The Associated Press is reporting that some Transportation Security Administration (TSA) employees have been put on leave after the recent fiasco where an inadequately redacted copy of their Screening Management Standard Operating Procedures manual was available on the web. Simply by clicking on the redacted material clicking “cut,” one could unredact the sensitive material.
Although the TSA yanked the manual after its vulnerability was reported by the Wandering Aramean blog and claims that the manual was outdated and does not describe current procedures, the word spread like wildfire throughout the blogosphere and the manual was mirrored on other web sites in unredacted form.
Not surprisingly, Congress immediately threw itself into high gear to hold a hearing. As the AP reports:
Assistant Homeland Security secretary David Heyman told senators Wednesday that a full investigation into the Internet security lapse is under way and the TSA employees have been taken off duty pending the results of that probe. He did not say how many employees were put on leave.
The Homeland Security Department has also stopped posting documents with security information either in full or in part on the Internet until the TSA review is complete, Heyman told the Senate Homeland Security and Governmental Affairs committee.
It will be interesting to see what they do after the hubbub dies down. As long as they continue to place files on networks connected to the Internet, there will always be a risk that what they think is secure, isn’t. Is it really worth the risk?
Update: CBS reports that five employees have been put on leave.
…and I note the document is freely available from Wikileaks and elsewhere.