As first reported in an exclusive from The Spectator, Committee on Homeland Security Chairman Mark E. Green, MD (R-TN) and Representative Dan Bishop (R-NC) are demanding answers from the Transportation Security Administration (TSA) on how a Switzerland-based cyber actor was able to access recent versions of the Federal Terrorist Screening Dataset, as well as a version of the No-Fly List. With full jurisdiction of TSA, the Committee will be conducting the necessary oversight to ensure the security of America’s transportation systems and the defense of civil rights and liberties.
In a letter to TSA Administrator Pekoske Chairman Green and Rep. Bishop wrote, “Based on this reporting, the Committee understands that as many as 1.5 million data entries, including names, dates of birth, and aliases of individuals prohibited from flying into, out of, within, or over the United States was accessed on an unsecure Amazon Web Services server belonging to CommuteAir, which operates flights exclusively for United Airlines across several major hubs in the United States, including Washington Dulles, Denver, and Houston.”
The Members continued, “Additionally, the hacker claimed they may have been able to exploit their access to the server to cancel or delay flights and even switch out crew members. If this were to be the case, the national security implications of this are alarming. As you are keenly aware, the transportation systems sector is one of 16 critical infrastructure sectors in the United States, ensuring the free movement of people and goods essential to the American economy and way of life. The notion that such a consequential database be left unsecure is a matter concerning cybersecurity, aviation security, as well as civil rights and liberties.”