Audit finds security gaps in TWIC program

| 8/4/2006

A new audit from the Department of Homeland Security’s Office of the Inspector General has found some security problems with the department’s proposed Transportation Worker Identification Credential program.

Though portions of the report have been intentionally blanked out by the feds because of security concerns, it did state that there were some high risks found “relative to the TWIC prototype systems, documentation and program management.”

In his summary statement, Inspector General Richard Skinner wrote that the issues identified “may threaten the confidentiality, integrity and availability of sensitive TWIC data.”

The audit involved testing prototype systems for the program including enrollment workstations, contractor databases and servers, and card production facilities.

Among the flaws that were revealed was an incomplete plan of action with regard to security vulnerabilities and an outdated privacy impact statement. The audit also found that system contingency plans had not been approved or tested and that system and database managers had not received “specialized security awareness training.”

The Associated Press reported that the Transportation Security Administration, which oversees the TWIC program, issued a statement saying that it is working to fully address the problems found in the audit.