The Department of Homeland Security has security problems with its Radio Frequency Identification (RFID) systems which could allow unauthorized access to sensitive data, according to a new Inspector General’s report.
Through these security lapses, someone could potentially swipe an unused RFID chip, program it into DHS’s own database, and have a legitimate-seeming border crossing document.
The inspector general’s office analyzed RFID security for DHS programs which currently use it, including US-VISIT, which places RFID tags in foreigners’ travel documents, and the Global Enrollment System and FAST, which are part of a trusted traveler border crossing program.
The report (PDF) found that while physical security controls over RFID systems were adequate, computer security processes were lacking which could allow unauthorized access or alteration of data in RFID system databases.
It also found that physical controls over unused and damaged RFID chips were inadequate.
The report cites a lack of proper planning for computer security in the programs’ development as a cause of the security lapses.
The inspector general recommended that DHS develop department-wide RFID security policies and implement information security procedures for RFID programs. DHS agreed with the recommendations.
Poor computer security also threatens the Transportation Workers Identity Credential program, according to an inspector general’s report released earlier this month.
A Homeland Security advisory committee has said that using RFID to track people has no national security benefit but threatens the privacy and security of the people so tracked.