department of homeland security 2iÀfh ri … · department of homeland security ... dhs department...

Department of Homeland Security2IAgraveFHRIQVSHFWRUHQHUDO

Audit of Security Controls for DHS Information Technology Systems at DallasFort Worth

International Airport

OIG-14-132 September 2014

OFFICE OF INSPECTOR GENERAL Department of Homeland Security

Washington DC 20528 wwwoigdhsgov

September52014 MEMORANDUMFOR LukeJMcCormack

ChiefInformationOfficer

FROM RichardHarsche ActingAssistantInspectorGeneral

OfficeofInformationTechnologyAudits SUBJECT AuditofSecurityControlsforDHSInformationTechnology

SystemsatDallasFortWorthInternationalAirport AttachedforyourinformationisourfinalreportAuditofSecurityControlsforDHS InformationTechnologySystemsatDallasFortWorthInternationalAirportWe incorporatedtheformalcommentsfromtheTransportationSecurityAdministration theUSCustomsandBorderProtectionandtheUSImmigrationandCustoms Enforcementinthefinalreport Thereportcontains19recommendationsaimedatimprovingsecuritycontrolsforthe departmentrsquosinformationsystemsYourofficeconcurredwith18ofthe recommendationsAsprescribedbytheDepartmentofHomelandSecurityDirective 077Ͳ01FollowͲUpandResolutionsforOfficeofInspectorGeneralReport Recommendationswithin90daysofthedateofthismemorandumpleaseprovideour officewithawrittenresponsethatincludesyour(1)agreementordisagreement (2)correctiveactionplanand(3)targetcompletiondateforeachrecommendation Alsopleaseincluderesponsiblepartiesandanyothersupportingdocumentation necessarytoinformusaboutthecurrentstatusoftherecommendation TheOIGconsidersrecommendation6asunresolvedandopenBasedoninformation providedinyourresponsetothedraftreportweconsiderrecommendations215 and18resolvedandclosedWeconsidertheotherrecommendationsinthisreportto beresolvedbutopenOnceyourofficehasfullyimplementedtherecommendations pleasesubmitaformalcloseoutrequesttouswithin30dayssothatwemayclosethe recommendationsTherequestshouldbeaccompaniedbyevidenceofcompletionof agreedͲuponcorrectiveactions PleaseemailasignedPDFcopyofallresponsesandcloseoutrequeststo OIGITAuditsFollowupoigdhsgovUntilyourresponseisreceivedandevaluatedthe recommendationswillbeconsideredopen


ConsistentwithourresponsibilityundertheInspectorGeneralActwewillprovide copiesofourreporttoappropriatecongressionalcommitteeswithoversightand appropriationresponsibilityovertheDepartmentofHomelandSecurityWewillpost thereportonourwebsiteforpublicdissemination

PleasecallmewithanyquestionsoryourstaffmaycontactSharonHuiswoudDirector ofInformationSystemsDivisionat(202)254Ͳ5451 Attachment

wwwoigdhsgov 2 OIGͲ14Ͳ132

OFFICE OF INSPECTOR GENERAL

Department of Homeland Security

TableofContents ExecutiveSummary 1 Background 2 ResultsofAudit 3

TSADidNotComplyFullywithDHSSensitiveSystemsPolicies3 Recommendations 12 ManagementCommentsandOIGAnalysis13 CBPDidNotComplyFullywithDHSSensitiveSystemsPolicies16 Recommendations 20 ManagementCommentsandOIGAnalysis21 ICEDidNotComplyFullywithDHSSensitiveSystemsPolicies22 Recommendations 29 ManagementCommentsandOIGAnalysis30

Appendixes

AppendixAObjectivesScopeandMethodology34 AppendixBManagementCommentstotheDraftReport36 AppendixCDHSActivitiesatDallasFortWorthInternationalAirport42 AppendixDMajorContributorstoThisReport47 AppendixEReportDistribution48

Abbreviations

CBP USCustomsandBorderProtection CIO ChiefInformationOfficer CISO ChiefInformationSecurityOfficer CVE CommonVulnerabilitiesandExposures DFW DallasFortWorthInternationalAirport DHCP DynamicHostConfigurationProtocol DHS DepartmentofHomelandSecurity EDS ExplosiveDetectionSystem FAMS FederalAirMarshallService FAMSNet FederalAirMarshallServiceNetwork

wwwoigdhsgov OIGͲ14Ͳ132



FISMA FederalInformationSecurityManagementActof2002 GAO GovernmentAccountabilityOffice HSI HomelandSecurityInvestigations ICE USImmigrationandCustomsEnforcement ICS InfrastructureCoreSystem ISSO InformationSystemSecurityOfficer ISVM InformationSecurityVulnerabilityManagement IT informationtechnology LAN localareanetwork NOC NetworkOperationsCenter OCIO OfficeoftheCIO OIG OfficeofInspectorGeneral OneNet DHSOneNetwork OSC OfficeofSecurityCapabilities OWFPS OfficeoftheChiefInformationOfficerWorkstationswith

FileandPrintServers SAC SpecialAgentinCharge SOC SecurityOperationsCenter STIP SecurityTechnologyIntegratedProgram TSA TransportationSecurityAdministration TSANet TransportationSecurityAdministrationNetwork UPS uninterruptablepowersupply WFPS WindowsFileandPrintSystem




ExecutiveSummary WeauditedsecuritycontrolsforDepartmentofHomelandSecurityinformation technologysystemsatDallasFortWorthInternationalAirportFourDepartment componentsmdashtheManagementDirectorateTransportationSecurityAdministration USCustomsandBorderProtectionandUSImmigrationandCustomsEnforcementmdash operateinformationtechnologysystemsthatsupporthomelandsecurityoperationsat thisairport Ourauditfocusedonhowthesecomponentshaveimplementedcomputersecurity operationaltechnicalandmanagementcontrolsfortheirsystemsattheairportand nearbylocationsWeperformedonsiteinspectionsoftheareaswhereinformation technologysystemsandassetswerelocatedintervieweddepartmentalstaffand conductedtechnicaltestsofcomputersecuritycontrolsWealsoreviewedapplicable policiesproceduresandotherrelevantdocumentation Theinformationtechnologysecuritycontrolsimplementedatthesesiteshad deficienciesthatifexploitedcouldresultinthelossofconfidentialityintegrityand availabilityofthecomponentsrsquoinformationtechnologysystemsWeidentified numerousdeficienciesintheinformationtechnologysecuritycontrolsassociatedwith theTransportationSecurityAdministrationrsquosSecurityTechnologyIntegrationProgram systemForexamplephysicalsecurityandenvironmentalcontrolsforroomscontaining thissystemrsquosinformationtechnologyassetsneedimprovementFurtheronsiteservers forthissystemwerenotbeingscannedregularlyforvulnerabilitiesLastlytechnical securitycontrolsforCustomsandBorderProtectionandImmigrationandCustoms Enforcementinformationtechnologyresourcesalsoneedimprovement WehavebriefedthecomponentsandtheDepartmentrsquosChiefInformationSystems SecurityOfficerontheresultsofourauditWehavealsomade19recommendations addressingthecontroldeficienciesidentifiedinthisreportWehaveincludedacopyof theDepartmentrsquoscommentstothedraftreportintheirentiretyinappendixB




Background Wedesignedourauditsofinformationtechnology(IT)securitycontrolstoprovide seniorDepartmentofHomelandSecurity(DHS)officialswithtimelyinformationon whethertheyhadproperlyimplementedDHSITsecuritypoliciesatcriticalsitesOur programisbasedonDHSSensitiveSystemsPolicyDirective4300Aversion100which providesdirectiontoDHScomponentmanagersandseniorexecutivesregardingthe managementandprotectionofsensitivesystemsThisdirectiveandanassociated handbookoutlinepoliciesonoperationaltechnicalandmanagementcontrols necessarytoensureconfidentialityintegrityandavailabilitywithintheDHSIT infrastructureandoperationsThesecontrolsaredefinedasfollows bull OperationalControlsndashFocusonmechanismsprimarilyimplementedand

executedbypeopleForexampleoperationalcontrolmechanismsinclude physicalaccesscontrolsthatrestricttheentryandexitofpersonnelfroman areasuchasanofficebuildingdatacenterorroomwheresensitive informationisaccessedstoredorprocessed

bull TechnicalControlsndashFocusonsecuritycontrolsexecutedbyinformation

systemsThesecontrolsprovideautomatedprotectionfromunauthorized accessfacilitatedetectionofsecurityviolationsandsupportapplicationsand datasecurityrequirementsForexampletechnicalcontrolsincludeapassword systemwhichperformsanauthenticationprocess

bull ManagementControlsndashFocusonmanagingboththesysteminformation

securitycontrolsandsystemriskThesecontrolsincludeperformingrisk assessmentsdevelopingRulesofBehaviorandensuringthatsecurityisan integralpartofboththesystemdevelopmentandprocurementprocesses

WeauditedsecuritycontrolsforITsystemsthatsupporthomelandsecurityoperations ofDHSManagementDirectorateTransportationSecurityAdministration(TSA) USCustomsandBorderProtection(CBP)andUSImmigrationandCustoms Enforcement(ICE)atDallasFortWorthInternationalAirport(DFW)AsaCategoryX airportDFWhasalargenumberofpassengerboardingsprocessingapproximately 58millionpassengers(158375passengersdaily)in20111 SeeappendixCforspecificdetailsofDHSactivitiesatDFWbycomponent

1TherearefivecategoriesofairportsmdashXIIIIIIandIVCategoryXairportshavethelargestnumberof passengerboardingsandcategoryIVairportshavethesmallestnumber




ResultsofAudit

TSADidNotComplyFullywithDHSSensitiveSystemsPolicies

TSAdidnotcomplyfullywithDHSoperationaltechnicalandmanagement policiesforitsserversandswitchesoperatingatDFWSpecificallyphysical securityandenvironmentalcontrolsfornumerousTSAserverroomswere deficientAdditionallyTSAdidnothaveredundantdatatelecommunications linesprovidingservicetoitsDFWfacilitiesFurtherTSAhadnotdocumentedthe ITassetsorinterconnectionsrelatedtotheSecurityTechnologyIntegrated Program(STIP)Collectivelythesedeficienciesplaceatrisktheconfidentiality integrityandavailabilityofthedatastoredtransmittedandprocessedbyTSA atDFW OperationalControls WeauditedthesecuritycontrolsforTSAserverroomsandcommunications closetscontainingITassetsatDFWandatthesharedTSAFederalAirMarshall Service(FAMS)facilityinCoppellTXWedeterminedthatonsite implementationofoperationalcontrolsdidnotconformfullytoDHSpolicies Thesedeficienciesexistinphysicalsecurityhousekeepingandstorage electronicpowersupplyprotectionandtemperaturecontrolsAdditionally TSArsquosITassetsatDFWdidnothaveredundantdatatelecommunications

PhysicalSecurity VisitorsignͲinsheetswerenotpresentinsevenofnineSTIPExplosiveDetection System(EDS)serverroomsAdditionallyTSAhadnotadequatelysecuredseveral serverroomsandcommunicationsclosetscontainingSTIPassetsForexample airlineemployeeswereusingtworoomscontainingSTIPEDSserversasbreak roomsBothroomscontainednonͲDHSrefrigeratorsmicrowavesandTVsThe serverrackswerebeingusedtostoreblanketsandprovideelectricalpower AdditionallythedoorlockforoneroomwasdisabledwithducttapeFigures1a through1fshowdeficienciesobservedattheselocations




Figure1a Figure1b Figure1c DuctTapeonSTIP BlanketsStored NonͲDHSEquipment EDSServerRoom inSTIPRack inSTIPEDSServerRoom

Figure1d Figure1e Figure1f Smartphone STIPEDSServerRoom STIPEDSServerCabinet Poweredbya withAccessfrom UsedforNonͲDHSstorage STIPRack BaggageConveyerBelt AccordingtotheDHS4300ASensitiveSystemsHandbookversion10

Controlsfordeterringdetectingrestrictingandregulatingaccessto sensitiveareasshallbeinplaceandshallbesufficienttosafeguard againstpossiblelosstheftdestructiondamagehazardousconditions firemaliciousactionsandnaturaldisasters

Physicalsecurityvulnerabilitiesthatarenotmitigatedplaceatriskthe confidentialityintegrityandavailabilityofTSAdataForexampleunauthorized accesstoTSAserverroomsmayresultinthelossofITprocessingcapabilityused inthescreeningofpassengersandbaggagefordepartingflights




TSAhastakenactionstoresolvethesereporteddeficienciesAccordingtoTSA theairlineemployeesrsquoaccesstothetwoSTIPEDSserverroomshasbeen removedAdditionallyTSAhascreatedakeylockmanagementprocessfor theseSTIPEDSserverrooms

HousekeepingandStorage

TSAserverroomsandcommunicationsclosetscontainedexcessstorageitems paintandcleaningsuppliesDuringourfieldworkTSAstaffremovedpaintcans fromaFAMSlocationAdditionallytheSTIPEDSserverroomscontainedtrash andworkareasweredusty(Seefigures2athrough2cfordetails)

Figure2a Figure2b Figure2c PaintCansinServerRoom DustCoveredSTIP TrashinSTIPEDS Workstation ServerRoom AccordingtotheDHS4300ASensitiveSystemsHandbook x Dustingofhardwareandvacuumingofworkareasshouldbeperformed

weeklywithtrashremovalperformeddailyDustaccumulationinsideof monitorsandcomputersisahazardthatcandamagecomputer hardware

Housekeepingandstoragevulnerabilitiesthatarenotmitigatedplaceatriskthe availabilityofTSAdataForexamplecomputerhardwaredamagedbydustand debrismaynotbeavailableforTSArsquospassengerandbaggagescreening processes

ElectronicPowerSupplyProtection Uninterruptiblepowersupply(UPS)forTransportationSecurityAdministration Network(TSANet)InfrastructureCoreSystem(ICS)STIPandFederalAir MarshalServiceNetwork(FAMSNet)systemsatfourof12serverrooms




reviewedshowedwarninglightssignalingthatthebatteryneededtobereplaced orthatthebatterywasbeingbypassed AccordingtotheDHS4300ASensitiveSystemsHandbook

Electricalpowermustbefilteredthroughanuninterruptiblepower supply(UPS)systemforallserversandcriticalworkstationsSurge suppressingpowerstripsmustbeusedtoprotectallothercomputer equipmentfrompowersurges

