WASHINGTON – Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., Friday said the information controls of a crucial border security program that tracks visitors to this country are so weak that terrorists could hack into and compromise the integrity of the entire system.
Lieberman’s comments came as the Government Accountability Office released a report that Lieberman requested on the information security of the US-VISIT databases. The US-VISIT program collects sensitive information about all people crossing U.S. borders by air, land, or sea as a means of tracking terrorists and other criminals. GAO said that hackers could gain access to numerous federal databases and delete or change visitor records.
“The security flaws GAO discovered in this critical border security program jeopardize the integrity of the program and could make it easier for terrorists to enter the country,” Lieberman said. “DHS is spending $1.7 billion of taxpayer money on a program to detect potential terrorists crossing our borders yet it isn’t taking the most basic precautions to keep them from hacking into and changing or deleting sensitive information. DHS must immediately put the recommended controls in place to secure US-VISIT.”
The GAO found “significant information security control weaknesses” in all areas.
For example, the Customs and Border Protection division of DHS did not:
· Adequately identify and authenticate users in systems supporting US-VISIT;
· Sufficiently limit access to US-VISIT information and information systems;
· Ensure that controls adequately protected internal and external networks boundaries;
· Effectively implement physical security at several locations;
· Consistently encrypt sensitive data traversing the communication network; and
· Provide adequate logging or user accountability for the mainframe, work stations, or servers.
“These weaknesses collectively increase the risk that unauthorized individuals could read, copy, delete, add, and modify sensitive information, including personally identifiable information, and disrupt the operations of the US-VISIT program,” GAO said.
-30-