The Transportation Security Administration (TSA) recently adopted improvements in practices to patch and configure software on its wireless networks to improve cybersecurity, following recommendations of the inspector general (IG) at the Department of Homeland Security (DHS).
The DHS IG conducted an audit of TSA wireless networks and devices like Blackberries earlier this year to examine protections for sensitive information and other data on TSA networks. The audit revealed that TSA effectively protected its wireless network and devices generally with physical and logical security access controls, thereby avoiding any major vulnerabilities inherent with its wireless infrastructure.
“However, we identified high-risk vulnerabilities involving patch and configuration controls,” said the IG office in its report, Improvements in Patch and Configuration Management Controls Can Better Protect TSA’s Wireless Network and Devices.
The IG office (OIG) made specific recommendations to TSA to revise its patch management process to patch software in a timely manner and to enforce security policy for those individuals who do not properly secure their wireless systems and devices.
In response to the report, TSA Administrator John Pistole said his agency already has enacted corrective measures.