This is a guest post by Reggie Aftab, PMP, CSM, CSP, IT projects manager, TAPE team at Transportation Security Administration (TSA) Headquarters.
The Information Assurance and Cybersecurity Division (IAD) of the Transportation Security Administration (TSA) is the central office responsible for delivering information security services in the form of risk management, policy management, and information system security officer (ISSO) support. The goal is to ensure that IAD can deliver the information technology (IT) security services mandated by Federal security laws.
The TAPE team assists IAD with information security program management by supporting ISSOs with their assigned systems. We handle information security (keeping data secure from unauthorized users), risk (potential for loss or damage), and vulnerability (known weakness in a system that allows an attack to succeed).
We do this by:
- Conducting risk and vulnerability assessments of TSA information systems
- Testing for vulnerabilities to ensure continue security of TSA systems using antivirus software
- Viewing identified vulnerabilities and preparing information security vulnerability management (ISVM) reports for each system
- Creating plans of action and milestones (POA&Ms)
- Updating the cybersecurity plan based on security controls
- Preparing weekly cyber hygiene reports (checking for expiring certificates and dates, capturing screen shots, and highlighting the URLs and dates)
- Working with CACI engineers to ensure we close the identified vulnerabilities within 30 days
The specific process we follow looks like this:
- Request comes from ISSOs
- Request entered into Archer (database) tool as ISVMs
- Request entered into SCCM – a configuration management tool
- Create and implement 30-day POA&M to resolve the issue
- Once issue resolved, track in continuous monitoring logs / follow POA&Ms for ongoing vulnerabilities assessments
All the prepared data feeds into a monthly score card that shows cybersecurity risk levels of RED, YELLOW and GREEN to TSA senior management.
The main way TAPE is supporting TSA is through project management and program management (as well as assessments and penetration testing). In our first 90 days at TSA headquarters, I’ve been able to tap into my 17 years as a senior program manager, as well as my time working on mergers and acquisitions projects for banks. It was there that I picked up cybersecurity skills and learned how to use the Splunk security platform.
So what role does TAPE play in making it safer to fly? Our work helps secure and protect all the assets of the TSA – 70+ systems across the board, including TSANet, TSA’s primary IT conduit. We identify any defects in the systems and then work closely with the engineers from CACI to follow up and ensure those fixes so systems remain operational 24/7 without issues.
TAPE is also involved in building out the new TSA Data Center in Springfield, VA by helping to make sure to protect the new servers and systems from the beginning. Watch for a follow-up article about this exciting project.