GPO’s inspector general found the agency lacks security plans and procedures for ensuring that blank e-Passports — and their highly sought technologies — remain safe from terrorists, foreign spies, counterfeiters and other bad actors as they wind through an unwieldy manufacturing process that spans the globe and includes 60 different suppliers.
Despite years of concerns about the risks of stolen e-Passports, GPO “did not have a formal, agency-wide policy and related processes that would ensure security for the e-Passport supply chain,” the inspector general concluded in a March 31 investigative audit obtained by the Center.
-- snip --
The inspector general was particularly concerned that the lack of supply chain security left the United States vulnerable to potential interruptions of the e-Passport supply if even one of its key players was disabled by an attack, political unrest or natural disaster.
He also found that GPO gave misleading assurances in the past to Congress that its manufacturing process was fortified.
For instance, after lawmakers were surprised by a Washington Times report in early 2008 that some suppliers and contractors for the e-Passports were located overseas, the GPO declared in an April 9, 2008 letter to the House Energy and Commerce Committee that the agency had “taken all reasonable steps to assure that the production of and the supply chain for e‐Passports is secure.” Specifically, the agency insisted it had conducted top-of-the-line security audits.
The inspector general found those assurances to be false. “We were unable to find any documented evidence of the formal e‐Passport supply chain audit (security assessment) process noted by the Agency,” the inspector general stated flatly in the March report.
Somerset, the spokesman, said GPO and State Department officials were satisfied at the time of the letter with their security auditing and did not intend to mislead lawmakers.
"Did not intend to mislead." Oh. That makes all the difference.