Apparently the TSA really believes in the guidance provided by mothers everywhere in the winter: multiple layers will keep you warm and cozy. I reached out to the Office of Public Affairs this morning regarding the accidental release of the non-redacted Screening Management SOP document. The initial call received a “no comment” with a promise of follow-up. Apparently the copy-and-paste crew were double checking things for quite some time because the eventual answer I got from the OPA wasn’t particularly useful:
The Transportation Security Administration (TSA) has become aware that an outdated version of a Standard Operating Procedures document was improperly posted by the agency to the Federal Business Opportunities Web site wherein redacted material was not properly protected.
TSA takes this matter very seriously and took swift action when this was discovered. A full review is now underway.
TSA has many layers of security in place to keep the traveling public safe and to constantly adapt to evolving threats. TSA has put appropriate measures in place to effectively screen passengers at airport security checkpoints nationwide.
Yup, it is all about the layers. The layers will protect you.
Sure, they had to revise the opening paragraph of the statement but the rest of it is boiler-plate and pretty worthless. Sadly, it seems that this is likely to be the last of their comments on this gross breach.
Sure, some of the content is likely outdated. I get that it isn’t the most current version of the document. The information about selectee screening and exemptions is fun to read but since most selectee designations went away earlier in the year it isn’t quite so relevant. But knowing the specific thickness of wires that will and will not show up on the x-ray machines seems like something they probably didn’t want out in the open. Ditto for the process by which they test the calibration of the magnetometers with pseudo-guns. And I’m betting that most of that content is still current, even if they tend to lead the conversation in the other direction.
Nothing new, really. They screwed up and they’ll take care of it internally. I wonder if they have the cojones to actually charge someone with leaking SSI information. They had no compunction about prosecuting a guy who shared information that was only deemed classified after he shared it. This one was marked up pretty good on every page. But, of course, it “is an internal matter” and we just have to trust that they’ll do everything correctly to follow up. Just like we were supposed to trust them before despite the fact that they’ve done nothing to earn that trust.
The security theatre that the TSA performs is a joke and their internal enforcement seems to be a joke as well. Hardly a surprise.
Related Posts
Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.
Thank you for ferreting out this document. You have done the American people a great service.
All they ever talk about are layers. Do they really still think people think they keep us safe? How about just "Oops, we messed up" instead of "there are other imaginary layers protecting you from imaginary threats"
The layers comment is most likely TSA's chuckleheaded interpretation of the security industry's "defense in depth" mantra. Defense in depth is the basic concept that every layer of your organization or system should be defended, from the outermost interface with the outside world to the innermost sanctum. It's best described using a candy metaphor: defense in depth is the attempt to build systems that are "crunchy through and through" instead of "crunchy on the outside, soft and chewy in the middle". Unfortunately, it appears that the best the TSA can manage is a soggy twinkie.