IG: Sensitive information at airport at risk

The Homeland Security Department is putting sensitive information at risk by security weaknesses in its computer systems at Los Angeles International Airport, according to a new report from DHS Inspector General Richard Skinner.

U.S. Customs and Border Protection and three other DHS agencies that operate at the airport are lax on their information technology security for servers, routers, and switches operating at the airport, the report issued Nov. 7 said.

The report identifies the other agencies falling short as the Coast Guard, Immigration and Customs Enforcement and the Transportation Security Administration.

The information technology security controls implemented at this site have deficiencies that, if exploited, could result in the loss of confidentiality, integrity and availability of their information technology systems,” the GAO report states. “Specifically, these components need to improve their physical security operational controls for telecommunications equipment and servers.”

The federal agencies’ IT systems are put at risk by problems with operational, technical and management controls, GAO said.

For example, in November 2006, CBP installed a wireless network at the airport, but it was not tested once it was connected to the CBP’s network. During the time of the IG's visit in December 2007, CBP staff members were unable to operate the networks because of technical problems, the report said.

Other problems identified included improper access controls, unsecured server storage rooms, and the storage of IT systems in rooms that were too warm and possibly subjected the systems to damage.

The GAO made 23 recommendations for improvements; the DHS agencies agreed with most of the findings, with several exceptions.