Homeland Security. u.s. Department of Homeland Security Washington, DC April I, 2010

Similar documents
TECHNIQUES, AND PROCEDURES, AND OF MILITARY RULES OF ENGAGEMENT, FROM RELEASE UNDER FREEDOM OF

AGENCY: Transportation Security Administration (TSA), Department of Homeland

OFFICE OF THE DIRECTOR OF NATION At INTELLIGENCE WASHINGTON, DC 20511

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION. SUBJECT: DoD Information Security Program and Protection of Sensitive Compartmented Information

Department of Defense INSTRUCTION

NG-J2 CNGBI A CH 1 DISTRIBUTION: A 07 November 2013

DEPARTMENT OF HOMELAND SECURITY REORGANIZATION PLAN November 25, 2002

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release January 17, January 17, 2014

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE WASHINGTON I DC

Department of Defense DIRECTIVE. SUBJECT: Unauthorized Disclosure of Classified Information to the Public

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION. DoD Unclassified Controlled Nuclear Information (UCNI)

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

I. Preamble: II. Parties:

Department of Defense MANUAL

Department of Defense DIRECTIVE

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

DOD INSTRUCTION REGISTERED SEX OFFENDER (RSO) MANAGEMENT IN DOD

APPENDIX N. GENERIC DOCUMENT TEMPLATE, DISTRIBUTION STATEMENTS AND DOCUMENT DATA SHEET and THE IMPORTANCE OF MARKING DOCUMENTS

Department of Defense INSTRUCTION

Student Guide: Controlled Unclassified Information

July 22, Congressional Committees

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC

10-May-2010 (appeal)

6 USC 542. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

DOD DIRECTIVE INTELLIGENCE OVERSIGHT

Department of Defense DIRECTIVE

William Switzer, III, pursuant to 28 U.S.C. 1746, declares as follows: 1. I am the Federal Security Director ("FSD") appointed by the Transportation

PRIVACY IMPACT ASSESSMENT (PIA) For the

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION. International Transfers of Technology, Articles, and Services

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

Department of Defense DIRECTIVE. SUBJECT: Department of Defense Unclassified Controlled Nuclear Information (DoD UCNI)

Department of Defense MANUAL

1 LAWS of MINNESOTA 2014 Ch 250, s 3. CHAPTER 250--H.F.No BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Protection of Classified National Intelligence, Including Sensitive Compartmented Information

Overview of NC GangNET

UNDER SECRETARY OF DEFENSE 4000 DEFENSE PENTAGON WASHINGTON, D.C

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

List of Standing and Ad Hoc Groups and Committees, Office of Protective Operations, (Response to Request Number )

Department of Defense DIRECTIVE

SUBJECT: Directive-Type Memorandum (DTM) Law Enforcement Reporting of Suspicious Activity

Case 1:18-cv Document 1 Filed 03/08/18 Page 1 of 9 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

Attorney General's Guidelines for Domestic FBI Operations V2.0

May 27, RESOLUTION

For Immediate Release October 7, 2011 EXECUTIVE ORDER

9/2/2015. The National Security Exemption. Exemption 1. Exemption 1

Department of Defense MANUAL

(Revised January 15, 2009) DISCLOSURE OF INFORMATION (DEC 1991)

DEPARTMENT OF THE NAVY OFFICE OF THE SECRETARY 1000 NAVY PENTAGON WASHINGTON, DC

CHIEF NATIONAL GUARD BUREAU INSTRUCTION

DOD DIRECTIVE ASSISTANT TO THE SECRETARY OF DEFENSE FOR PUBLIC AFFAIRS (ATSD(PA))

Department of Defense DIRECTIVE. DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)

Reporting Period: June 1, 2013 November 30, October 2014 TOP SECRET//SI//NOFORN

s ~JF;!T;i;t i~ L,:_ ': ~. ~ ;;>.:: ; "...

Department of Defense INSTRUCTION

August Initial Security Briefing Job Aid

Department of Defense DIRECTIVE

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

December 21, 2004 NATIONAL SECURITY PRESIDENTIAL DIRECTIVE NSPD-41 HOMELAND SECURITY PRESIDENTIAL DIRECTIVE HSPD-13

Department of Defense DIRECTIVE

NUCLEAR REGULATORY COMMISSION [NRC ] Nuclear Regulatory Commission Insider Threat Program Policy Statement

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION. DoD Policy for Congressional Authorization and Appropriations Reporting Requirements

Department of Defense INSTRUCTION

Draft Revised: 4/19/2011 4:10:25 PM RESOLUTION NO.

