one airline. Secure Flight will be operating watch-list matching functions for all domestic flights by March 2010 and will begin assuming those duties for international flights at that time, GAO noted.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.