Electricalpowersupplyvulnerabilitiesthatarenotmitigatedplaceatriskthe availabilityofTSAdataForexampleTSAserversthatarenotconnectedtoa workingUPSmaynotbeoperationalfollowingapoweroutage AccordingtoTSA22failingUPSdeviceswerereplacedacrossthreesystems (FAMSNetTSANetandICS)toimprovepowerprotectionandensurepolicy compliance

EnvironmentalControls AllTSAserverroomsexceededthetemperaturerangesestablishedbyDHS policiesAdditionallyseveraloftheserverroomsdidnotcontaintemperatureor humiditysensorsHowevertheTSAserverroomswerewithinhumidityranges establishedbyDHSpoliciesTable1providesthetemperatureandhumidity readingsforeachlocation




Table1TSAServerRoomsTemperatureandHumidityAverages

Location RecommendedTemperature 60ndash70DegreesFahrenheit

Recommended Humidity 35ndash65

OfficeofInspector General(OIG)

Average

TSA Reading

OIG Average

TSA Reading

FAMSCoppell 707 68 565 NoSensor ICSCoppell 751 72 407 41 ICSSTIPTerminalB 733 74 432 38 STIPTerminalBRoom2 752 66 497 NoSensor STIPTerminalA 779 No

Sensor 413 NoSensor

STIPTerminalCRoom1 788 76 51 NoSensor STIPTerminalCRoom2 7873 75 578 NoSensor STIPTerminalERoom1 848 No

Sensor 549 NoSensor

STIPTerminalERoom2 776 75 541 59 STIPTerminalERoom3 769 83 506 NoSensor STIPTerminalDRoom1 756 No

Sensor 496 NoSensor

STIPTerminalDRoom2 758 No Sensor 420 NoSensor

TemperaturereadingsinredexceededtheDHSrecommendedtemperature FurtheroneSTIPEDSserverroomcontainedanonͲDHSheaterinsideaserver rack(Seefigure3fordetails)




Figure3NonͲDHSHeaterinSTIPEDSRack

AccordingtotheDHS4300ASensitiveSystemsHandbook x Temperaturesincomputerstorageareasshouldbeheldbetween60and

70degreesFahrenheit x Humidityshouldbeatalevelbetween35percentand65percent

Hightemperaturescandamagesensitiveelementsofcomputersystems ThereforeTSAshouldmonitorandadjustserverroomtemperatureaccordingly

RedundantDataTelecommunicationsServices

TSAhadnotestablishedredundanttelecommunicationsservicesatitsCoppell facilityoratDFWSpecificallywhiletherewasadatatelecommunicationscircuit foreachserverroomattheCoppellfacilityandeachterminalatDFWTSAhad notconfiguredthesecircuitstoprovideredundancyAsaresultperformanceof missionactivitiesattheselocationswasvulnerabletodisruptionsintheeventof adatatelecommunicationscircuitfailure AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentMTailoring NationalInstituteofStandardsandTechnology(NIST)SP800Ͳ53Security Controlsv91xls

RiskandInfrastructurendashAriskͲbasedmanagementdecisionismadeon therequirementsfortelecommunicationservicesTheavailability requirementsforthesystemwilldeterminethetimeperiodwithinwhich thesystemconnectionsmustbeavailableIfcontinuousavailabilityis requiredredundanttelecommunicationsservicesmaybeanoption




Redundantdatatelecommunicationsservicesvulnerabilitiesthatarenot mitigatedplaceatrisktheavailabilityofTSAdataForexampleifthereisa servicedisruptionontheonetelecommunicationslineITsystemsmaynotbe availableforTSArsquospassengerandbaggagescreeningprocesses AccordingtoTSAstaffTSAdetermineditisnotnecessarytoinstallredundant datacircuitsforeachoftheindividualcircuitsalreadyatDFWbecauseTSAhas seventelecommunicationsdatacircuitsprovidingconnectivitytotheFSDOffice FAMSFieldOfficeandfiveDFWterminals TechnicalControls TSArsquosimplementationoftechnicalcontrolsforsystemsoperatingatDFWdidnot conformfullytoDHSpoliciesForexampleOfficeofSecurityCapabilities(OSC) hadnotimplementedaprocesstoreportSTIPͲrelatedcomputersecurity incidentstotheTSASecurityOperationsCenter(SOC)AdditionallyTSAhadnot resolvedinatimelymanneridentifiedpatchmanagementvulnerabilitieson FAMSNetandICSserversatDFWFurtherTSAwasnotscanningSTIPEDS serversatDFWforvulnerabilities

STIPComputerSecurityIncidents OSChadnotestablishedprocedurestoreportSTIPͲrelatedcomputersecurity incidentstoTSASOCAccordingtoTSAstaffifSTIPusersidentifyaproblem theyreportittoacontractorͲoperatedTSAServiceResponseCenterTherewere noproceduresinplaceforthiscentertoreportcomputersecurityincidentsto TSASOC AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentFIncident ResponseandReporting

AllusersofDHSinformationsystemsincludingsystemandnetwork administratorsandsecurityofficershavethefollowingresponsibilities

bull ReportincidentstoComponentSOCsimmediatelyuponsuspicionor

recognition STIPcomputersecurityincidentsthatarenotreportedtoTSASOCplaceatrisk theconfidentialityintegrityandavailabilityofTSAdataSpecificallywithout adequatereportingTSASOCmaynotbeabletoeffectivelycoordinateincident




responseandinitiateincidentevaluationprocessestoaSTIPͲrelatedcomputer securityincident

PatchManagement InDecember2013weobservedTSAstaffscanningtwoFAMSNetandsixICS serverslocatedatDFWforvulnerabilitiesThesetechnicalscansdetectedhigh vulnerabilitiesontheeightserversAdditionallyfouroftheservershadacritical vulnerabilityInadditionpatchinformationforsomevulnerabilitieswas publishedmorethanoneyearbeforethescanswereperformedFurtherTSA hadprovidedvulnerabilityassessmentreportstoDHSforonlyfiveoftheeight serversidentifiedatDFWTable2providesthenumberofvulnerabilitiesby server

Table2CriticalandHighVulnerabilitiesby CommonVulnerabilitiesandExposures(CVE)

TSA

Server Name

TotalNumber ofCritical

Vulnerabilities

TotalNumber ofUniqueHigh Vulnerabilities2

Total Numberof Highor

CriticalCVEs3

DateofLast Vulnerability ScanReportto

DHS Server1 0 2 1 12192013 Server2 1 10 15 12192013 Server3 1 6 3 12192013 Server4 0 2 1 NotReported Server5 1 9 14 NotReported Server6 1 6 3 NotReported Server7 0 2 2 12192013 Server8 0 1 1 12192013

AccordingtoDHS4300ASensitiveSystemsHandbook

Informationsecuritypatchesshallbeinstalledinaccordancewith configurationmanagementplansandwithinthetimeframeordirection

2ThescanningsoftwareprovidesadescriptionofthevulnerabilitiesSeveralCVEsmayhavethesame vulnerabilitydescriptionAdditionallythevulnerabilitymaynothaveanassociatedCVEsuchas ldquoAntiVirusSoftwareCheckrdquo 3AccordingtoNationalInstituteofStandardsandTechnologyInteragencyReport7298Revision1 GlossaryofKeyInformationSecurityTermsCVEisadictionaryofcommonnamesforpubliclyknown informationsystemvulnerabilities




statedintheInformationSecurityVulnerabilityManagement(ISVM) message

AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentO VulnerabilityManagementProgram

Detailedvulnerabilityassessmentscanschedulesandresultsmustbe providedtotheDHSVulnerabilityManagementBranchinordertosatisfy FederalInformationSecurityManagementActrequirementsfor enterpriseͲwidesecuritysituationalawarenessofassetsandrisks

FurtherTSAwasnotscanningforvulnerabilitiesontheSTIPEDSserversatDFW AccordingtoTSAstaffSTIPEDSserverssimilartothoseatDFWwerescanned inJune2013Thosescansdeterminedthatthevendordidnotsupportsome systemsoftwareandothersoftwaredidnotcontainthelatestsecuritypatches Thosescansalsoreportedmorethan79highvulnerabilitiesontheSTIPdevices AccordingtoDHSSensitiveSystemsPolicyDirective4300A

Componentsshallmanagesystemstoreducevulnerabilitiesthrough vulnerabilitytestingandmanagementpromptlyinstallingpatchesand eliminatingordisablingunnecessaryservices

Servervulnerabilitiesthatarenotmitigatedplaceatrisktheconfidentiality integrityandavailabilityofTSAdataForexampleoneoftheunpatched vulnerabilitieswouldallowarbitrarycodeexecutiononTSArsquosinformation systems AccordingtoTSAstaffseveraloftheidentifiedvulnerabilitieswereconsidered tobelsquofalseͲpositiversquoorduplicates4ForexampleaccordingtoTSAstaffone falseͲpositivewasaresultofidentifyinganapplicationthatwasnotinuse AdditionallyTSAhasresolvedseveraloftheidentifiedvulnerabilitiesandhas remediationplansfortheremaining ManagementControls TSArsquosmanagementcontrolsforsystemsoperatingatDFWdidnotconformfully toDHSpoliciesSpecificallyOSChadnotestablishedinterconnectionsecurity agreementstodocumenttheSTIPconnectionstononͲDHSbaggagehandling

4AfalseͲpositiveisavulnerabilitythatdoesnotactuallyexistbutiscountedinameasurement




systemsAccordingtoTSAiftheSTIPsoftwareoraTSAscreenerdetermines thatanindividualbagisnotconsideredhazardoustheSTIPEDSdevicesendsa signaltothebaggagehandlingsystemtoallowthebagtocontinueontothe baggagehandlingsystemAdditionallytheSTIPsystemsecurityplanwhichisa securityauthorizationprocessdocumentdidnotdescribetheserversswitches andworkstationsassociatedwiththesystem AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentN PreparationofInterconnectionSecurityAgreements

AnISA[InterconnectionSecurityAgreement]isrequiredwheneverthe securitypoliciesoftheinterconnectedsystemsarenotidenticalandthe systemsarenotadministeredbythesameAuthorizingOfficial

AccordingtoDHS4300ASensitiveSystemsHandbooktheAuthorizingOfficial

Ensuresnewhardwareandsoftwareproductshavebeenapprovedand documentedintheSecurityAuthorizationProcessdocumentation

Undocumentedinterconnectionsecurityagreementsplaceatriskthe confidentialityintegrityandavailabilityofTSAdataForexamplethesecurity protectionsthatmustoperateoninterconnectedsystemsmaynotbe establishedwithoutaninterconnectionsecurityagreement Securityauthorizationistheofficialmanagementdecisiontoauthorizeoperation ofaninformationsystemSecurityauthorizationinvolvescomprehensivetesting andevaluationofsecurityfeaturesandaddressessoftwareandhardware securitysafeguardsTheAuthorizingOfficialwillnotbeabletomakean informeddecisionaboutthesecurityofasystemifthesystemrsquoshardware inventoryisincomplete Recommendations WerecommendthattheTSAChiefInformationOfficer(CIO) Recommendation1 ComplywithDHSpolicyconcerningphysicalsecuritytemperaturehousekeeping andelectronicpowersupplyprotectionatlocationsatDFWthatcontainTSAIT assets




Recommendation2 Determinewhetheritisnecessaryandcosteffectivetoestablishredundantdata telecommunicationsservicesatTSArsquosCoppellfacilityandDFWterminal locations Recommendation3 EstablishaprocesstoreportSTIPcomputersecurityincidentstoTSASOC Recommendation4 ScanTSAserversannuallyandresolveidentifiedvulnerabilitieswithinthe timeframeordirectionstatedintheInformationSecurityVulnerability ManagementmessagepublishedbyDHSSOC Recommendation5 ProviderequiredvulnerabilityassessmentreportstotheDHSVulnerability ManagementBranch Recommendation6 Establishinterconnectionsecurityagreementstodocumenttheinterconnection betweenSTIPandnonͲDHSbaggagehandlingsystems Recommendation7 DocumentinthesystemsecurityplantheSTIPserversswitchesand workstations ManagementCommentsandOIGAnalysis WeobtainedwrittencommentsonadraftofthisreportfromtheAssistant DirectorDepartmentalGovernmentAccountabilityOffice(GAO)OIGAudit LiaisonWehaveincludedacopyofthecommentsintheirentiretyinappendix BDHSconcurredwithrecommendations1through5and7DHS nonͲconcurredwithrecommendation6AdditionallyTSAprovided documentationtosupporttheresolutionandclosureofrecommendation2 FurtherTSAhasalreadytakenactionstoresolvereporteddeficiencieswith




recommendations13through5and7Weconsiderthese recommendationsresolvedbutopenpendingverificationofplannedactions Recommendation1 TSAconcurredandinitiatedaprojectatDFWin2013toreplacefailingUPS devicesTSAhasremediationplanstoresolvetheelectricalsupplydeficiency TheremainingsixUPSswererefreshedAdditionallyFAMS temperaturehumiditysensorsareinplaceandfunctionalDocumentation illustratingremediationofseveralhousekeepingconcernswasprovidedtoOIG HowevertocompletetherecommendationTSAmustsecurethecooperationof thirdpartiesatDFWTSAwillworkwiththesethirdpartiestoclosethe recommendation TSArsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilTSAprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted Recommendation2 TSAconcurredwiththisrecommendationTSAhasdeterminedthatitwouldnot becosteffectivetoimplementtheredundanciesTSArequestedthatOIGclose recommendation2 TSArsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedandclosed Recommendation3 TSAconcurredwiththisrecommendationTSArsquosCybersecurityAwarenessand OutreachSupportTeamwillreachouttotheDFWTSAstafftoappropriately trainthosepersonnelonthecorrectincidentreportingprocessTheestimated completiondateisJune302015 TSArsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilTSAprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted




