CYA: Leaking RED TEAM info to TSA
Exclusive: Covert Operations Used to Identify U.S. Security Vulnerabilities Leaked to TSA?
Recently, concerns have arisen as to whether top management at the U.S. Transportation were negatively impacting the results of “red team” (covert) operations by leaking information to security screeners at the nation’s airports in advance of covert security testing operations.
The Government Accountability Office’s Forensic Audits and Special Investigations team, which was created in 2005 as an interdisciplinary team consisting of investigators, auditors, and analysts, conducts covert tests at the request of the Congress to identify vulnerabilities and internal control weaknesses at executive branch agencies.
These vulnerabilities and internal control weaknesses include those that could compromise homeland security, affect public safety, or have a financial impact on taxpayer’s dollars. FSI conducts covert tests as “red team” operations, meaning that FSI does not notify agencies in advance about the testing.
FSI has strict internal procedures related to the planning, execution, and reporting of covert activities.
First, FSI and senior GAO management decide on a case-by-case basis whether engagements requiring covert tests are within the scope of GAO’s authority. Next, FSI identifies the aspects of the security system or the government program that are particularly vulnerable to terrorist threats or fraudulent activities and relies on the experience of its investigators to develop a written investigative plan.
This plan typically includes the creation of fictitious identities and counterfeit documentation. All counterfeit documents that FSI uses are manufactured using hardware, software, and materials that are available to the general public — this allows FSI to demonstrate that any security vulnerabilities it finds could be exploited by a criminal or terrorist with moderate means and resources and would not require sophisticated insider knowledge.
FSI’s investigators are the only GAO staff allowed to participate in the execution phase of testing, although audit and analyst staff are often involved in planning and operational support. If investigators discover vulnerabilities that pose a significant and immediate threat to public safety, FSI immediately will discontinue its investigation and alert the appropriate government law enforcement agency.
Once the operation is complete, FSI conducts a “corrective action briefing” with officials at the tested entity to report that they have been the subject of a covert operation, share the results of the testing and, if necessary, suggest potential remedies for any identified control weaknesses or security vulnerabilities.
The following summarizes recent FSI red team operations:
Using counterfeit documents and posing as employees of a company with a Nuclear Regulatory Commission license, FSI investigators successfully crossed the US northern and southern borders with the type of radioactive materials that could be used to make a dirty bomb.
Posing as private citizens, FSI investigators purchased sensitive military equipment – including ceramic body armor inserts, guided missile radar test sets, and microcircuits used in F-14 fighter aircraft — on the Internet from the Department of Defense’s liquidation sales contractor.
Using bogus driver’s licenses, FSI investigators successfully gained entry to all 24 Department of Transportation regulated urine collection sites that FSI tested, which are responsible for providing drug testing of commercial truck drivers in safety sensitive transportation positions.
Using false documents and an erroneous IRS taxpayer identification number, FSI pretended to be a charity and successfully applied to three of the Combined Financial Campaign’s local 2006 campaigns.
Seems to me I remember not so long ago hearing about a GAO investigation into how certain nuclear facilities were made aware of the red team events upcoming and thusly armed up and became “vigilent” for the teams. A secondary visit though showed that they were complete ass clowns and were not protecting the nuclear fuel and waste in a commensurate fashion to their needs.
So, does it seem so inconcievable that these minimum wage TSA wankers would do anything else but CYA any way they can? I mean, we all have been through the airports and seen the “qualified applicants” that the TSA has harvested to “secure” our airports. Face it, where TSA is concerned we are screwed. Last report I saw TSA failed at least 2 out of three times at detection and prevention of simulated explosive devices getting through their gauntlet at our aiports.
Without a real effort at training and keeping people on the sharp edge here, then this is all just “security theater”… Nothing more.