U.S. Immigration Database Security

In September, the Inspector General of the Department of Homeland Security published a report on the security of the USCIS (United States Citizenship and Immigration Services) databases. It's called: "Security Weaknesses Increase Risks to Critical United States Citizenship and Immigration Services Database," and a redacted version (.pdf) is on the DHS website.

This is from the Executive Summary:

Although USCIS has not established adequate or effective database security controls for the Central Index System, it has implemented many essential security controls such as procedures for controlling temporary or emergency system access, a configuration management plan, and procedures for implementing routine and emergency changes. Further, we did not identify any significant configuration weaknesses during our technical tests of the Central Index System. However, additional work remains to implement the access controls, configuration management procedures, and continuity of operations safeguards necessary to protect sensitive Central Index System data effectively. Specifically, USCIS has not: 1) implemented effective user administration procedures; 2) reviewed and retained [REDACTED] effectively, 3) ensured that system changes are properly controlled; 4) developed and tested an adequate Information technology (IT) contingency plan; 5) implemented [REDACTED]; or 6) monitored system security functions sufficiently. These database security exposures increase the risk that unauthorized individuals could gain access to critical USCIS database resources and compromise the confidentiality, integrity, and availability of sensitive Central Index System data. [REDACTED]

Posted on December 8, 2005 at 7:38 AM • 13 Comments

Comments

Andre LePlumeDecember 8, 2005 9:39 AM

The first [REDACTED] is probably "audit logs", and the second could be "backups".

Wheeee! This is fun.

David WebbDecember 8, 2005 10:08 AM

Did some college kid wrote this "These database security exposures increase the risk that unauthorized individuals could gain access to critical USCIS database resources and compromise the confidentiality, integrity, and availability of sensitive Central Index System data." CIA in that order :)

RDecember 8, 2005 10:12 AM

Odd. Is it coincidence that certain words seem to always be redacted? I figure one of the recommendations is to implement encryption, but there seems to be a blanket redaction of this word. Or am I just seeing things? :)

Roy OwensDecember 8, 2005 10:21 AM

My take on this is that the government knows it should worry about database security, and this work is the result, officially documenting the concern, without really doing anything about it.

DHS, however, is not going to worry at all, except for this nominal sort of official hand-wringing. DHS has far too much power to worry about reality. They are having too much fun in their ruthless exercise of power.

Power corrupts, and it dements. That's human nature.

Nobody in DHS will accept being locked out of this tremendous mine of information, meaning DHS will have to grant accounts to everyone. However the defaults start, they will always creep stepwise toward wider access. Generosity will be rewarded with loyalty; stinginess will be punished. If you want your team on your side, chief, give them license to kill.

Has everyone already forgotten the discussion here of Laura J Heath's thesis on the Fleet Broadcasting System? Does anyone imagine that DHS is doing no worse than the Navy in 1967-1985?

AlQaeda has been making excellent use of the Internet, moreso than many high-tech for-profit corporations. If they did hire hackers or moles to mine the CIS for everything it has on their operations, would anyone in DHS catch on? If their agents have sufficient access, they could modify, replace, or invent data, very cleverly misinforming from the inside at the very core.

Who would catch them? Is anyone minding the store? My money says no.

Jon SowdenDecember 8, 2005 2:52 PM

David Webb: Did some college kid wrote this "These database security exposures increase the risk that unauthorized individuals could gain access to critical USCIS database resources and compromise the confidentiality, integrity, and availability of sensitive Central Index System data." CIA in that order"

The phrasing and terminology throughout the summary is pure ITIL.

Felix_the_MacDecember 8, 2005 3:17 PM

@Roy Owens:
"AlQaeda has been making excellent use of the Internet"

Were did you get that great bit of black propoganda?

jblDecember 8, 2005 3:53 PM

'The first [REDACTED] is probably "audit logs", and the second could be "backups".'

Or "audit trails" for the first one. not redacting footnote 2 is helpful!

Bruce SchneierDecember 8, 2005 4:06 PM

"The first [REDACTED] is probably 'audit logs,' and the second could be 'backups.'"

Look at the actual document. You can see how much space the redacted words take up.

jammitDecember 8, 2005 6:34 PM

@Felix_the_Mac

Were did you get that great bit of black propoganda?

Umm, the internet? I suggest giving google a hit. I have been to many of the pro al-Quaida websites. A few were possibly directly associated with al-Quaida themselves, just like the white supremacist websites are probably run by a white supremacist. Quite a few even allow you to "click here and sign up for your virgins" button.

ACDecember 8, 2005 8:59 PM

@jammit, Felix_the_Mac, Roy Owens

I read the original as a "well ... um ... duh?!?"

Or am I missing the continuous string of sarcasm?

RichDecember 9, 2005 10:06 AM

Only slightly related- My wife just had her citizenship interview. I was amused to see that digital cameras and cell phone cameras were not allowed in the building. I didn't see anything worth photographing. If you wanted a layout, you could get that pretty easily from memory. If one really wanted to take pictures, they could hide a camera in something else.

What was really funny to me though was the lack of provision for people who had cell phone cameras. The security guy told them to take them back to their car. During the 45min I was there, three people came in with camera phones, and no car. They came by bus or were dropped off by someone else. Security guy spent a good deal of time trying to tell them they had to take the phone back to their non-existent car, or call someone to pick it up. He finally let them just take the battery out. Leaving the phone with him was out of the question.

I was just glad he didn't make us all walk around barefoot...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..