Recommendation4 TSAconcurredwiththisrecommendationAccordingtoTSAserversarescanned onamonthlybasisandtheresultsordatafeedsaresubmittedtotheDHS VulnerabilityManagementBranchEvidenceofreportscanbeprovidedas requestedTSAsupportstheDHSInformationSecurityVulnerability ManagementprogrambyresolvingvulnerabilitiesasdirectedbyDHSSOCto AlertsandBulletinsAdditionallyTSArequestedthatOIGconsiderthis recommendationresolvedandclosed HoweverTSAhasnotprovideddocumentationthattheSTIPEDSserversatDFW arebeingscannedonamonthlybasisAdditionallyTSAhasnotprovided documentationthatactionshavebeentakentoresolvethevulnerabilities identifiedontheICSservers TSArsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilTSAprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted Recommendation5 TSAconcurredwiththisrecommendationAccordingtoTSAserversarescanned onamonthlybasisandtheresultsordatafeedsaresubsequentlysubmittedto theDHSVulnerabilityManagementBranchEvidenceofreportswillbeprovided toOIGuponrequestTSArequestedthatOIGconsiderthisrecommendation resolvedandclosed HoweverTSAhasnotprovideddocumentationthatvulnerabilitiesassociated withtheSTIPEDSserversatDFWarebeingreportedTSArsquosactionssatisfythe intentofthisrecommendationWeconsiderthisrecommendationresolvedbut itwillremainopenuntilTSAprovidesdocumentationtosupportthatthe plannedcorrectiveactionsarecompleted Recommendation6 TSAnonͲconcurredwiththisrecommendationAccordingtoTSAtheSTIPdoes nothaveaninterconnectionwithnonͲDHSbaggagehandlingsystemsand thereforeaninterconnectionsecurityagreementisnotneededTSArequested thatOIGconsiderthisrecommendationresolvedandclosed




HoweverduringtheauditTSAprovideddocumentationthattheseconnections dooccurThedocumentationdetailsthetypesofconnectionsbetweenSTIPEDS andtheBaggageHandlingSystemaswellasthedatatransmittedbetweenthe twosystemsWeconsiderthisrecommendationunresolvedandopenitwill remainunresolvedandopenuntilTSAprovidesacorrectiveactionplan Recommendation7 TSAconcurredwiththisrecommendationAccordingtoTSAtheSTIPEDSserver andendpointinventorywillbeassessedduringtheSecurityAuthorization processduring2014о2015andshallbeaddedasanartifactintheDHS informationAssuranceComplianceSystemwheretheSecurityPlanisalso storedTheestimatedcompletiondateisJune302015 TSArsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilTSAprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted CBPDidNotComplyFullywithDHSSensitiveSystemsPolicies

CBPdidnotcomplyfullywithDHSoperationaltechnicalandmanagement controlsSpecificallythetwoCBPserverroomsauditedexceededtemperature rangesestablishedbyDHSpoliciesAdditionallyCBPhadnotimplemented knownpatchestoitsserversatDFWCBPalsohadnotappointedaninformation systemsecurityofficer(ISSO)fortheWindowsFileandPrintSystem(WFPS) Collectivelythesedeficienciesplaceatrisktheconfidentialityintegrityand availabilityofthedatastoredtransmittedandprocessedbyCBPatDFW OperationalControls CBPserverroomsandcommunicationsclosetsatDFWandthePortOfficeof DallaswerecleanandwellmaintainedFurtherCBPhadimplementedadditional physicalsecurityforITassetsinpublicareasHoweveronsiteimplementationof environmentalcontrolsthatdidnotconformfullytoDHSpoliciesincluded inadequatetemperatureandhumiditycontrolsforCBPrsquostwoserversrsquoroomsat DFW

PhysicalSecurityControls DuringourauditfieldworkweobservedthatCBPhadtakenadditionalstepsto securetheirITassetsinareasthatcouldbeaccessiblebythepublicSpecifically




CBPhadsecuredtheportsconnectingtothesedeviceswithahardwarelock (Seefigure4fordetails)

Hardware locks

Figure4HardwareLocksonLANPorts

EnvironmentalControls ThetwoCBPserverroomsexceededthetemperaturerangesestablishedbyDHS policiesAdditionallyoneofthetwoCBPserverroomsdidnotcontain temperatureorhumiditysensorsHoweverCBPserverroomswerewithin humidityrangesestablishedbyDHSpoliciesTable3providesthetemperature andhumidityreadingsforeachlocation

Table3CBPServerRoomsTemperatureandHumidityAverages

Location

Recommended Temperature

60ndash70DegreesFahrenheit

RecommendedHumidity

35ndash65 OIG

Average CBP

Reading OIG

Average CBP

Reading ConcourseD 738 NoSensor 4401 NoSensor PortOfficeofDallas 723 66 483 53 AccordingtoCBPofficialsrepairsweremadetotheairconditioneratthePort OfficeserverroomresolvingthisdeficiencyAdditionallybaseduponarequest byCBPtheDFWAirportAuthorityresolvedthetemperaturedeficiencyinthe ConcourseDserverroomFurtherCBPisworkingwithDFWAirporttoestablish monitoringandalertingfortemperaturesthatfalloutsideestablishedranges






Hightemperaturescandamagesensitiveelementsofcomputersystems ThereforeCBPshouldmonitorandadjusttheserverroomaccordingly

TechnicalControlsmdashPatchManagement InOctober2013weobservedCBPstaffscanserverslocatedatDFWfor vulnerabilities5Thesetechnicalscansdetectedcriticalandhighvulnerabilities onthefiveserversTable4providesthenumberofvulnerabilitiesforeach server

Table4CriticalandHighVulnerabilitiesbyCVE

CBP

Server Name

TotalNumberof Critical

Vulnerabilities

TotalNumberof UniqueHigh Vulnerabilities

Total Number ofHighor Critical CVEs


DHS

Server1 2 2 11 12192013 Server2 2 6 23 12192013 Server3 2 7 23 12192013 Server4 5 9 200 12192013 Server5 2 8 60 12192013 AccordingtoDHS4300ASensitiveSystemsHandbook


Servervulnerabilitiesthatarenotmitigatedplaceatrisktheconfidentiality integrityandavailabilityofCBPdataTheserisksallowarbitrarycodeexecution onCBPrsquosinformationsystems

5AccordingtotheDHSOfficeoftheChiefInformationSecurityOfficerCBPhadprovidedreportsof vulnerabilitiesforfiveoftheserversatDFW




DuringthecourseofourauditCBPtookactionstocorrectmanyoftheidentified vulnerabilitiesForexampleCBPremovedserver4fromthenetworkand installedthenecessarypatchestoresolvethecriticalvulnerabilitiesexceptfor onethatCBPconsidersalsquofalseͲpositiversquoAccordingtoCBPstaffthisfalseͲ positivewastheresultofthescanningsoftwarenotproperlyidentifyingthe versionofthetargetsystem ManagementControls CBPrsquosimplementationofmanagementcontrolsforsystemsoperatingatDFW didnotconformfullytoDHSpoliciesSpecificallysinceJanuary2013theWFPS hasbeenwithoutanISSOtoreceiveandmanageITsystemsecuritymatters AdditionallyCBPdoesnothavecentralizedstorageforSouthwestFieldlocal areanetwork(LAN)auditlogsbecausethereisinsufficientspacetostoreand maintaintheauditlogsHoweverCBPhasrecognizedtheauditlogstorage spaceissueasadeficiencyandhascreatedaplanofactionsandmilestonesto addressit FurtheraspartofourDFWfieldworkwerequestedtheimplementationstatus ofourpreviousDynamicHostConfigurationProtocol(DHCP)auditlog recommendation6SpecificallywereportedinJuly2013thatCBPwasnot reviewingtheautomatedDHCPservermessagesWerecommendedthatCBP assigntheresponsibilitytoreviewDHCPserverautomaticmessagesandLAN auditlogsAccordingtoCBPstafftheNetworkOperationsCenter(NOC)andthe DHSOneNetwork(OneNet)Securityteamsareverifyingthattheauditlogsare beingsenttotheNationalDataCenterInadditiontheOneNetSecurityteam hadcreatedastandardoperatingprocedureforthereviewandwasperforming weeklyreviewsFurthermoretheNOCISSOandtheOneNetsecurityteamplan toreviewtheauditlogs Howeverthetoolusedforcollectingunifyingstoringandautomatingsecurity logsandeventsforanalysisandreportingwasnotreceivingtherequireddata AccordingtotheCBPstaffhardwareandsoftwareneedtobeupgradedto assurethattheeventsaresenttotheNOCandOneNetSecurityTeamsAlso accordingtoCBPstaffwhileanewloggingsolutionhasbeenidentifiedthe solutionhasnotreceivedfundingandhasbeenplacedonthe2014unfunded requirementslistsCBPsubmittedawaiverrequesttotheDHSChiefInformation SecurityOfficer(CISO)toaccepttheriskInMarch2014DHSCISOapprovedthis

6TechnicalSecurityEvaluationofDHSActivitiesatHartsfieldͲJacksonAtlantaInternationalAirport(OIGͲ 13Ͳ104)July2013




waiver AccordingtoDHS4300ASensitiveSystemsHandbook

AnISSOshallbedesignatedforeveryinformationsystemandserveas thepointofcontactforallsecuritymattersrelatedtothatsystem

Componentsshallensurethatauditlogsarerecordedandretainedin accordancewiththeComponentrsquosRecordScheduleorwiththeDHS RecordsScheduleAtaminimumaudittrailrecordsshallbemaintained onlineforatleastninety(90)daysAudittrailrecordsshallbepreserved foraperiodofseven(7)yearsaspartofmanagingrecordsforeach systemtoallowauditinformationtobeplacedonlineforanalysiswith reasonableease

Managementcontrolvulnerabilitiesthatarenotmitigatedplaceatriskthe confidentialityintegrityandavailabilityofCBPdataForexamplewithout assigningtheresponsibilitytoanISSOcomponentsmaynotadequately implementandmaintainsystemsecuritycontrolsinaccordancewiththeDHS policies Recommendations

WerecommendthatCBPCIO

Recommendation8 Maintainthetemperatureandhumidityoftheidentifiedserverroomswithinthe temperatureandhumidityrangesestablishedbytheDHS4300ASensitive SystemsHandbook Recommendation9 Addressandresolveidentifiedvulnerabilitieswithinthetimeframeordirection statedintheInformationSecurityVulnerabilityManagementmessagepublished byDHSSOC Recommendation10 DesignateanISSOforWFPS




Recommendation11 StoremaintainandreviewasrecommendedbytheDHS4300ASensitive SystemsHandbook x x

WFPSauditlogsand DHCPauditlogs

ManagementCommentsandOIGAnalysis WeobtainedwrittencommentsonadraftofthisreportfromtheAssistant DirectorDepartmentalGAOOIGAuditLiaisonWehaveincludedacopyofthe commentsintheirentiretyinappendixBDHSconcurredwithrecommendations 8through11andhasalreadytakenactionstoresolvereporteddeficiencies Weconsidertheserecommendationsresolvedbutopenpendingverificationof plannedactions Recommendation8 CBPconcurredwiththisrecommendationCBPcorrectedthetemperatureinthe DallasPortOfficeLANRoomCBPalsocorrectedthetemperatureintheDFW AirportLANRoombyaskingDFWAirporttolowerthesetpointoftheroomto 68degreesFahrenheitCBPisworkingwithDFWAirportAuthoritytoestablish monitoringandalertingfortemperaturesthatfalloutsideestablishedranges withintheLANRoomTheestimatedcompletiondateisOctober312014 CBPrsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilCBPprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted Recommendation9 CBPconcurredwiththisrecommendationCBPplanstocontinuetopatch systemvulnerabilitiesinatimelymannerandwillensurethatoutstanding patchesareimplementedTheestimatedcompletiondateisDecember312014 CBPrsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilCBPprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted




Recommendation10 CBPconcurredwiththisrecommendationCBPplanstoprovideISSOdutiesto WFPSinitiallythroughexistingISSOresourceswhileacontractISSOisaddedto theexistingcontractOtheroptionsarebeingreviewedrelatedtoWFPS boundariesTheestimatedcompletiondateisNovember302014 CBPrsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilCBPprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted Recommendation11 CBPconcurredwiththisrecommendationCBPplanstostoremaintainand reviewWFPSauditlogswhenanISSOisassignedRegardingtheDHCPauditlogs CBPhassubmittedafundingrequestandispursuingthecapabilitytomeetthis requirementRemediationofthispartofthefindingwilldependuponfunding approvalwhichisexpectedtobedeterminedbytheendoffiscalyear2014 CBPrsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilCBPprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted ICEDidNotComplyFullywithDHSSensitiveSystemsPolicies ICEdidnotcomplyfullywithDHSoperationaltechnicalandmanagement operationalpoliciesforitsserversandswitchesoperatingatDFWForexample ICEhadnotimplementedknownpatchestoitsSpecialAgentinCharge(SAC) DallasandDFWAirportGroupserversandwasnotregularlyscanningitsservers atDFWAlsoICEhadnotincludedtheHomelandSecurityInvestigations(HSI) serversatDFWaspartofarecognizedFederalInformationSecurity ManagementAct(FISMA)inventoriedsystem7 AdditionallyoneICEserverroomdidnotcomplywithtemperatureranges establishedbyDHSpoliciesFurtherICEdidnotimplementredundantdata telecommunicationslinestoavoidsinglepointsoffailureatDFWandSACDallas sitesCollectivelythesedeficienciesplaceatrisktheconfidentialityintegrity andavailabilityofthedatastoredtransmittedandprocessedbyICEatDFW

7TheFederalInformationSecurityManagementActof2002(PL107Ͳ347)




OperationalControls ICEserverroomsandcommunicationsclosetsatDFWandSACDallasOfficewere cleanandwellmaintainedHoweveronsiteimplementationofoperations controlsdidnotconformfullytoDHSpoliciesForexamplethetemperaturein theDFWserverroomwasnotwithinthetemperaterangeasrecommendedby theDHS4300ASensitiveSystemsHandbookAdditionallytheICEsiteatDFWdid nothaveredundantdatatelecommunicationscapabilitytoavoidsinglepointsof failure

EnvironmentalControls OneofthetwoICEserverroomsexceededtemperaturerangesestablishedby DHSpoliciesAdditionallyoneofthetwoICEserverroomsdidnotcontain temperatureorhumiditysensorsHowevertheICEserverroomswerewithin humidityrangesestablishedbyDHSpoliciesTable5providesthetemperature andhumidityreadingsforeachlocation