Department of Defense INSTRUCTION. Access to and Dissemination of Restricted Data and Formerly Restricted Data

Supply Chain Risk Management

Department of Defense INSTRUCTION

Department of Defense DIRECTIVE. Inspector General of the Department of Defense (IG DoD)

Contains Nonbinding Recommendations. Draft Not for Implementation

Overview of the Act on the Protection of Specially Designated Secrets (SDS)

Subj: DISCLOSURE OF MILITARY INFORMATION TO FOREIGN GOVERNMENTS AND INTERESTS

(c) DoD Instruction of 11 March 2014 (d) SECNAVINST D (e) CNO WASHINGTON DC Z Apr 11 (NAVADMIN 124/11)

TWENTY BASIC RULES FOR PERSONNEL LEAVING THE ARMY RESTRICTIONS ON SEEKING EMPLOYMENT (BEFORE YOU LEAVE)

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD for NON-CHANNELERS

Department of Defense INSTRUCTION

Address: 62 Britton Street, London, EC1M 5UY, Great Britain Phone: +44 (0) Website:

VHA Privacy Policy Training FY VHA Privacy Office

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, D.C

Directive on United States Nationals Taken Hostage Abroad and Personnel Recovery Efforts June 24, 2015

Department of Defense DIRECTIVE

DEPARTMENT OF DEFENSE OFFICE OF FREEDOM OF INFORMATION 1155 DEFENSE PENTAGON WASHINGTON, DC

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC

Security Asset Protection Professional Certification (SAPPC) Competency Preparatory Tools (CPT)

PRIVACY IMPACT ASSESSMENT (PIA) For the

EXECUTIVE ORDER

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

REPORT ON COST ESTIMATES FOR SECURITY CLASSIFICATION ACTIVITIES FOR 2005

National Response Plan ESF #13 Public Safety and Security Annex & Terrorism Incident Law Enforcement and Investigation Annex

UTILIZING CANINE TEAMS TO DETECT EXPLOSIVES AND

Transcription:

u.s. Department of Homeland Security Washington, DC 20528 April I, 2010 Homeland Security Mr. Steven Aftergood Federation of American Scientists 1725 DeSales Street, NW, Suite 600 Washington, DC 20036 Re: DHS/OS/PRIV 10-0451/ Aftergood Dear Mr. Aftergood: This is the final response to your Freedom ofinformation Act (FOIA) request to the Department of Homeland Security (DHS), both dated and received in this office March 1,2010. You requested a copy of the Department's written response to a December 9, 2009 letter from Representative Peter King and two other members of the House Homeland Security Committee sent to Secretary Napolitano posing several questions about the Department's views concerning the inadvertent publication of a Transportation Security Administration manual on security screening of commercial airlines. In responding to a FOIA request, the DHSlPrivacy Office will search for responsive documents in its control on the date the search began. We began our search on March 4,2010. We are granting your request under the FOIA, Title 5 V.S.c. 552, as amended, and DHS' implementing regulations, 6 C.F.R. Chapter I and Part 5. After carefully reviewing the responsive documents, I determined that they are appropriate for public release. They are enclosed in their entirety; no deletions or exemptions have been claimed. Provisions ofthe FOIA allow us to recover part ofthe cost of complying with your request. In this instance, because the cost is below the $14 minimum, there is no charge. If you need to contact us about this request, please refer to DHS/OS/PRIV 10-0451. You may contact this office at 1-866-431-0486 or 703-235-0790. Enc1osure(s): 7 pages V,; nia T. Locke(r/ ~ /Associate Director, Disclosure & FOrA Operations

