TSA Makes Important Changes to Web Policies After Conducting Web Security Review
News & Happenings
- Click here to learn more about the Traveler Redress Inquiry Program. (DHS TRIP)
September 13, 2007
In early February TSA learned of loopholes in the security of its Redress Management System (RMS) Web site. The system was used by travelers seeking redress for difficulties they experience as a result of watch list name matching. By voluntarily collecting basic data (name, date of birth, gender, etc.) the system was used to recognize misidentifications and to ensure future travel was facilitated.
An internal TSA cyber-security review revealed that no personal information stored on the site was compromised at any time. However, investigators did identify vulnerabilities with the site. These vulnerabilities were addressed with the launch of the Department of Homeland Security's consolidated Traveler Redress Inquiry Program (TRIP) on February 20, 2007.
After learning of these vulnerabilities, TSA took immediate steps to increase IT security, protect traveler data and ensure that incidents of this type do not happen again. These measures included:
- Confirmed no personal data stored on the site was compromised.
- Moved the RMS system to a secure DHS.gov domain and ensured links for submitting personal data were protected using sophisticated encryption methods.
- Sent letters to 247 individuals alerting them that they had submitted information over an unencrypted link.
- Implemented internal reforms to ensure IT security measures are in place throughout the life cycle of TSA Web sites and programs.
- Ensured the new DHS TRIP system had the highest levels of security in place and did not possess any of the security concerns TSA identified about the previous Web site.
Today, travelers seeking redress for difficulties they experience with any DHS agency can rest assured that the information they provide to DHS TRIP is secure and will be addressed by security experts across the department in a timely manner.