Table5ICEServerRoomsTemperatureandHumidityAverages

Location

RecommendedTemperature 60ndash70DegreesFahrenheit

RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE

Reading SACDallasServer Room 738 69 383 51

DFWStorageArea ServerCabinet 775 NoSensor 425 NoSensor



8WemeasuredtheaveragetemperaturefortheSACDallasServerRoomas728degreesFahrenheit Howevertheheatingventilationandairconditioning(HVAC)systemwasmomentarilyshutoffto facilitatetheauditteamsitevisitaccountingforthetemperaturevariation




TheaveragetemperaturefortheDFWareacontainingtheICEservercabinetdid notmeetDHStemperaturerequirementsat775degreesFahrenheitFurther ICEdidnothavetemperatureorhumiditysensorspresentintheroom AccordingtoICEstaffthetemperatureintheDFWstoragearealocationwhere theservercabinetislocatedwasmanagedbytheDFWAirportBoard Hightemperaturescandamagesensitiveelementsofcomputersystems ThereforeICEshouldmonitorandadjusttheserverroomtemperature accordingly

DataTelecommunicationsServices ICEhadnotestablishedredundanttelecommunicationsservicesatitsSACDallas orDFWfacilitiesSpecificallyonlyasingletelecommunicationslineservesthe HSIAirportGroupAdditionallywhiletheSACDallasofficeisservedbymultiple circuitsthecircuitsarefromasinglevendorandmaylackdiverseroutingto providesufficientlyalternatetelecommunicationsserviceAsaresultmissionͲ criticalactivitiesattheselocationsarevulnerabletodisruptionintheeventofa datatelecommunicationsfailure AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentMTailoring NISTSP800Ͳ53SecurityControlsv91xls


AdditionallyweobservedanICEdatatelecommunicationslineatDFWlocated inasharedwiringclosetwithanexistingconnectionofDHSOneNetforCBPThe monthlycostforthiscircuitisapproximately$330Theremaybepotentialcost savingsiftheDHSOneNetconnectionwereusedbybothCBPandICE Redundantdatatelecommunicationsservicesvulnerabilitiesthatarenot mitigatedplaceatrisktheavailabilityofICEdataForexampleifthereisa servicedisruptionontheonetelecommunicationslineITsystemsmaynotbe availableforICErsquospassengerscreeningprocesses




TechnicalControls ICEimplementationoftechnicalcontrolsforsystemsoperatingatDFWdidnot conformfullytoDHSpoliciesForexampleidentifiedvulnerabilitiesonICE serverswerenotbeingresolvedinatimelyfashionAlsoICEwasnotregularly scanningforvulnerabilitiesonICEHSIserversatDFWFurtheraninsecure communicationsprotocolwasavailableonanICEserver

PatchManagement InOctober2013weobservedICEsecurityoperationscenterstaffperforma vulnerabilityscanonitsfourserversinuseatSACDallasandDFWThesescans identifiedatotalofninehighvulnerabilitiesTable6providesthenumberof vulnerabilitiesforeachserverAdditionallyICEhadprovidedreportsof vulnerabilitiestoDHSforonlythreeofthefourserversidentifiedatDFW

Table6HighVulnerabilitiesbyCVE

ICEServer Name


TotalNumber ofHighCVEs

DateofLast VulnerabilityScan ReporttoDHS

Officeof theChief Information Officer (OCIO) Server1

1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported

AccordingtotheDHSSensitiveSystemsPolicyDirective4300A







Servervulnerabilitiesthatarenotmitigatedcouldcompromisethe confidentialityintegrityandavailabilityofICEdataIftheidentifiedsecurity vulnerabilitiesarenotaddressedtheycouldleadtotheintroductionof maliciouscodeorunauthorizedaccesstoICEinformationsystems ICEhastakenactionandimplementedpatchestoresolvetheidentifiedhigh vulnerabilities

HSIServersWereNotRegularlyScannedforVulnerabilities ICEhadnotscannedtheHSIelectronicsurveillanceserversthatareisolatedfrom theDHSOneNet9 AccordingtotheDHS4300ASensitiveSystemsHandbook

Componentsshallconductvulnerabilityassessmentsandortestingto identifysecurityvulnerabilitiesoninformationsystemscontaining sensitiveinformationannuallyorwheneversignificantchangesaremade totheinformationsystems

WereportedinJuly2013thatICEwasnotregularlyscanningHSIrsquoselectronic surveillancesystemsforvulnerabilitiesandrecommendedthatICEscanservers atHartsfieldͲJacksonAtlantaInternationalAirportandtheSACAtlantaoffice annually10ICEhasmadeprogressinvulnerabilityscanningfortheDHSOneNet connectedsegmentoftheHSIcommunicationsurveillanceandanalysissystem HoweverICESOCdidnotperformavulnerabilityassessmentforHSIservers isolatedfromtheDHSOneNetFurtherICEhadnotimplementedvulnerability scanningforthestandaloneelectronicsurveillancesystem

9TheseserverswerenotincludedinourobservedOctober2013scansofICEservers 10Ibid




Proactivevulnerabilityscanningallowsforeffectivecountermeasuresfor improvingsecurityleadstofasterdetectionofvulnerabilitiesandreduces damagetobreachedsystemsAstheelectronicsurveillancesystemisnot connectedtotheDHSOneNettheprotectionofsensitivelawenforcementdata maybeatriskiftheserversarenotregularlyscannedforvulnerabilities

InsecureCommunicationsProtocol

AccordingtotheOctober2013vulnerabilityassessmentscanstheOCIOserver atDFWwasrunninganunencryptedtelnetprotocol AccordingtotheDHSSensitiveSystemsPolicyDirective4300A

TelnetshallnotbeusedtoconnecttoanyDHScomputerAconnection protocolsuchasSecureShell(SSH)thatemployssecureauthentication (twofactorencryptedkeyexchange)andisapprovedbytheComponent shallbeusedinstead

Servervulnerabilitiesthatarenotmitigatedcouldcompromisethe confidentialityofICEdataSpecificallytelnettransfersinformationinldquoclear textrdquo(unencryptedhumanͲreadabletext)whichallowsotherusersontheLAN tointerceptandreadthetraffic AccordingtoICEofficialstheinsecureprotocolwasadefaultsettingforthe remoteadministrationaccessthathadnotbeendisabledICEofficialshave reportedthatthetelnetvulnerabilitywasresolvedduringourauditfieldworkby disablingtelnetaccess ManagementControls ICEimplementationofmanagementcontrolsforsystemsoperatingatSACDallas andDFWfacilitiesdidnotconformfullytoDHSpoliciesSpecificallyICEhadnot individuallyaccountedfortheservershostingHSIrsquoscommunicationsanalysisand surveillancesystemsaspartofarecognizedsystemintheDepartmentrsquosFISMA inventoryFurtherthestandaloneelectronicsurveillancesystemwasnot includedinaFISMAinventory WereportedinJuly2013thatICEofficialsplannedtoincludetheHSIserversas partoftheICESubpoenaSystemaFISMAinventory11InNovember2013ICE

11Ibid




officialsreportedthattheywereimplementingtherecommendationand includedthecommunicationsanalysisandsurveillancesoftwareaspartofthe ICESubpoenaSystemsecurityplanHoweverICErsquosplanforinclusionofthe communicationsanalysisandsurveillancesoftwareintotheICESubpoena SystemsecurityplanislimitedtosoftwareICEofficialsdonotconsiderthe physicalserversaspartoftheICESubpoenaSystemAccordinglythe communicationsanalysisandsurveillanceserversarenotpartofaFISMA inventory AtDFWthephysicalserversusedforthecommunicationsanalysisand surveillancesystemareformerOCIOserversthatICErepurposedLocalOCIO staffcontinuetomaintainthephysicalserversfollowingrepurposingbut considertheserversrunningcommunicationsanalysisandsurveillancesoftware asownedbyHSI(Seefigure5fordetails)

Figure5AnHSICommunicationsAnalysisandSurveillanceSystemServerandOCIO

ServersintheSameRack





EveryDHScomputingresource(desktoplaptopserverportable electronicdeviceetc)shallbeindividuallyaccountedforaspartofa FISMAͲInventoriedinformationsystem

ICEofficialsreportedtakingstepstoincludethesurveillancesystemsserversas partofrecognizedFISMAͲinventoryInadditiontothephysicalserversforthe communicationsanalysisandsurveillancesystemthestandaloneelectronic surveillancesystemwillbeaddedtotheFISMAinventory Recommendations WerecommendthatICECIO

Recommendation12 MaintainserverroomsatDFWwithinDHSrsquorecommendedtemperatureranges Recommendation13 Determinewhetheritisnecessaryandcosteffectivetoestablishredundantdata telecommunicationsservicesattheSACDallasfacility Recommendation14 DeterminewhetheritwouldbecosteffectivetosharetheDHSOneNet connectioninthesharedCBPICEcommunicationscloset Recommendation15 Resolveidentifiedvulnerabilitieswithinthetimeframeordirectionstatedinthe InformationSecurityVulnerabilityManagementmessagepublishedbyDHSSOC

Recommendation16 ProviderequiredvulnerabilityassessmentreportstotheDHSVulnerability ManagementBranch




Recommendation17 ScantheICEserversattheSACDallassitesannuallyincludingHSIsystems separatedfromDHSOneNet Recommendation18 Useaconnectionprotocolthatemployssecureauthenticationordisable unnecessaryportsfromtheserver Recommendation19 IncludetheHSIsurveillancesystemserversinarecognizedFISMAͲinventoried system ManagementCommentsandOIGAnalysis WeobtainedwrittencommentsonadraftofthisreportfromtheAssistant DirectorDepartmentalGAOOIGAuditLiaisonWehaveincludedacopyofthe commentsintheirentiretyinappendixBDHSconcurredwithrecommendations 12through19AdditionallyICEhasprovideddocumentationtosupportthe resolutionandclosureofrecommendations15and18FurtherICEhas alreadytakenactionstoresolvereporteddeficiencieswithrecommendations 1213141617and19Weconsidertheserecommendations resolvedbutopenpendingverificationofplannedactions Recommendation12 ICEconcurredwiththisrecommendationICEplanstoworkwithCBPtorequest andcompletechangesnecessarywithDFWpartiestomaintaintheserverrooms withinDHSrsquorecommendedtemperaturerangesTheestimatedcompletiondate isSeptember302014 ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilICEprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted




Recommendation13 ICEconcurredwiththisrecommendationICEHSIplanstoreviewthepotential missionbusinessimpactiftheSACDallasFacilitylosesconnectivityAriskͲbased decisiontoestablishredundantdatatelecommunicationswillbemadeafterthe analysisiscompleteTheestimatedcompletiondateforthisrecommendationis December312014 ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilICEprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted Recommendation14 ICEconcurredwiththisrecommendationICEOCIOplanstoworkwithCBPto determineifitiscosteffectivetosharetheDHSOneNetConnectionintheDFW sharedCBPICEcommunicationsclosetTheestimatedcompletiondateforthis recommendationisDecember312014 ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilICEprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted Recommendation15 ICEconcurredwiththisrecommendationTherewereninevulnerabilitiesnoted intheauditreportICESOCremediatedandvalidatedthesenineidentified vulnerabilitiesbyDecember162013OnamonthlybasistheICEChief InformationSecurityOfficerandAuthorizingOfficialmeettoreviewISVM complianceovertheprevious60daysDuringthismeetingapprovaltocreatea planofactionandmilestonesforunmetISVMdatesareprovidedandora requestismadetopatchdeviceswithinaspecifiedtimeperiodScansweresent toOIGonDecember162013ICErequestedthatOIGconsiderthis recommendationresolvedandclosed ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedandclosed




Recommendation16 ICEconcurredwiththisrecommendationAnongoingscheduleforscanning OCIOWorkstationswithFileandPrintServers(OWFPS)OrganizationalUnitsona monthlybasiswhichincludesSACDallasandDFWhasbeendevelopedand implementedResultsofthescansareprovidedinICErsquosmonthlyreporttothe DHSvulnerabilityManagementBranchEvidenceofreportscanbeprovided separatelyA6ͲmonthforecastedVulnerabilityAssessmentTestscanschedule wascreatedandimplementedaspartofthetransitiontoanewvendorICE requestedthatOIGconsiderthisrecommendationresolvedandclosed WhileICEhasprovideddocumentationconcerningOWFPSICEhasnotprovided documentationconcerningvulnerabilityreportingforHSIsystemsseparated fromDHSOneNetICErsquosactionssatisfytheintentofthisrecommendationWe considerthisrecommendationresolvedbutitwillremainopenuntilICE providesdocumentationtosupportthattheplannedcorrectiveactionsare completed Recommendation17 ICEconcurredwiththisrecommendationAnongoingscheduleforscanning OWFPSOrganizationalUnitswhichincludesSACDallasandDFWhasbeen developedandimplementedA6ͲmonthforecastedVulnerabilityAssessment Testscanschedulewascreatedandimplementedaspartofthetransitiontoa newvendor ICEOCISOandICEHSIwilldetermineifscanningthestandaloneserversis appropriateTheserverscontainlawenforcementsensitivedatatherefore thereisaneedtoverifythatchainofcustodyrulesarenotviolatedbythescan Afterthedeterminationismadeeitheraplanofactionandmilestoneswillbe openedbyICEHSItodetermineproceduresforcoordinatingwithICESOCto scanICEHSIsystemsseparatefromDHSOneNetorICEOCISOwillassistICEHSI withcreatingawaiverrequestTheestimatedcompletiondateforthis recommendationisDecember312014 ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilICEprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted




Recommendation18 ICEconcurredwiththisrecommendationTheunsecureprotocoltelnetwasa defaultsettingfortheremoteadministrationaccessthathadnotbeendisabled OWFPSISSOsubmittedarequesttomanuallydisabletelnetontheSACandDFW serversICESOCranscansonDecember162013andvalidatedthattheissue wasremediatedICEprovidedscanresultstoOIGonDecember162013andthis remediationwasnotedintheauditreportICErequestedthatOIGconsiderthis recommendationresolvedandclosed ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedandclosed Recommendation19 ICEconcurredwiththisrecommendationICEOCISOiscurrentlyworkingwithICE HSItodetermineoptionsforincludingtheHSIsurveillancesystemserversintoa recognizedFISMApackageTheestimatedcompletiondateforthis recommendationisAugust312014 ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilICEprovides documentationtosupportthattheplannedcorrectiveactionsarecompleted