February 7, 2010 Secretary U.S. Departmellt of Homeland Security Washington, DC 20528 Homeland Security The Honorable Peter T. King U.S. House of Representatives Washington, DC 20515 Dear Representative King: Thank you for your December 9, 2009 letter regarding the Transportation Security Administration's (TSA) improper posting of an unclassified Standard Operating Procedures (SOP) document to the Federal Business Opportunities website. The Department of Homeland Security (DHS) takes this matter seriously and takes full responsibility forthe posting. The released document provides procedural information for managers and is not the SOP used by Transportation Security Officers (TSO) to screen members of the traveling public at airport checkpoints. TSA continually adjusts its SOPs and security protocols based on intelligence information and security testing. Out of an abundance of caution, however, we have undertaken a robust operational assessment of any potential vulnerabilities that this disclosure may have caused and have taken swift action to further prevent this information from being used to compromise our multi-layered security system. I have asked DHS's Inspector General to conduct a thorough investigation of this matter. Lastly, TSA has instituted more stringent safeguards for the control of its SOP docwnents to ensure Sensitive Security Information is not improperly released in the future. I have also asked the Deputy Secretary to chair a senior working group to conduct a Department-wide assessment of all public-facing websites in use by the Department. The assessment will be completed by the end of March and will include recommendations for strengthening both policy and procedures for posting infonnation into the public domain. Enclosed as a white paper are answers to the specific questions you posed in your letter. Thank you again for your letter. I hope to continue to foster a close working relationship with you on this issue and other homeland security matters. If you have any further questions, please do not hesitate to contact Chani Wiggins, Assistant Secretary for Legislative Affairs at (202) 447-5890. Representatives Bilirakis and Dent, who co-signed your letter, will receive separate, identical responses. Yours very truly, J:et~::::=- Enclosure www.dhs.gov

Answers to Questions from the December 9, 2009 Letter from Representatives King, Dent, and Bilirakis Regarding Aviation Security Screening Management Standard Operatinl! Procedures Posted on a Department of Commerce Website 1. Why was it necessary to post the Aviation Security Screening Management Standard Operating Procedures (Aviation Security Manual) on the Federal Business Opportunities website? Posting of contract solicitations to the Federal Business Opportunities website is required by the Federal Acquisition Regulation. Various information is required of prospective offerors to provide them with the ability to compete and submit meaningful, realistic proposals. Publication of this type of information is also made to ensure a fair, competitive acquisition that does not afford competitive advantage to incumbents. The released document, even following redactions, provided potential offerors information required to adequately understand checkpoint operations and thus submit proposals that could meet the government's actual requirements. 2. Are therelwere there similarly "redacted" documents designated as "Sensitive Security Information, II pursuant to sections 15 and 1520 of title 49, Code of Federal Regulations posted on the internet and what actions has the Department taken to verify the security of these documents? Have similar incidents been noted? As part of a Department-wide efficiency review, DRS has begun an initiative to examine information security program protocols related to sensitive but unclassified information. The Deputy Secretary, Under Secretary for Management and the Assistant Secretary for Policy are examining the Department's protocols related to information security. It is anticipated that the examination will include: all existing information security program policies and directives; a review of all the Department's information security program reports to analyze trends and identify repeat offenders; and a comprehensive examination of all existing information security program training requirements. In response to the posting of the Aviation Security Screening Management Standard Operating Procedures on the Department of Commerce website, the Transportation Security Administration (TSA) has performed a full agency-wide inventory of publicly accessible documents that may contain Sensitive Security Information (SS!) and is conducting regular web searches for SSI on other publicly available websites. During the course of this ongoing review, TSA found three additional documents thought to contain sensitive information on other government websites. One document contained three paragraphs of sensitive information, another contained two sentences, and it was later determined that the fmal document did not contain any sensitive material. TSA immediately removed the documents, none of which detailed airport procedures or Standard Operating Procedures (SOPs). The agency notified the Department of Rome land Security's (DRS) Inspector General and will December 2009 Page 1

continue to fully support an investigation. There is no security implication as none of the documents contained information related to current security procedures. 3. What policies or guidelines has the Department's Chief Security Officer put into place regarding redaction procedures for SSJ, PClJ, LES, FOUO, or other controlled unclassified information? Did TSA 'sfailed attempts to redact the sensitive security information in the Aviation Security Manual comply with such policies, if any? SSI is not classified national security information. It is a form of sensitive but unclassified information protected by Federal regulation (49 CFR Part 1520). The Screening Management SOP is designated as SSI under SSI regulation 49 CFR 1520.5(b)(9)(i), which provides that "[a]ny procedures, including selection criteria and any comments, instructions, and implementing guidance pertaining thereto, for screening of persons... that is conducted by the Federal government" constitute SST. The National Security Agency (NSA) issues guidance to all government agencies on proper redacting techniques. This applies to both classified information as well as to sensitive but unclassified information (FOUO, LE, SSI, etc.). The DRS Office of the Chief Security Officer disseminated this guidance on Tuesday, January 24,2006, to the Component Chief Security Officers and the Freedom ofinformation Act Office. The guidance is also posted on the Office of Security internal website. NSA has since released updated guidance which is also available. Additionally, the TSA SSI Branch reissued an office SOP in 2008 that detailed procedures for using Adobe Acrobat 7.0 for redacting SSI from documents. In the case of the Screening Manager's SOP that was released, the SSI Office's guidance was not followed. 4. What actions have the Department of Homeland Security, its agencies and directorates, and specifically the Secret Service, taken to identify the impacts of the release of this manual outside of the traditional aviation security missions? TSA contacted affected DRS Components, including the United States Secret Service, to notify and brief these entities concerning the release of the manual. These Components were provided with copies of the images disclosed to aid them in determining if mitigation considerations would be required. The preliminary response from these agencies is that there is currently no need to issue new credentials. Additionally, TSA contacted other affected agencies and entities to brief them on the topic. TSA has been informed that these agencies and directorates will make whatever security modifications are appropriate. 5. What actions are the Department of Homeland Security and the Transportation Security Administration taking to mitigate the threats posed by the release of this extraordinarily sensitive document? DRS, Office of the Chief Security Officer (OCSO), has established policy regarding the recognition, identification, and safeguarding of SSI. The policy, which is contained in DRS Management Directive 11056.1 "Sensitive Security Information" assigns responsibilities for the management of SSI materials and provides guidance on the storage, handling, December 2009 Page 2

