Computer systems and other equipment used by customs and border officials, the U.S. Coast Guard and transportation security personnel for homeland security operations at Los Angeles International Airport are vulnerable to theft and tampering, according to a report by the Inspector General of the Department of Homeland Security.
The report, heavily redacted for national-security reasons, noted that telecommunications equipment and servers used by the agencies are left unobserved and contain poorly protected passwords. It includes a photo of a wide-open door leading to a server room used by Immigration and Customs Enforcement. The door is always left open because the room doesn’t have a ventilation system sufficient enough to keep it cool, according to the report.
“Anyone entering the server room would have access to ICE back-up tapes, server, router, and switches because they are not stored in a locked cabinet,” the IG found.
The access controls at an ICE field office in El Segundo, Calif., which assists with investigations of illegal exports, are weak, the report concluded, and employees have wide access to multiple files increasing “the risk of loss or theft of ICE mission-sensitive data.”
“Unauthorized personnel may have the ability to write, alter, or delete data that reside on shared resources.”
Also, according to the report, a data system maintained by the TSA is configured to allow anonymous access to one of its servers, meaning a hacker could log in without proper credentials. “Malicious code” could be placed on another of the TSA’s systems containing shared data. The TSA also didn’t have water sprinklers or fire extinguishers in a server room and telecommunications closet, while relying on a simple portable fan to keep the heat off IT equipment in a separate area.
Several federal agencies adopted the use of new databases after 9/11 containing detailed personal information about Americans and foreigners, the idea being that the more they knew about national and international travelers, the likelier authorities would be able to spot a rogue airline passenger before he or she struck. But the portions of the report made public last week don’t reveal which systems used by the Coast Guard, the Transportation Security Administration, ICE and others are susceptible to a cyber assault.
The report points to an incident last year in which customs officials suffered a major network outage at LAX, one of the world’s largest airports, that stalled operations for hours and disrupted the travel plans of 17,000 passengers. The airport’s terminals filled with travelers waiting to be processed, others were forced to remain sitting on airliners for hours following international flights and some planes had to be redirected to other airports.
An aging IT infrastructure at the airport exacerbated the outage. According to the Los Angeles Times, airport employees had to distribute food, water and baby diapers to stranded passengers and refuel planes to keep their air conditioning systems running. Inspectors say that another agency, Customs and Border Protection, has installed new hardware since then to prevent a recurrence.
But additional problems remain. In November of 2006, customs authorities installed a high-speed connection for wireless Internet access at LAX, but a year later federal agents who were supposed to be able to use the system to better communicate couldn’t to do so because of technical problems. No one interviewed by the inspector general could say whether it had ever been used. A room containing IT equipment for use by CBP personnel had shoddy electrical wiring, missing ceiling tiles and dust.
The IG’s conclusions were released on the same day that a group of security consultants from one of the world’s most tightly controlled airports near Tel Aviv announced they’d completed an assessment of LAX. Past reports by the team haven’t been made public, but according to a Contra Costa Times story about the most recent review, the airport has made “significant progress” since 2006, implying that safety measures weren’t strong previously.
It’s not clear if the release of that news, with its improved outlook on security at LAX, was intended to coincide with the inspector general’s less sanguine report.