AppendixA ObjectivesScopeandMethodology TheDepartmentofHomelandSecurityOfficeofInspectorGeneralwasestablishedby theHomelandSecurityActof2002(PublicLaw107Ͳ296)byamendmenttotheInspector GeneralActof1978Thisisoneofaseriesofauditinspectionandspecialreports preparedaspartofouroversightresponsibilitiestopromoteeconomyefficiencyand effectivenesswithintheDepartment ThisauditispartofaprogramtoauditonanongoingbasistheimplementationofDHS technicalandinformationsecuritypoliciesandproceduresatDHSsitesTheobjectiveof thisprogramistodeterminetheextenttowhichcriticalDHSsitescomplywiththe Departmentrsquostechnicalandinformationsecuritypoliciesandproceduresaccordingto DHSSensitiveSystemsPolicyDirective4300AanditscompaniondocumenttheDHS 4300ASensitiveSystemsHandbookOurprimaryfocuswasonauditingthesecurity controlsovertheserversroutersswitchesandtelecommunicationscircuitscomprising DHSITinfrastructureatthissiteForexamplewerecordedtemperatureandhumidity atdifferentlocationsintheserverroomsandthenaveragedthesereadingsWealso recordedcomponenthumidityandtemperaturereadingsobtainedfromcomponent sensorsthatexistedintheroomsduringfieldworkWethencomparedthesereadings withDHSguidance WecoordinatedtheimplementationofthisauditofITsecuritycontrolswiththeDHS ChiefInformationSecurityOfficerWeinterviewedCBPICETSAandDHSOfficeofthe ChiefInformationSecurityOfficerstaffWeconductedsitevisitsofCBPICEandTSA facilitiesatandnearDFWWecomparedDHSITinfrastructurethatweobservedonsite withthedocumentationprovidedbytheauditees WereviewedInformationAssuranceComplianceSystemdocumentationsuchasthe authorityͲtoͲoperatelettercontingencyplansandsystemsecurityplansAdditionally wereviewedguidanceprovidedbyDHStothecomponentsintheareasofsystem documentationpatchmanagementandwirelesssecurityWereviewedapplicableDHS andcomponentsrsquopoliciesandproceduresaswellasgovernmentͲwideguidanceWe gavebriefingsandpresentationstoDHSstaffconcerningtheresultsoffieldworkand theinformationsummarizedinthisreport WeconductedthisperformanceauditbetweenSeptember2013andFebruary2014 pursuanttotheInspectorGeneralActof1978asamendedandaccordingtogenerally acceptedgovernmentauditingstandardsThosestandardsrequirethatweplanand performtheaudittoobtainsufficientappropriateevidencetoprovideareasonable




basisforourfindingsandconclusionsbaseduponourauditobjectivesWebelievethat theevidenceobtainedprovidesareasonablebasisforourfindingsandconclusions baseduponourauditobjectives WeappreciatetheeffortsofDHSmanagementandstafftoprovidetheinformationand accessnecessarytoaccomplishthisreviewTheprincipalOIGpointsofcontactforthe auditareRichardHarscheActingAssistantInspectorGeneralforInformation TechnologyAudits(202)254Ͳ4100andSharonHuiswoudDirectorInformation SystemsDivision(202)254Ͳ5451MajorOIGcontributorstotheauditareidentifiedin appendixD




AppendixB ManagementCommentstotheDraftReport



















AppendixC DHSActivitiesatDallasFortWorthInternationalAirport ManagementDirectorate TheManagementDirectoratersquosOfficeoftheChiefInformationOfficerprovides connectivityforDHScomponentsatDFWthrough bull DHSOneNetndashprovidesnetworkcommunicationsfortheDHSsensitivebut

unclassifiedenvironmentTheDepartmentrsquosgoalfortheDHSOneNetisto facilitatetheabilityofDHScomponentstosharedatabyintegratingcomponent networksintoasharednetworkinfrastructuretoincludenetworkoperations securityoperationsarchitectureandmanagementDHSOneNetsupports communicationandinteractionamongmanyorganizationalentitieswithinand outsideofDHSandhasbeendesignatedasaDHSmissionͲessentialsystemto performoneormoreofthecomponentsrsquomissionͲessentialfunctions

DHSOneNetequipmentatDFWlocationsislocatedwithinTSACBPandICEfacilities Wedidnotidentifyoperationaltechnicalormanagementcontroldeficienciesrelated toDHSOneNetequipment TransportationSecurityAdministration TSArsquosactivitiesincludescreeningpassengersandbaggageondepartingflightsatDFW TosupporttheseactivitiesTSAhasoperationsineachoftheDFWterminalsandata nearbyofficebuildingWeauditedITsecuritycontrolsatthefollowingTSAlocations bull OfficeoftheFederalSecurityDirectorCoppellTX bull OfficeofFAMSCoppellTX bull DFWTerminalsABCDandE TSAstaffattheselocationsusethefollowingsystems bull FAMSNetndashprovidestheITinfrastructuretosupporttheFAMSmissionFAMS

staffincludeslawenforcementofficersthathelptodetectdeteranddefeat hostileactstargetingUSaircarriersairportspassengersandcrewsFAMSNet supportsFAMSrsquooverallcriticalmissionbyprovidingInternetaccessaswellas internalaccesstoFAMSinformationsystemsincludingbutnotlimitedtoemail database(s)filesharingprintingandanumberofcriticaladministrativeand enforcementrelatedprogramsFAMSNetalsoprovidesacommunication




pathwaytothirdͲpartyandgovernmentnetworkssuchasthoseusedbyDHS TSAtheFederalAviationAdministrationandotherStateandlocallaw enforcemententitiesFAMSNethasbeendesignatedamissionͲessentialsystem

bull ICSndashprovidescoreservicesincludingfileandprintservicestotheentireTSA

usercommunityInfrastructureCoreSystemhasbeendesignatedamissionͲ essentialsystem

bull STIPndashcombinesmanydifferenttypesofcomponentsincludingtransportation

securityequipmentserversandstoragesoftwareapplicationproductsand databasesAuserphysicallyaccessesthetransportationsecurityequipmentto performscreeningorotheradministrativefunctionsSTIPͲenablementof transportationsecurityequipmentencompassesExplosiveTraceDetectorsEDS AdvancedTechnologyXͲrayAdvancedImagingTechnologyandCredential AuthenticationTechnologyTSArsquosOSCistheownerofSTIPSTIPhasnotbeen designatedamissionͲessentialsystem

bull TSANetndashprovidesconnectivityforairportsandtheirusersTSANetconsistsofa

geographicallydispersedwideͲareanetworkandeachsitersquosLANThenetworkis connectedtotheDHSOneNetandhasbeendesignatedamissionͲessential system

USCustomsandBorderProtection AtDFWCBPpersonnelstaffupto45primarypassengerlanesreviewflightdatafor terroristrelatedactivitiescollectdutiesandwhenCBPdiscoversaviolationoflaw assessfinesandcivilpenaltiesAdditionallyCBPstaffatnearbylocationsuseITassets toperformcargomanifestreviewandtargetingaswellasoutboundpassengerreview andtargeting WeauditedITsecuritycontrolsatthefollowingCBPlocations bull PortOfficeofDallasDallasFortWorthTX bull DFWConcourseD CBPstaffattheselocationsusethefollowingsystems bull SouthwestFieldLANndashprovidesthegeneralsupportnetworkinfrastructureand

endpointsforDHSCBPusersandelectroniccommunicationstoolswhich enablestheexecutionofofficialdutiesTheSouthwestFieldLANconsistsof331 geographicallydispersedsitesusing3423devicesconnectedtotheDHSOneNet




toprovideapplicationservicestoCBPfieldofficesTheSouthwestFieldLAN boundaryspanstheSouthwestandEastTexasOfficeofInformationTechnology FieldSupportRegionstoincludeArizonaNewMexicoTexasandOklahomaThe SouthwestFieldLANhasbeendesignatedamissionͲessentialsystem

bull CBPNOCndashmaintainstheperformancemanagementandadministration

capabilitiesoftheCBPcorenetworkandCBPfieldsitelocationsandthe underlyingsupportingenvironmentInadditionCBPNOCdeploysandmaintains anetworkmanagementsystemandasuiteofnetworkdevicesthatcollectand reportrealͲtimeinformationonthenetworkFurtherCBPNOCsystemenforces authorizationsforcontrollingtheflowofinformationwithinthesystemand betweeninterconnectedsystems(DHSOneNetandCBPFieldSites)in accordancewithCBPDHSSensitiveSecurityPolicyCBPNOChasbeen designatedamissionͲessentialsystem

x Windows7PCClient61ndashusedastheWindows7standarddesktopimagefor

CBPworkstationsTheimagedoesnotstoreanypersonallyidentifiable informationTheWindows7PCClient61consistsofasetofstandard configurationstobuildtheclientforWindows7installtheapplicationsoftware andconfigurethesystemaccordingtoDHSandCBPtechnicalstandards Windows7PCClient61hasnotbeendesignatedamissionͲessentialsystem

bull WFPSndashprovidesCBPwithfileandprintingservicesusingtheMicrosoftWindows

Server2008x64platformWFPShasnotbeendesignatedamissionͲessential system

bull TECSndashsupportsenforcementandinspectionoperationsforseveralcomponents

ofDHSandisavitaltoolforthelawenforcementandintelligencecommunities onthelocalStatetribalandFederalGovernmentlevels12TECScomprises severalsubsystemsthatincludeenforcementinspectionandintelligence recordsrelevanttotheantiterroristandlawenforcementmissionofCBPandthe otherFederalagenciesitsupportsTECShasbeendesignatedamissionͲessential system

12FormerlyknownastheTreasuryEnforcementCommunicationsSystemTECSisnolongeranacronym (effectiveDecember192008)andisprincipallyownedandmanagedbyCBP




USImmigrationandCustomsEnforcement ICEsOfficeofSACDallasTexasisresponsiblefortheadministrationandmanagement ofinvestigativeandenforcementactivitieswithinitsgeographicalboundariesWithin theSACDallasofficetheHSIAirportGroupisresponsiblefortheidentification disruptionanddismantlementoftransnationalcriminalorganizationsattemptingto exploitvulnerabilitieswithintheairtransportationsystematDFWTheHSIAirport GroupsareasofconcernatDFWinclude

x contrabandsmuggling x currencysmuggling x nationalsecurity x humansmugglingtrafficking x sexualtourism x insiderthreatand x thetheftandtraffickingofculturalheritageandart

TheHSIAirportGroupalsocoversinvestigationsfortheAddisonAllianceLoveField MeachamandMcKinneyairportsaswellassmallergeneralaviationlandingfieldsand facilitieswithintheHSIDallasareaofresponsibility WeauditedITsecuritycontrolsatthefollowingICElocations

x DFWInternationalAirportGroupfacilityDFWTerminalD x SACDallasOfficeIrvingTX

ICEstaffattheselocationsusethefollowingsystems bull OWFPSndashprovidesworkstationlaptopprintservicesandfileservicestoICE

programareasnationwidePrintserversallowICEuserstousenetworked printingThefileserversprovideanetworkedfilerepositoryforgroupsand usersOWFPSincludesworkstationslaptopsfileserversprintersandprint serversateachfieldsitemanagedbytheICEOCIOITFieldOperationsBranch OWFPShasnotbeendesignatedamissionͲessentialsystem

bull ICECommunicationoverNetworksndashageneralsupportsystemthatprovides

supportfornetworkdevicesanddatacommunicationsthatemploythe




infrastructurethroughoutICEand287(g)sitesintheContinentalUnitedStates13 TheauthorizationboundaryforICECommunicationoverNetworksincludesICE OperationsmanagedswitchesfirewallsandintrusiondetectionsensorsICE CommunicationoverNetworkshasnotbeendesignatedamissionͲessential system

bull AcommunicationsurveillanceandanalysissystemthathelpsHSIstaffwith

intelligencegatheringandlivecollectionofdatainsupportofICErsquoslaw enforcementmissionSpecificallythesystemassembleshistoricaltelephone recordsmonitorstelephoneandInternetcommunicationsandpermits searchesofwarrantdatafromonlineprovidersThecommunicationsurveillance andanalysissystemmaybeinstalledandconnectedtotheICEnetwork infrastructureoronaseparatestandalonenetworkThishasnotbeen designatedamissionͲessentialsystem

bull AstandaloneelectronicsurveillancesystemthatispartofHSIrsquosundercover

operationsThesystemwhichisnotattachedtotheDHSOneNetwork interceptscellphonesvoicemailandvoicepagersaswellastraditional landlinetelephonesThesystemalsointerceptselectroniccommunicationsuch astextmessagesemailnonͲvoicecomputerandInternettransmissionsfaxes communicationsoverdigitalͲdisplaypagingdevicesandinsomecasessatellite transmissionsThesystemisauthorizedforuseinaccordancewithTitleIIIofthe OmnibusCrimeControlandSafeStreetsActof1968asamendedThishasnot beendesignatedamissionͲessentialsystem

13The287(g)programundertheImmigrationandNationalityActallowsastateandlocallaw enforcemententitytoenterintoapartnershipwithICEunderajointMemorandumofAgreementin ordertoreceivedelegatedauthorityforimmigrationenforcementwithintheirjurisdiction




AppendixD MajorContributorstoThisReport SharonHuiswoudDirector KevinBurkeAuditManager CharlesTwittySeniorAuditor StevenTsengITSpecialist CraigAdelmanReferencer




AppendixE ReportDistribution

DepartmentofHomelandSecurity Secretary DeputySecretary ChiefofStaff DeputyChiefofStaff GeneralCounsel ExecutiveSecretary DirectorGAOOIGLiaisonOffice AssistantSecretaryforOfficeofPolicy AssistantSecretaryforOfficeofPublicAffairs AssistantSecretaryforOfficeofLegislativeAffairs UnderSecretaryforManagement DHSCISO DHSCISOAuditLiaison CommissionerCBP CBPCIO CBPAuditLiaison DirectorICE ICECIO ICEAuditLiaison AdministratorTSA TSACIO TSAAuditLiaison ChiefPrivacyOfficer OfficeofManagementandBudget ChiefHomelandSecurityBranch DHSOIGBudgetExaminer Congress CongressionalOversightandAppropriationsCommitteesasappropriate


ADDITIONAL INFORMATION To view this and any of our other reports please visit our website at wwwoigdhsgov For further information or questions please contact Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov or follow us on Twitter at dhsoig OIG HOTLINE To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG Should you be unable to access our website you may submit your complaint in writing to