transmission, and destruction of SSI materials. DHS also has the authority to conduct SSI reviews oftsa and will assess existing guidance to determine if security enhancements or procedural modifications are required. TSA immediately conducted a risk analysis and an impact assessment of each line of the SOP. TSA's multi-layered and integrated security system addressed most areas of concern. Out of an abundance of caution, additional mitigation strategies have been developed and are being implemented. In addition, TSA immediately notified our Federal Security Directors, stakeholders, and law enforcement partners ofthe SOP release and provided mitigation guidance. The TSA Office of Law EnforcementIFederal Air Marshal Service (F AMS) has conducted outreach with the affected agencies to notify them ofthe disclosure and provide them with copies of pertinent materials. The disclosed material contained images ofthe badges and/or credentials of members of the U.S. House of Representatives, the United States Senate, agents ofthe Bureau of Alcohol, Tobacco, Firearms and Explosives, the Central Intelligence Agency, and the F AMS. As previously noted, the affected agencies were provided with copies of the images disclosed to aid them in determining if mitigation considerations would be required. The preliminary response from these agencies is that there is currently no need to issue new credentials. These steps were taken to aid the affected agencies in identifying exposed vulnerabilities that may require mitigation efforts. Vulnerabilities potentially exposed to specialized screening for armed individuals are being mitigated by enhancements to identity verification requirements. Since July 15,2009, an enhanced identification verification process has been operational for state, local, territorial, and tribal law enforcement officers (LEOs) with an operational need to fly armed. These LEOs must pre-register travel by sending a National Law Enforcement Telecommunications System (NLETS) message to TSA in advance of travel. The NLETS message replaced the Original Letter of Authority, signed by the chief or agency head, required for state, local, territorial, and tribal LEOs. Once the NLETS message is received by TSA, an NLETS response message containing a unique eight-character alphanumeric identifier is returned to the agency for verification at the airport on the day of travel. This process provides TSA with the ability to confirm the traveler's identity and authorization to fly armed. An enhanced identification system for Federal law enforcement officers will be deployed in the near future. The enhanced identification verification processes for Federal and non-federal LEOs were not contained within the disclosed materials. 6. How has the Department of Homeland Security and the Transportation Security Administration addressed the repeated reposting of this security manual to other websites and what legal action, if any, can be taken to compel its removal? TSA took immediate steps to remove the security manual from the Federal website on which it had been posted. No action has been initiated by the agency to address reposting on other web sites. Under 49 C.F.R. Part 1520, TSA's current authority to assess civil penalties for the unauthorized disclosure of SSI and to demand its removal only extends to covered persons as defined by 49 C.F.R. 1520.7. TSA does have broad authority under 49 U.S.C. 401 1 3 (a) December 2009 Page 3

to issue orders necessary to carry out its functions, as well as general authority to issue civil penalties under 49 U.S.C. 46301 for failure to comply with its orders. These statutes do not provide specific authority to remedy the dissemination of SSI by noncovered persons. 7. Is the Department considering issuing new regulations pursuant to its authority in section 114 of title 49, United States Code, and are criminal penalties necessary or desirable to ensure such information is not reposted in the future'? TSA is considering issuing new regulations pursuant to its authority under section 114 oftitle 49. However, specific new statutory authority also would be necessary to provide enhanced legal support to pursue the full range of civil and criminal remedies against unauthorized dissemination of SSI by persons who are not covered persons as defined by 49 C.F.R. 1520.7. December 2009 Page 4

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback