IG blasts secrecy on JFK IT security lapses

Wikimedia image: John F. Kennedy International Airport.

Fourth terminal of John F. Kennedy International Airport. (Wikimedia)

The Department of Homeland Security Inspector General says the Transportation Security Administration is using secrecy protections to paper over run-of-the-mill sloppy IT security practices at John F. Kennedy International Airport.

Citing Sensitive Security Information (SSI), the TSA blacked out substantial portions of a report DHS Inspector General John Roth submitted on the security of JFK Airport's IT operations.

In a Jan. 16 letter to Chip Fulghum, acting undersecretary for management, Roth said TSA had overused SSI protections in making redactions in the JFK report. The IT security lapses at the airport, he said, didn’t warrant SSI classification.

Roth said he submitted the draft report for comments in July and, after several extensions, TSA submitted its redactions in October. The IG said in an email to FCW that earlier this month TSA "affirmed its original redaction to the report."

Similar content, argued Roth, was reported in the IG's last two publicly released audit reports on Dallas/Fort Worth and Atlanta Hartsfield airports.

He said the examples of IT security problems his office found at JFK, such as unlocked server rooms, inadequate server protections and a marked scarcity of server room sign-in sheets could spur changes at other facilities if they were more widely known.

"I believe that this report should be released in its entirety in the public domain. I challenged TSA's determination because this type of information has been disclosed in other reports without objection from TSA, and because the language marked SSI reveals generic, non-specific vulnerabilities that are common to virtually all systems and would not be detrimental to transportation security," Roth wrote.

In his letter, Roth added that the vulnerabilities shown wouldn't compromise transportation security. Classifying the information, he said, runs counter to a 2010 law aimed at reducing the amount of classified material.

In a Jan. 23 statement on the report, Rep. Bennie Thompson (D-Miss.), ranking member of the House Homeland Security Committee, agreed with Roth. "Classifying information as sensitive or secret, while withholding it from the public, should only be done if national security could be at risk. Proper transparency is key to good governance and by insisting this report be partially redacted, TSA undercuts this transparency."

The DHS IG's 50-page report on JFK contains photos of some of the more egregious security problems, including pictures of TSA equipment in a corridor-accessible closet with unsecured double doors to a public area next to a TSA terminal security checkpoint; various unlocked server doors; dusty equipment; improperly stored cleaning agents on top of IT equipment; no log in sheets for IT server rooms; and other fundamental lapses that could lead to problems if left unattended.

The report also said TSA didn't have any devices to measure humidity in the 21 server/switch rooms that IG inspectors visited at the airport. Additionally, it said 13 of the 21 server/switch rooms didn't have temperature sensors. Of the eight rooms that did have temperature sensors, only two had temperature readings within the acceptable range established by DHS policy.

"The department has already implemented corrective actions," DHS said in an emailed statement, and "developed plans of actions and milestones to facilitate timely closure of all recommendations in the OIG report."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.