Department of Homeland Security Office of Inspector General Mail Stop 0305 Attention Office of Investigations Hotline 245 Murray Drive SW Washington DC 20528-0305

You may also call 1(800) 323-8603 or fax the complaint directly to us at (202) 254-4297 The OIG seeks to protect the identity of each writer and caller

Structure Bookmarks

Department of Homeland Security2IAgraveFHRIQVSHFWRUHQHUDO Audit of Security Controls for DHS Information Technology Systems at DallasFort Worth International Airport


Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov


ChiefInformationOfficer FROM RichardHarsche

Figure

ActingAssistantInspectorGeneral OfficeofInformationTechnologyAudits SUBJECT AuditofSecurityControlsforDHSInformationTechnology SystemsatDallasFortWorthInternationalAirport AttachedforyourinformationisourfinalreportAuditofSecurityControlsforDHS InformationTechnologySystemsatDallasFortWorthInternationalAirportWe incorporatedtheformalcommentsfromtheTransportationSecurityAdministration theUSCustomsandBorderProtectionandtheUSImmi

Figure

ConsistentwithourresponsibilityundertheInspectorGeneralActwewillprovide copiesofourreporttoappropriatecongressionalcommitteeswithoversightand appropriationresponsibilityovertheDepartmentofHomelandSecurityWewillpost thereportonourwebsiteforpublicdissemination PleasecallmewithanyquestionsoryourstaffmaycontactSharonHuiswoudDirector ofInformationSystemsDivisionat(202)254Ͳ5451 Attachment wwwoigdhsgov 2 OIGͲ14Ͳ132

P

Link

Figure

TableofContents ExecutiveSummary1 Background2 ResultsofAudit3 TSADidNotComplyFullywithDHSSensitiveSystemsPolicies


P

Link

Figure

FISMA FederalInformationSecurityManagementActof2002 GAO GovernmentAccountabilityOffice HSI HomelandSecurityInvestigations ICE USImmigrationandCustomsEnforcement ICS InfrastructureCoreSystem ISSO InformationSystemSecurityOfficer ISVM InformationSecurityVulnerabilityManagement IT informationtechnology LAN localareanetwork NOC NetworkOperationsCenter OCIO OfficeoftheCIO OIG OfficeofInspectorGeneral One

OIGͲ14Ͳ132

wwwoigdhsgov

Figure

ExecutiveSummary WeauditedsecuritycontrolsforDepartmentofHomelandSecurityinformation technologysystemsatDallasFortWorthInternationalAirportFourDepartment componentsmdashtheManagementDirectorateTransportationSecurityAdministration USCustomsandBorderProtectionandUSImmigrationandCustomsEnforcementmdash operateinformationtechnologysystemsthatsupporthomelandsecurityoperationsat thisairport Ourauditfocusedonhowthesecomponentshaveimplementedcomputer



P

Link

Figure

Background

Background

Wedesignedourauditsofinformationtechnology(IT)securitycontrolstoprovide seniorDepartmentofHomelandSecurity(DHS)officialswithtimelyinformationon whethertheyhadproperlyimplementedDHSITsecuritypoliciesatcriticalsitesOur programisbasedonDHSSensitiveSystemsPolicyDirective4300Aversion100which providesdirectiontoDHScomponentmanagersandseniorexecutivesregardingthe managementandprotectionofsensitivesystemsThisdirectiveandanassociated handb

bull

bull

OperationalControlsndashFocusonmechanismsprimarilyimplementedand

TR

executedbypeopleForexampleoperationalcontrolmechanismsinclude

TR

physicalaccesscontrolsthatrestricttheentryandexitofpersonnelfroman

TR

areasuchasanofficebuildingdatacenterorroomwheresensitive

TR

informationisaccessedstoredorprocessed

bull

bull

TechnicalControlsndashFocusonsecuritycontrolsexecutedbyinformation

TR

systemsThesecontrolsprovideautomatedprotectionfromunauthorized

TR

accessfacilitatedetectionofsecurityviolationsandsupportapplicationsand

TR

datasecurityrequirementsForexampletechnicalcontrolsincludeapassword

TR

systemwhichperformsanauthenticationprocess

bull

bull

ManagementControlsndashFocusonmanagingboththesysteminformation

TR

securitycontrolsandsystemriskThesecontrolsincludeperformingrisk

TR

assessmentsdevelopingRulesofBehaviorandensuringthatsecurityisan

TR

integralpartofboththesystemdevelopmentandprocurementprocesses

WeauditedsecuritycontrolsforITsystemsthatsupporthomelandsecurityoperations ofDHSManagementDirectorateTransportationSecurityAdministration(TSA) USCustomsandBorderProtection(CBP)andUSImmigrationandCustoms Enforcement(ICE)atDallasFortWorthInternationalAirport(DFW)AsaCategoryX airportDFWhasalargenumberofpassengerboardingsprocessingapproximately 58millionpassengers(158375passengersdaily)in20111 SeeappendixCforspecificdetailsofDHS

P

Link

Figure

ResultsofAudit TSADidNotComplyFullywithDHSSensitiveSystemsPolicies TSAdidnotcomplyfullywithDHSoperationaltechnicalandmanagement policiesforitsserversandswitchesoperatingatDFWSpecificallyphysical securityandenvironmentalcontrolsfornumerousTSAserverroomswere deficientAdditionallyTSAdidnothaveredundantdatatelecommunications linesprovidingservicetoitsDFWfacilitiesFurtherTSAhadnotdocumentedthe ITassetsorinterconnectionsrelatedto


3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


Figure1d Figure1e Figure1f Smartphone STIPEDSServerRoom STIPEDSServerCabinet Poweredbya withAccessfrom UsedforNonͲDHSstorage STIPRack BaggageConveyerBelt AccordingtotheDHS4300ASensitiveSystemsHandbookversion10 Controlsfordeterringdetectingrestrictingandregulatingaccessto sensitiveareasshallbeinplaceandshallbesufficienttosafeguard againstpossiblelosstheftdestructiondamagehazardousconditions firemalicious

P

Link

Figure

TSAhastakenactionstoresolvethesereporteddeficienciesAccordingtoTSA theairlineemployeesrsquoaccesstothetwoSTIPEDSserverroomshasbeen removedAdditionallyTSAhascreatedakeylockmanagementprocessfor theseSTIPEDSserverrooms HousekeepingandStorage TSAserverroomsandcommunicationsclosetscontainedexcessstorageitems paintandcleaningsuppliesDuringourfieldworkTSAstaffremovedpaintcans fromaFAMSlocationAdditionallytheSTIPEDSserverroomsco

Figure2a Figure2b Figure2c PaintCansinServerRoom DustCoveredSTIP TrashinSTIPEDS Workstation ServerRoom AccordingtotheDHS4300ASensitiveSystemsHandbook x Dustingofhardwareandvacuumingofworkareasshouldbeperformed weeklywithtrashremovalperformeddailyDustaccumulationinsideof monitorsandcomputersisahazardthatcandamagecomputer hardware Housekeepingandstoragevulnerabilitiesthatarenotmitigatedplaceatriskthe a

P

Link

Figure

reviewedshowedwarninglightssignalingthatthebatteryneededtobereplaced orthatthebatterywasbeingbypassed AccordingtotheDHS4300ASensitiveSystemsHandbook Electricalpowermustbefilteredthroughanuninterruptiblepower supply(UPS)systemforallserversandcriticalworkstationsSurge suppressingpowerstripsmustbeusedtoprotectallothercomputer equipmentfrompowersurges Electricalpowersupplyvulnerabilitiesthatarenotmitigatedplaceatriskthe availab

P

Link

Figure


Location

Location

Location



TR

OfficeofInspector General(OIG) Average

TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure3NonͲDHSHeaterinSTIPEDSRack AccordingtotheDHS4300ASensitiveSystemsHandbook

TR

x

Temperaturesincomputerstorageareasshouldbeheldbetween60and

TR

70degreesFahrenheit

TR

x

Humidityshouldbeatalevelbetween35percentand65percent

TR


RedundantDataTelecommunicationsServices TSAhadnotestablishedredundanttelecommunicationsservicesatitsCoppell facilityoratDFWSpecificallywhiletherewasadatatelecommunicationscircuit foreachserverroomattheCoppellfacilityandeachterminalatDFWTSAhad notconfiguredthesecircuitstoprovideredundancyAsaresultperformanceof missionactivitiesattheselocationswasvulnerabletodisruptionsintheeventof adatatelecommunicationscircuitfailure According

8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Redundantdatatelecommunicationsservicesvulnerabilitiesthatarenot mitigatedplaceatrisktheavailabilityofTSAdataForexampleifthereisa servicedisruptionontheonetelecommunicationslineITsystemsmaynotbe availableforTSArsquospassengerandbaggagescreeningprocesses AccordingtoTSAstaffTSAdetermineditisnotnecessarytoinstallredundant datacircuitsforeachoftheindividualcircuitsalreadyatDFWbecauseTSAhas seventelecommunicationsdatacircuitsprovidingc

P

Link

Figure

responseandinitiateincidentevaluationprocessestoaSTIPͲrelatedcomputer securityincident PatchManagement InDecember2013weobservedTSAstaffscanningtwoFAMSNetandsixICS serverslocatedatDFWforvulnerabilitiesThesetechnicalscansdetectedhigh vulnerabilitiesontheeightserversAdditionallyfouroftheservershadacritical vulnerabilityInadditionpatchinformationforsomevulnerabilitieswas publishedmorethanoneyearbeforethescanswereperformedFurthe

TSA Server Name

TSA Server Name

TSA Server Name

TotalNumber ofCritical Vulnerabilities


Total Numberof Highor CriticalCVEs3

DateofLast Vulnerability ScanReportto DHS

Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013

AccordingtoDHS4300ASensitiveSystemsHandbook Informationsecuritypatchesshallbeinstalledinaccordancewith configurationmanagementplansandwithinthetimeframeordirection 2ThescanningsoftwareprovidesadescriptionofthevulnerabilitiesSeveralCVEsmayhavethesame vulnerabilitydescriptionAdditionallythevulnerabilitymaynothaveanassociatedCVEsuchas ldquoAntiVirusSoftwareCheckrdquo 3AccordingtoNationalInstitut

P

Link

Figure

statedintheInformationSecurityVulnerabilityManagement(ISVM) message AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentO VulnerabilityManagementProgram Detailedvulnerabilityassessmentscanschedulesandresultsmustbe providedtotheDHSVulnerabilityManagementBranchinordertosatisfy FederalInformationSecurityManagementActrequirementsfor enterpriseͲwidesecuritysituationalawarenessofassetsandrisks FurtherTSAwasnotscanningforvulnerabilitieson

P

Link

Figure

systemsAccordingtoTSAiftheSTIPsoftwareoraTSAscreenerdetermines thatanindividualbagisnotconsideredhazardoustheSTIPEDSdevicesendsa signaltothebaggagehandlingsystemtoallowthebagtocontinueontothe baggagehandlingsystemAdditionallytheSTIPsystemsecurityplanwhichisa securityauthorizationprocessdocumentdidnotdescribetheserversswitches andworkstationsassociatedwiththesystem AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentN

P

Link

Figure

Recommendation2 Determinewhetheritisnecessaryandcosteffectivetoestablishredundantdata telecommunicationsservicesatTSArsquosCoppellfacilityandDFWterminal locations Recommendation3 EstablishaprocesstoreportSTIPcomputersecurityincidentstoTSASOC Recommendation4 ScanTSAserversannuallyandresolveidentifiedvulnerabilitieswithinthe timeframeordirectionstatedintheInformationSecurityVulnerability ManagementmessagepublishedbyDHSSOC

P

Link

Figure

recommendations13through5and7Weconsiderthese recommendationsresolvedbutopenpendingverificationofplannedactions Recommendation1 TSAconcurredandinitiatedaprojectatDFWin2013toreplacefailingUPS devicesTSAhasremediationplanstoresolvetheelectricalsupplydeficiency TheremainingsixUPSswererefreshedAdditionallyFAMS temperaturehumiditysensorsareinplaceandfunctionalDocumentation illustratingremediationofseveralhousekeepingconcern

14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Recommendation4 TSAconcurredwiththisrecommendationAccordingtoTSAserversarescanned onamonthlybasisandtheresultsordatafeedsaresubmittedtotheDHS VulnerabilityManagementBranchEvidenceofreportscanbeprovidedas requestedTSAsupportstheDHSInformationSecurityVulnerability ManagementprogrambyresolvingvulnerabilitiesasdirectedbyDHSSOCto AlertsandBulletinsAdditionallyTSArequestedthatOIGconsiderthis recommendationresolvedandclosed Howev

P

Link

Figure

HoweverduringtheauditTSAprovideddocumentationthattheseconnections dooccurThedocumentationdetailsthetypesofconnectionsbetweenSTIPEDS andtheBaggageHandlingSystemaswellasthedatatransmittedbetweenthe twosystemsWeconsiderthisrecommendationunresolvedandopenitwill remainunresolvedandopenuntilTSAprovidesacorrectiveactionplan Recommendation7 TSAconcurredwiththisrecommendationAccordingtoTSAtheSTIPEDSserver andendpointinventorywi

P

Link

Figure


Hardware locks




Location

Location

Location

Recommended Temperature 60ndash70DegreesFahrenheit

RecommendedHumidity 35ndash65

OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53

AccordingtoCBPofficialsrepairsweremadetotheairconditioneratthePort OfficeserverroomresolvingthisdeficiencyAdditionallybaseduponarequest byCBPtheDFWAirportAuthorityresolvedthetemperaturedeficiencyinthe ConcourseDserverroomFurtherCBPisworkingwithDFWAirporttoestablish monitoringandalertingfortemperaturesthatfalloutsideestablishedranges

17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

AccordingtotheDHS4300ASensitiveSystemsHandbook x Temperaturesincomputerstorageareasshouldbeheldbetween60and 70degreesFahrenheit x Humidityshouldbeatalevelbetween35percentand65percent Hightemperaturescandamagesensitiveelementsofcomputersystems ThereforeCBPshouldmonitorandadjusttheserverroomaccordingly TechnicalControlsmdashPatchManagement InOctober2013weobservedCBPstaffscanserverslocatedatDFWfor vulnerabilities5Thesetechnic

