TSA has made progress toward protecting its information systems and data from the threat posed by trusted employees, the DHS inspector general has said.
It said TSA has established an agency wide insider threat working group and insider threat section responsible for developing an integrated strategy and program to address insider threat risk.
Further, TSA is conducting insider threat vulnerability assessments that include personnel, physical, and information systems at selected airports and off site offices, said the IG.
It said the agency is performing checks on privileged user accounts on TSA unclassified systems, including privileged access accounts and rights granted to system administrators or to other employees whose job duties require specific privileges over an information system or network.
Additionally, TSA has established a security operations center responsible for day-to-day protection of information systems and data that can detect and respond to an insider threat incident.
TSA agreed with recommendations to further develop the insider threat program to include policies, procedures, and a risk management plan pertinent to the insider threat, as well as to implement an insider threat training and awareness program for the entire TSA workforce.
However, TSA balked at recommendations to direct system administrators to disable USB ports on desktop and laptop computers and to limit the size of allowed email file attachments.