Responding to a separate inquiry months later, a TSA representative told Network World the matter was the responsibility of the MWAA, adding that "airports are responsible for airport security."
The military specialist who initially reported the security risks to the TSA says the inconsistency with which the two agencies responded revealed some "operational gaps and seams." These weaknesses are what adversaries often target when trying to launch an attack, "because it's usually at your seams where you're the weakest, as far as your staff is concerned," the specialist says.
Furthermore, the specialist expressed concern in the lack of oversight and accountability involving the document. The MWAA and many other airport authorities across the country regularly post similar SOW documents to the Internet. This one happened to be published with sensitive electronic security information that TSA agents either deemed harmless or counted on civilians to report. The document, as a result, was not altered until civilians contacted the responsible party directly.
After this chain of events, the specialist says the TSA would likely be held responsible by the U.S. public in the event the vulnerabilities in the SOW had been exploited. In this case, the specialist says, security should trump jurisdiction.
"If something were to happen because of a breach of the security at the airfield itself that led to items or personnel being introduced to an aircraft or something happening, I think the majority of the U.S. population would point their finger at the TSA and not at the MWAA," he says. "I understand where they're coming from because, when you look at the charter of the TSA, I don't think any time they're responsible for the physical security or the infrastructure of the airport. But most people don't get that differentiation."
Sign up for Computerworld eNewsletters.