CBP Server Name

CBP Server Name

CBP Server Name

TotalNumberof Critical Vulnerabilities




Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013

AccordingtoDHS4300ASensitiveSystemsHandbook Componentsshallmanagesystemstoreducevulnerabilitiesthrough vulnerabilitytestingandmanagementpromptlyinstallingpatchesand eliminatingordisablingunnecessaryservices Servervulnerabilitiesthatarenotmitigatedplaceatrisktheconfidentiality integrityandavailabilityofCBPdataTheserisksallowarbitrarycodeexecution onCBPrsquosinformationsystems 5Accordingt

P

Link

Figure

DuringthecourseofourauditCBPtookactionstocorrectmanyoftheidentified vulnerabilitiesForexampleCBPremovedserver4fromthenetworkand installedthenecessarypatchestoresolvethecriticalvulnerabilitiesexceptfor onethatCBPconsidersalsquofalseͲpositiversquoAccordingtoCBPstaffthisfalseͲ positivewastheresultofthescanningsoftwarenotproperlyidentifyingthe versionofthetargetsystem ManagementControls CBPrsquosimplementationofmanagementcontrolsforsyst

P

Link

Figure

waiver AccordingtoDHS4300ASensitiveSystemsHandbook AnISSOshallbedesignatedforeveryinformationsystemandserveas thepointofcontactforallsecuritymattersrelatedtothatsystem Componentsshallensurethatauditlogsarerecordedandretainedin accordancewiththeComponentrsquosRecordScheduleorwiththeDHS RecordsScheduleAtaminimumaudittrailrecordsshallbemaintained onlineforatleastninety(90)daysAudittrailrecordsshallbepreserved foraperi

P

Link

Figure

Recommendation11 StoremaintainandreviewasrecommendedbytheDHS4300ASensitive SystemsHandbook

x x

x x


ManagementCommentsandOIGAnalysis

WeobtainedwrittencommentsonadraftofthisreportfromtheAssistant DirectorDepartmentalGAOOIGAuditLiaisonWehaveincludedacopyofthe commentsintheirentiretyinappendixBDHSconcurredwithrecommendations 8through11andhasalreadytakenactionstoresolvereporteddeficiencies Weconsidertheserecommendationsresolvedbutopenpendingverificationof plannedactions Recommendation8 CBPconcurredwiththisrecommendationCBPcorrectedthetemperatureinthe D

P

Link

Figure

Recommendation10 CBPconcurredwiththisrecommendationCBPplanstoprovideISSOdutiesto WFPSinitiallythroughexistingISSOresourceswhileacontractISSOisaddedto theexistingcontractOtheroptionsarebeingreviewedrelatedtoWFPS boundariesTheestimatedcompletiondateisNovember302014 CBPrsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilCBPprovides documentationtosupportthattheplannedco

P

Link

Figure

OperationalControls ICEserverroomsandcommunicationsclosetsatDFWandSACDallasOfficewere cleanandwellmaintainedHoweveronsiteimplementationofoperations controlsdidnotconformfullytoDHSpoliciesForexamplethetemperaturein theDFWserverroomwasnotwithinthetemperaterangeasrecommendedby theDHS4300ASensitiveSystemsHandbookAdditionallytheICEsiteatDFWdid nothaveredundantdatatelecommunicationscapabilitytoavoidsinglepointsof failure Environ

Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading

SACDallasServer Room


738

69

383

51

DFWStorageArea ServerCabinet


775

NoSensor

425

NoSensor

AccordingtotheDHS4300ASensitiveSystemsHandbook

TR

x


TR

70degreesFahrenheit

TR

x


8WemeasuredtheaveragetemperaturefortheSACDallasServerRoomas728degreesFahrenheit Howevertheheatingventilationandairconditioning(HVAC)systemwasmomentarilyshutoffto facilitatetheauditteamsitevisitaccountingforthetemperaturevariation wwwoigdhsgov 23 OIGͲ14Ͳ132


P

Link

Figure

TheaveragetemperaturefortheDFWareacontainingtheICEservercabinetdid notmeetDHStemperaturerequirementsat775degreesFahrenheitFurther ICEdidnothavetemperatureorhumiditysensorspresentintheroom AccordingtoICEstaffthetemperatureintheDFWstoragearealocationwhere theservercabinetislocatedwasmanagedbytheDFWAirportBoard Hightemperaturescandamagesensitiveelementsofcomputersystems ThereforeICEshouldmonitorandadjusttheserverroomtemper

P

Link

Figure

TechnicalControls ICEimplementationoftechnicalcontrolsforsystemsoperatingatDFWdidnot conformfullytoDHSpoliciesForexampleidentifiedvulnerabilitiesonICE serverswerenotbeingresolvedinatimelyfashionAlsoICEwasnotregularly scanningforvulnerabilitiesonICEHSIserversatDFWFurtheraninsecure communicationsprotocolwasavailableonanICEserver PatchManagement InOctober2013weobservedICEsecurityoperationscenterstaffperforma vulnerabili

ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported

AccordingtotheDHSSensitiveSystemsPolicyDirective4300A Componentsshallmanagesystemstoreducevulnerabilitiesthrough vulnerabilitytestingandmanagementpromptlyinstallingpatchesand eliminatingordisablingunnecessaryservices wwwoigdhsgov 25 OIGͲ14Ͳ132

P

Link

Figure

AccordingtoDHS4300ASensitiveSystemsHandbookAttachmentO VulnerabilityManagementProgram Detailedvulnerabilityassessmentscanschedulesandresultsmustbe providedtotheDHSVulnerabilityManagementBranchinordertosatisfy FederalInformationSecurityManagementActrequirementsfor enterpriseͲwidesecuritysituationalawarenessofassetsandrisks Servervulnerabilitiesthatarenotmitigatedcouldcompromisethe confidentialityintegrityandavailabilityofICEdataIfthe

P

Link

Figure

Proactivevulnerabilityscanningallowsforeffectivecountermeasuresfor improvingsecurityleadstofasterdetectionofvulnerabilitiesandreduces damagetobreachedsystemsAstheelectronicsurveillancesystemisnot connectedtotheDHSOneNettheprotectionofsensitivelawenforcementdata maybeatriskiftheserversarenotregularlyscannedforvulnerabilities InsecureCommunicationsProtocol AccordingtotheOctober2013vulnerabilityassessmentscanstheOCIOserver atDFWwa

P

Link

Figure

officialsreportedthattheywereimplementingtherecommendationand includedthecommunicationsanalysisandsurveillancesoftwareaspartofthe ICESubpoenaSystemsecurityplanHoweverICErsquosplanforinclusionofthe communicationsanalysisandsurveillancesoftwareintotheICESubpoena SystemsecurityplanislimitedtosoftwareICEofficialsdonotconsiderthe physicalserversaspartoftheICESubpoenaSystemAccordinglythe communicationsanalysisandsurveillanceserversarenotpart

Figure5AnHSICommunicationsAnalysisandSurveillanceSystemServerandOCIO ServersintheSameRack

28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

AccordingtotheDHSSensitiveSystemsPolicyDirective4300A EveryDHScomputingresource(desktoplaptopserverportable electronicdeviceetc)shallbeindividuallyaccountedforaspartofa FISMAͲInventoriedinformationsystem ICEofficialsreportedtakingstepstoincludethesurveillancesystemsserversas partofrecognizedFISMAͲinventoryInadditiontothephysicalserversforthe communicationsanalysisandsurveillancesystemthestandaloneelectronic surveillancesystemwill

P

Link

Figure

Recommendation17 ScantheICEserversattheSACDallassitesannuallyincludingHSIsystems separatedfromDHSOneNet Recommendation18 Useaconnectionprotocolthatemployssecureauthenticationordisable unnecessaryportsfromtheserver Recommendation19 IncludetheHSIsurveillancesystemserversinarecognizedFISMAͲinventoried system ManagementCommentsandOIGAnalysis WeobtainedwrittencommentsonadraftofthisreportfromtheAssistant DirectorDepar

P

Link

Figure

Recommendation13 ICEconcurredwiththisrecommendationICEHSIplanstoreviewthepotential missionbusinessimpactiftheSACDallasFacilitylosesconnectivityAriskͲbased decisiontoestablishredundantdatatelecommunicationswillbemadeafterthe analysisiscompleteTheestimatedcompletiondateforthisrecommendationis December312014 ICErsquosactionssatisfytheintentofthisrecommendationWeconsiderthis recommendationresolvedbutitwillremainopenuntilICEprovides

P

Link

Figure

Recommendation16 ICEconcurredwiththisrecommendationAnongoingscheduleforscanning OCIOWorkstationswithFileandPrintServers(OWFPS)OrganizationalUnitsona monthlybasiswhichincludesSACDallasandDFWhasbeendevelopedand implementedResultsofthescansareprovidedinICErsquosmonthlyreporttothe DHSvulnerabilityManagementBranchEvidenceofreportscanbeprovided separatelyA6ͲmonthforecastedVulnerabilityAssessmentTestscanschedule wascreatedandimplemented

P

Link

Figure

Recommendation18 ICEconcurredwiththisrecommendationTheunsecureprotocoltelnetwasa defaultsettingfortheremoteadministrationaccessthathadnotbeendisabled OWFPSISSOsubmittedarequesttomanuallydisabletelnetontheSACandDFW serversICESOCranscansonDecember162013andvalidatedthattheissue wasremediatedICEprovidedscanresultstoOIGonDecember162013andthis remediationwasnotedintheauditreportICErequestedthatOIGconsiderthis recommendat

P

Link

Figure

AppendixA ObjectivesScopeandMethodology TheDepartmentofHomelandSecurityOfficeofInspectorGeneralwasestablishedby theHomelandSecurityActof2002(PublicLaw107Ͳ296)byamendmenttotheInspector GeneralActof1978Thisisoneofaseriesofauditinspectionandspecialreports preparedaspartofouroversightresponsibilitiestopromoteeconomyefficiencyand effectivenesswithintheDepartment Thisauditispartofaprogramtoauditonanongoingbasistheimplemen


P

Link

Figure

basisforourfindingsandconclusionsbaseduponourauditobjectivesWebelievethat theevidenceobtainedprovidesareasonablebasisforourfindingsandconclusions baseduponourauditobjectives WeappreciatetheeffortsofDHSmanagementandstafftoprovidetheinformationand accessnecessarytoaccomplishthisreviewTheprincipalOIGpointsofcontactforthe auditareRichardHarscheActingAssistantInspectorGeneralforInformation TechnologyAudits(202)254Ͳ4100andSharonHu

P

Link

Figure

AppendixB

AppendixB

ManagementCommentstotheDraftReport

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

AppendixC DHSActivitiesatDallasFortWorthInternationalAirport ManagementDirectorate TheManagementDirectoratersquosOfficeoftheChiefInformationOfficerprovides connectivityforDHScomponentsatDFWthrough


bull

bull

DHSOneNetndashprovidesnetworkcommunicationsfortheDHSsensitivebut

TR

unclassifiedenvironmentTheDepartmentrsquosgoalfortheDHSOneNetisto

TR

facilitatetheabilityofDHScomponentstosharedatabyintegratingcomponent

TR

networksintoasharednetworkinfrastructuretoincludenetworkoperations

TR

securityoperationsarchitectureandmanagementDHSOneNetsupports

TR

communicationandinteractionamongmanyorganizationalentitieswithinand

TR

outsideofDHSandhasbeendesignatedasaDHSmissionͲessentialsystemto

TR

performoneormoreofthecomponentsrsquomissionͲessentialfunctions

DHSOneNetequipmentatDFWlocationsislocatedwithinTSACBPandICEfacilities

Wedidnotidentifyoperationaltechnicalormanagementcontroldeficienciesrelated toDHSOneNetequipment TransportationSecurityAdministration TSArsquosactivitiesincludescreeningpassengersandbaggageondepartingflightsatDFW TosupporttheseactivitiesTSAhasoperationsineachoftheDFWterminalsandata nearbyofficebuildingWeauditedITsecuritycontrolsatthefollowingTSAlocations bull OfficeoftheFederalSecurityDirectorCoppellTX bull OfficeofFAMSCoppell

42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

pathwaytothirdͲpartyandgovernmentnetworkssuchasthoseusedbyDHS



TSAtheFederalAviationAdministrationandotherStateandlocallaw


enforcemententitiesFAMSNethasbeendesignatedamissionͲessentialsystem


bull

bull

ICSndashprovidescoreservicesincludingfileandprintservicestotheentireTSA

TR

usercommunityInfrastructureCoreSystemhasbeendesignatedamissionͲ

TR

essentialsystem

bull

bull

STIPndashcombinesmanydifferenttypesofcomponentsincludingtransportation

TR

securityequipmentserversandstoragesoftwareapplicationproductsand

TR

databasesAuserphysicallyaccessesthetransportationsecurityequipmentto

TR

performscreeningorotheradministrativefunctionsSTIPͲenablementof

TR

transportationsecurityequipmentencompassesExplosiveTraceDetectorsEDS

TR

AdvancedTechnologyXͲrayAdvancedImagingTechnologyandCredential

TR

AuthenticationTechnologyTSArsquosOSCistheownerofSTIPSTIPhasnotbeen

TR

designatedamissionͲessentialsystem

bull

bull

TSANetndashprovidesconnectivityforairportsandtheirusersTSANetconsistsofa

TR

geographicallydispersedwideͲareanetworkandeachsitersquosLANThenetworkis

TR

connectedtotheDHSOneNetandhasbeendesignatedamissionͲessential

TR

system

USCustomsandBorderProtection

AtDFWCBPpersonnelstaffupto45primarypassengerlanesreviewflightdatafor terroristrelatedactivitiescollectdutiesandwhenCBPdiscoversaviolationoflaw assessfinesandcivilpenaltiesAdditionallyCBPstaffatnearbylocationsuseITassets toperformcargomanifestreviewandtargetingaswellasoutboundpassengerreview andtargeting WeauditedITsecuritycontrolsatthefollowingCBPlocations bull PortOfficeofDallasDallasFortWorthTX bull DFWConcourseD

P

Link

Figure

toprovideapplicationservicestoCBPfieldofficesTheSouthwestFieldLAN



boundaryspanstheSouthwestandEastTexasOfficeofInformationTechnology


FieldSupportRegionstoincludeArizonaNewMexicoTexasandOklahomaThe


SouthwestFieldLANhasbeendesignatedamissionͲessentialsystem


bull

bull

CBPNOCndashmaintainstheperformancemanagementandadministration

TR

capabilitiesoftheCBPcorenetworkandCBPfieldsitelocationsandthe

TR

underlyingsupportingenvironmentInadditionCBPNOCdeploysandmaintains

TR

anetworkmanagementsystemandasuiteofnetworkdevicesthatcollectand

TR

reportrealͲtimeinformationonthenetworkFurtherCBPNOCsystemenforces

TR

authorizationsforcontrollingtheflowofinformationwithinthesystemand

TR

betweeninterconnectedsystems(DHSOneNetandCBPFieldSites)in

TR

accordancewithCBPDHSSensitiveSecurityPolicyCBPNOChasbeen

TR


TR

x

Windows7PCClient61ndashusedastheWindows7standarddesktopimagefor

TR

CBPworkstationsTheimagedoesnotstoreanypersonallyidentifiable

TR

informationTheWindows7PCClient61consistsofasetofstandard

TR

configurationstobuildtheclientforWindows7installtheapplicationsoftware

TR

andconfigurethesystemaccordingtoDHSandCBPtechnicalstandards

TR

Windows7PCClient61hasnotbeendesignatedamissionͲessentialsystem

TR

bull

bull

WFPSndashprovidesCBPwithfileandprintingservicesusingtheMicrosoftWindows

TR

Server2008x64platformWFPShasnotbeendesignatedamissionͲessential

TR

system

bull

bull

TECSndashsupportsenforcementandinspectionoperationsforseveralcomponents

TR

ofDHSandisavitaltoolforthelawenforcementandintelligencecommunities onthelocalStatetribalandFederalGovernmentlevels12TECScomprises

TR

severalsubsystemsthatincludeenforcementinspectionandintelligence

TR

recordsrelevanttotheantiterroristandlawenforcementmissionofCBPandthe

TR

otherFederalagenciesitsupportsTECShasbeendesignatedamissionͲessential

TR

system

12FormerlyknownastheTreasuryEnforcementCommunicationsSystemTECSisnolongeranacronym (effectiveDecember192008)andisprincipallyownedandmanagedbyCBP wwwoigdhsgov 44 OIGͲ14Ͳ132


P

Link

Figure

USImmigrationandCustomsEnforcement ICEsOfficeofSACDallasTexasisresponsiblefortheadministrationandmanagement ofinvestigativeandenforcementactivitieswithinitsgeographicalboundariesWithin theSACDallasofficetheHSIAirportGroupisresponsiblefortheidentification disruptionanddismantlementoftransnationalcriminalorganizationsattemptingto exploitvulnerabilitieswithintheairtransportationsystematDFWTheHSIAirport GroupsareasofconcernatDFWin

TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x

humansmugglingtrafficking

TR

x

sexualtourism

TR

x

insiderthreatand

TR

x

thetheftandtraffickingofculturalheritageandart

TheHSIAirportGroupalsocoversinvestigationsfortheAddisonAllianceLoveField MeachamandMcKinneyairportsaswellassmallergeneralaviationlandingfieldsand facilitieswithintheHSIDallasareaofresponsibility WeauditedITsecuritycontrolsatthefollowingICElocations x DFWInternationalAirportGroupfacilityDFWTerminalD x SACDallasOfficeIrvingTX ICEstaffattheselocationsusethefollowingsystems bull OWFPSndashprovidesworkstationlaptopprintservice

P

Link

Figure

infrastructurethroughoutICEand287(g)sitesintheContinentalUnitedStates13 TheauthorizationboundaryforICECommunicationoverNetworksincludesICE OperationsmanagedswitchesfirewallsandintrusiondetectionsensorsICE CommunicationoverNetworkshasnotbeendesignatedamissionͲessential system bull AcommunicationsurveillanceandanalysissystemthathelpsHSIstaffwith intelligencegatheringandlivecollectionofdatainsupportofICErsquoslaw enforcementmissionSpecifically

P

Link

Figure

AppendixD MajorContributorstoThisReport SharonHuiswoudDirector KevinBurkeAuditManager CharlesTwittySeniorAuditor StevenTsengITSpecialist CraigAdelmanReferencer wwwoigdhsgov 47 OIGͲ14Ͳ132


P

Link

Figure

AppendixE ReportDistribution DepartmentofHomelandSecurity Secretary DeputySecretary ChiefofStaff DeputyChiefofStaff GeneralCounsel ExecutiveSecretary DirectorGAOOIGLiaisonOffice AssistantSecretaryforOfficeofPolicy AssistantSecretaryforOfficeofPublicAffairs AssistantSecretaryforOfficeofLegislativeAffairs UnderSecretaryforManagement DHSCISO DHSCISOAuditLiaison CommissionerCBP CBPCIO CBPAuditLiaison DirectorICE ICECIO ICEAud


P

Link

ADDITIONAL INFORMATION To view this and any of our other reports please visit our website at wwwoigdhsgov For further information or questions please contact Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov or follow us on Twitter at dhsoig OIG HOTLINE To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) program

P

Link

P

Link

P

Link


Washington DC 20528 wwwoigdhsgov


ChiefInformationOfficer

FROM RichardHarsche ActingAssistantInspectorGeneral

OfficeofInformationTechnologyAudits SUBJECT AuditofSecurityControlsforDHSInformationTechnology

SystemsatDallasFortWorthInternationalAirport AttachedforyourinformationisourfinalreportAuditofSecurityControlsforDHS InformationTechnologySystemsatDallasFortWorthInternationalAirportWe incorporatedtheformalcommentsfromtheTransportationSecurityAdministration theUSCustomsandBorderProtectionandtheUSImmigrationandCustoms Enforcementinthefinalreport Thereportcontains19recommendationsaimedatimprovingsecuritycontrolsforthe departmentrsquosinformationsystemsYourofficeconcurredwith18ofthe recommendationsAsprescribedbytheDepartmentofHomelandSecurityDirective 077Ͳ01FollowͲUpandResolutionsforOfficeofInspectorGeneralReport Recommendationswithin90daysofthedateofthismemorandumpleaseprovideour officewithawrittenresponsethatincludesyour(1)agreementordisagreement (2)correctiveactionplanand(3)targetcompletiondateforeachrecommendation Alsopleaseincluderesponsiblepartiesandanyothersupportingdocumentation necessarytoinformusaboutthecurrentstatusoftherecommendation TheOIGconsidersrecommendation6asunresolvedandopenBasedoninformation providedinyourresponsetothedraftreportweconsiderrecommendations215 and18resolvedandclosedWeconsidertheotherrecommendationsinthisreportto beresolvedbutopenOnceyourofficehasfullyimplementedtherecommendations pleasesubmitaformalcloseoutrequesttouswithin30dayssothatwemayclosethe recommendationsTherequestshouldbeaccompaniedbyevidenceofcompletionof agreedͲuponcorrectiveactions PleaseemailasignedPDFcopyofallresponsesandcloseoutrequeststo OIGITAuditsFollowupoigdhsgovUntilyourresponseisreceivedandevaluatedthe recommendationswillbeconsideredopen









Appendixes


Abbreviations

























ResultsofAudit



































Average

TSA Reading

OIG Average

TSA Reading


Sensor 413 NoSensor


Sensor 549 NoSensor


Sensor 496 NoSensor



























TSA

Server Name


Vulnerabilities



CriticalCVEs3














































Hardware locks




Location



RecommendedHumidity

35ndash65 OIG

Average CBP

Reading OIG

Average CBP










CBP

Server Name


Vulnerabilities




DHS




































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link









Appendixes


Abbreviations

























ResultsofAudit



































Average

TSA Reading

OIG Average

TSA Reading


Sensor 413 NoSensor


Sensor 549 NoSensor


Sensor 496 NoSensor



























TSA

Server Name


Vulnerabilities



CriticalCVEs3














































Hardware locks




Location



RecommendedHumidity

35ndash65 OIG

Average CBP

Reading OIG

Average CBP










CBP

Server Name


Vulnerabilities




DHS




































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link























ResultsofAudit



































Average

TSA Reading

OIG Average

TSA Reading


Sensor 413 NoSensor


Sensor 549 NoSensor


Sensor 496 NoSensor



























TSA

Server Name


Vulnerabilities



CriticalCVEs3














































Hardware locks




Location



RecommendedHumidity

35ndash65 OIG

Average CBP

Reading OIG

Average CBP










CBP

Server Name


Vulnerabilities




DHS




































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link































Average

TSA Reading

OIG Average

TSA Reading


Sensor 413 NoSensor


Sensor 549 NoSensor


Sensor 496 NoSensor



























TSA

Server Name


Vulnerabilities



CriticalCVEs3














































Hardware locks




Location



RecommendedHumidity

35ndash65 OIG

Average CBP

Reading OIG

Average CBP










CBP

Server Name


Vulnerabilities




DHS




































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link
























TSA

Server Name


Vulnerabilities



CriticalCVEs3














































Hardware locks




Location



RecommendedHumidity

35ndash65 OIG

Average CBP

Reading OIG

Average CBP










CBP

Server Name


Vulnerabilities




DHS




































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link








































Hardware locks




Location



RecommendedHumidity

35ndash65 OIG

Average CBP

Reading OIG

Average CBP










CBP

Server Name


Vulnerabilities




DHS




































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link








CBP

Server Name


Vulnerabilities




DHS




































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link































Location


RecommendedHumidity

35ndash65 OIG

Average ICE

Reading OIG

Average ICE



















ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link













ICEServer Name





1 0 12192013

OCIO Server2

1 0 12192013

OCIO Server3

3 2 12192013

HSI Server1

4 2 NotReported





















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link


















11Ibid



























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link


























































































































Structure Bookmarks



Sect

Figure



Figure

Washington DC 20528

wwwoigdhsgov



Figure


Figure


P

Link

Figure



P

Link

Figure


OIGͲ14Ͳ132

wwwoigdhsgov

Figure




P

Link

Figure

Background

Background


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR


TR


bull

bull


TR


TR


TR



P

Link

Figure



3 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



P

Link

Figure



P

Link

Figure


P

Link

Figure


Location

Location

Location



TR


TSA Reading

OIG Average

TSA Reading

FAMSCoppell

FAMSCoppell

707

68

565

NoSensor

ICSCoppell

ICSCoppell

751

72

407

41

ICSSTIPTerminalB

ICSSTIPTerminalB

733

74

432

38

STIPTerminalBRoom2

STIPTerminalBRoom2

752

66

497

NoSensor

STIPTerminalA

STIPTerminalA

779

No Sensor

413

NoSensor

STIPTerminalCRoom1

STIPTerminalCRoom1

788

76

51

NoSensor

STIPTerminalCRoom2

STIPTerminalCRoom2

7873

75

578

NoSensor

STIPTerminalERoom1

STIPTerminalERoom1

848

No Sensor

549

NoSensor

STIPTerminalERoom2

STIPTerminalERoom2

776

75

541

59

STIPTerminalERoom3

STIPTerminalERoom3

769

83

506

NoSensor

STIPTerminalDRoom1

STIPTerminalDRoom1

756

No Sensor

496

NoSensor

STIPTerminalDRoom2

STIPTerminalDRoom2

758

No Sensor

420

NoSensor


7 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


TR

x


TR

70degreesFahrenheit

TR

x


TR



8 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


TSA Server Name

TSA Server Name

TSA Server Name





Server1

Server1

0

2

1

12192013

Server2

Server2

1

10

15

12192013

Server3

Server3

1

6

3

12192013

Server4

Server4

0

2

1

NotReported

Server5

Server5

1

9

14

NotReported

Server6

Server6

1

6

3

NotReported

Server7

Server7

0

2

2

12192013

Server8

Server8

0

1

1

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


14 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


Hardware locks




Location

Location

Location



OIG Average

CBP Reading

OIG Average

CBP Reading

ConcourseD

ConcourseD

738

NoSensor

4401

NoSensor

PortOfficeofDallas

PortOfficeofDallas

723

66

483

53


17 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


CBP Server Name

CBP Server Name

CBP Server Name





Server1

Server1

2

2

11

12192013

Server2

Server2

2

6

23

12192013

Server3

Server3

2

7

23

12192013

Server4

Server4

5

9

200

12192013

Server5

Server5

2

8

60

12192013


P

Link

Figure


P

Link

Figure


P

Link

Figure


x x

x x




P

Link

Figure


P

Link

Figure


Location

Location

Location



OIG Average

ICE Reading

OIG Average

ICE Reading



738

69

383

51



775

NoSensor

425

NoSensor


TR

x


TR

70degreesFahrenheit

TR

x




P

Link

Figure


P

Link

Figure


ICEServer Name

ICEServer Name

ICEServer Name






1

0

12192013

OCIO Server2

OCIO Server2

1

0

12192013

OCIO Server3

OCIO Server3

3

2

12192013

HSI Server1

HSI Server1

4

2

NotReported


P

Link

Figure


P

Link

Figure


P

Link

Figure



28 OIGͲ14Ͳ132

wwwoigdhsgov

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure


P

Link

Figure



P

Link

Figure


P

Link

Figure

AppendixB

AppendixB


36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

36 OIGͲ14Ͳ132

wwwoigdhsgov

37 OIGͲ14Ͳ132

wwwoigdhsgov

38 OIGͲ14Ͳ132

wwwoigdhsgov

39 OIGͲ14Ͳ132

wwwoigdhsgov

40 OIGͲ14Ͳ132

wwwoigdhsgov

Figure

Figure

Figure

Figure

Figure

41 OIGͲ14Ͳ132

wwwoigdhsgov

Figure



bull

bull


TR


TR


TR


TR


TR


TR


TR




42 OIGͲ14Ͳ132

wwwoigdhsgov

Figure








bull

bull


TR


TR

essentialsystem

bull

bull


TR


TR


TR


TR


TR


TR


TR


bull

bull


TR


TR


TR

system



P

Link

Figure










bull

bull


TR


TR


TR


TR


TR


TR


TR


TR


TR

x


TR


TR


TR


TR


TR


TR

bull

bull


TR


TR

system

bull

bull


TR


TR


TR


TR


TR

system



P

Link

Figure


TR

x

contrabandsmuggling

TR

x

currencysmuggling

TR

x

nationalsecurity

TR

x


TR

x

sexualtourism

TR

x

insiderthreatand

TR

x



P

Link

Figure


P

Link

Figure



P

Link

Figure



P

Link


P

Link

P

Link

P

Link

department of homeland security 2iÀfh ri … · department of homeland security ... dhs department...

Documents